Scenario: A Windows IIS server is installed on an IP, my subdomain points to that IP. The website works fine when I access it from on WiFi but as soon as I switch to the mobile data I get the ERR_SSL_PROTOCOL_ERROR.
I've added a binding, where I can access the website on PORT 400. I've checked the SSL as well on SSL Checker and everything is fine on that part.
I want the website to be accessible to the default https port. How can I achieve that?
Since the exact domain is not known I can only speculate about the cause of the problem.
But a common problem is that the site is configured for IPv4 but not properly configured for IPv6, even though it resolves to an IPv6 address. Mobile networks often use IPv6 while internet access using WiFi often uses only IPv4, which can explain the difference you encounter.
SSL checker only does rudimentary checks and checks only IPv4. Use SSLLabs instead which checks both IPv4 and IPv6 setups and also checks all visible IP addresses for the domain instead only a single one.
Related
I have a Bind DNS server on my local network to get *.home resolution, and a forwarders section for every other domains. I also have a local web server which serve some subdomains of *.mydomain.com from the outside, with my ISP box redirecting ports 80/443 to it.
But from any computer within my local network, if I try to access any of the *.mydomain.com address, the IP address returned is my public IP address and the ISP box doesn't redirect the request to my server. I used a workaround by adding the subdomains *.mydomain.com with the local IP address of the server in /etc/hosts on each local computer but it's not perfect since I have to change it if I move a computer to another network, plus I can't do this on my non-rooted Android devices.
The perfect solution would be to have my local DNS overrinding the DNS entries for *.mydomain.com with the local IP instead of the public one. I tried some Bind9 configurations for this, some using the "response-policy" directive, some without it, but in every case, I get the external IP ~50% of the time and I can't figure out why. This happens on every computer I use (some are on Ubuntu, some with Windows), also on my Android phones.
Using dig #mydns subdomain.mydomain.com return the local IP so I assume that the Bind configuration is OK, but dig subdomain.mydomain.com (or ping) doesn't always return the proper IP. I also tried to disable forwarders for the subdomain like this :
zone "mydomain.com" {
type master;
file "/etc/bind/db.mydomain";
forwarders {};
};
I flushed the DNS cache of my computers and there is no other DNS server on my network so I don't understand how this can happen. I also tried to log requests on the Bind server and I don't see requests with the external IP address returned (only those with the internal). So where did these requests go through ?
I finally found out what the problem was : my custom DHCP/DNS server was configured for IPv4 only, but my ISP box also provide IPv6 capabilities, so all the DNS requests from the devices on the network where sent on both protocols and half of the time, the request was answered by the ISP box instead of my custom DNS.
I disabled IPv6 for now and the problem is gone. I'll configure it for my custom server later.
I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi
I have a website that I'm running locally at localhost:8000. I'd like to access my site from other devices on my network. I've tried to visit the site via my computer's internal IP address via: 127.0.0.1:8000but this doesn't work. Is this possible?
Three most probable things:
Check if there is a network route between the client and the server machine (commands like PING and TRACERT will help);
Check if the server machine has a firewall. If it does, there must be a rule allowing (opening) connections through that port (8000) in TCP;
Most likely, the problem is one of the two above. If not, there's one last thing:
Make sure the web server (the one that serves localhost:8000) is bound to listen to all IP addresses (not only 127.0.0.1).
To know that, search for servername bind all ip addresses on google. E.g., for apache HTTPD, it'd be apache bind all ip addresses.
here is what I do in similar cases:
search rejetto hfs on google, it is single executable less than 1Mb size and download it into your server machine.
after starting it, follow menu->IP addresses. these are all your possible addresess on the server side.
these are your IP addresses to enter, and your port is 8000 as you mentioned.
most possible IP addresses you will find are in the format of following:
192.168.?.?
10.0.0.?
169.254.?.?
besided you will probably need to add a firewall rule for your server app.
Setup:
Two W2K3 machines in domain with IPv6 installed on both. App is on Machine #1.
What works with IE8:
Machine #2 can log into the app using IPv4 address (http://192.168.../app)
Machine #2 can log into the app using machine name (http://machine1name/app)
Machine #1 can log into the app using IPv4 address, machine name, and localhost.
Machine #1 can log into the app using local IPv6 address (without scope-id).
Machine #1 can log into the app using network IPv6 address (without scope-id).
What doesn't work with IE8, BUT works with Firefox:
Machine #2 can't log into the app using network IPv6 address of Machine #1 (with scope-id).
ORIGINAL ISSUE: I've tried to narrow down the problem. I can bring up the login page and enter my credentials. In code, I check Active Directory for authentication, and the user does get authenticated. However, the HttpContext.Current.User.Identity is never set. It should be set when I call RedirectFromLoginPage(username), and it is when Machine #2 uses IPv4 to access the app. However, when I use the IPv6 address, HttpContext.Current.User.Identity is always blank.
The authentication and application work fine when using IPv4, so I don't think it's a code issue, but not sure? Or is there some network/IE setting I need to adjust?
EDIT: Firefox with IPv6 and IE8 with IPv4 have no problem creating an authentication cookie. For some reason, IE8 with IPv6 cannot create the cookie, hence, the problem with RedirectFromLoginPage, which is supposed to create the cookie.
EDIT 2: The problem seems to be the % in the IPv6 address when using IE [ie. the scope-id]. For example, with Firefox, you can have the % in the address with no problem. With IE, if you are accessing an app locally using IPv6 (whether local or network IP), you can leave out the scope-id. However, when accessing an app on a network machine, you need the scope-id. And since
you have to encode the % with %25, that's where the problem is.
[ps. I know this question has a similar title, but it's not the same problem.]
Quite honestly, the best way to solve this is to not use link-local addresses as web endpoints. As you have discovered, this area of IPv6 is ill-defined.
I would recommend using static IPv6 addresses instead. Either that, or have your network administrator (you?) enable IPv6 router advertisements on your subnet so you can get "real" (not link-local) IPv6 addresses.
Note, you can still use "private" IPv6 space (like you're doing with 192.168.0.0/16 IPv4 addresses)
If you don't have a "real" IPv6 subnet, you could either use a /64 subnet numbered for 6to4 (which might be good if you have a real IPv4 address and you [eventually] want your hosts to participate on the "real" IPv6 internet) or get a unique local subnet to use.
Or just go for it and broker a 6in4 tunnel from a place like Hurricane Electric.
This should be easy step, but there is no guidance, and my installation is turning into a week-long nightmare.
How do i configure Wordpress on NAS so that the website I create is visible on public internet through my domain mysite.com?
At the moment, I can only access my website through http://192.168.1.169/wordpress/
This is pointless, since I won't be able to invite public into my house, just too see my website. So there has to be a better way....
ports 80/5000 on my router are enabled via Synology's EZ-internet app
WebStation has virtualhost defined that points to my mysite.com at no-ip.com
At no-ip. I defined as target MY IP, which I obtained by Googling "what's my public IP" from within my home network.
when i enter mysite.com in browser, I am prompted to login to my ROUTER?!?!?! Why? I should be seeing my website developed on my Synology NAS, and I am not!
I cannot believe there are no user guides for this! And I cannot believe that noone knows how to do this!
No Youtube videos, no forums, no answers???
Extremely frustrated....
You seem to have figured out the route just fine. If you're seeing the loginpage for your router, then two things may be happening:
Did you use http or httpS for your website address? The latter uses port 443 by default. I don't think you did, but I'll had to ask.
The router is currently configured to handle port 80 traffic for its logon page (which is scary in its own right; a router login page should not be accessible from internet). In this case the router should be configured to forward port 80 to port 80 on your Synology. Apparently EZ Internet did not do a good job configuring the port forwards for you, or the router is overriding these settings.
You would need to log into your router and find your wan ip. Then you substitute that into your address supplied above. 192.168.1.169 is an internal ip for your network.
This will only work though if you have set up port forwarding on your router to your NAS.
And port forwarding only works if you have assigned a static ip to your NAS using DHCP and your NAS mac address.
Also worth investigating is if your router provides a DMZ (de militarized zone). Putting your NAS in the DMZ can increase security for the rest of your network that you want to keep hidden.
A little late but maybe this still can help others.
step 1: Set your port forwarding right (like the above suggestions). Port 80 and 443 should be open on your router and forwarded to your (fixed) internal IP address of your NAS.
step 2: check with https://canyouseeme.org/ or a similar site if the ports are "really open". (was not the case for me when I checked)
step 3: enable webstation and check if you can access the web landing page of your Synology by entering your DNS (from outside your LAN)
if all this works there is an important
step 4: go to your Wordpress dashboard->settings->general
Adapt the site URL to use the DNS you have provided with "/wordpress" or another sub- domain.
Now you should be able to access it from outside
good luck