I have a raspberry pi connected to my router with a local IP. I want to access the raspberry pi from outside (from another country) the local network via web browser. So, I have purchased a VPS which has its public IP.
Now how can I assign this VPS IP to the raspberry pi or any other local devices?
how can I assign this VPS IP to the raspberry pi or any other local devices?
That's not how the internet works.
In short, the VPS provider has a pool of IPs and it or its ISP is responsible for publishing routes to the rest of the internet, informing the rest of the internet how to route to those IPs.
You can't just "move" the public IP to your local network; the rest of the internet won't route traffic to it. It would be kind of like writing "1600 Pennsylvania avenue" on the front of your house - you wouldn't cause you to get White House mail, right? Because regardless of what you write there, the post office doesn't use it as a source of truth for mail routing.
There's a few of the options you have:
use ngrok to expose an endpoint to your local service. Ngrok's servers can proxy connections back to your local environment without it having to be online. This will be accessible by anyone on the internet, but is more obscure than an ipv4 address which can and will be easily found (see below). This is a quick and easy solution, and what I'd recommend in your case.
you already have the VPS. Run the code there instead of on the raspberry pi. It will almost certainly be more reliable and higher speed than your home internet.
you also already have a public IP, assuming your pi's local router has a route to the internet. the router is performing NAT so that devices "behind" it with only internal addresses can still communicate with the world. You can almost certainly configure your router to forward a certain port to your pi's internal IP address.
set up a VPN between the private networks, or between the individual hosts on the private networks. This is a lot of work and will require more knowledge of IP networking. If this interested you, I'd recommend looking at Wireguard (recommended) or OpenVPN.
Finally, keep in mind that unless you do something to make it not the case, your service, once on a public IP, will be accessible from the wide world. Since IPv4 space is pretty small by 2022 standards, and there are only 65000 some IP ports per address, it won't take nefarious parts of the internet long to find your service. You can't hide in the obscurity of an IPv4 network.
If your public address is ipv6 instead, those are essentially unguessable and much more likely to go unnoticed. Same thing is true of ngrok - since it has very large set of potential URLs, it's hard to guess. Still, I'd set up some sort of authentication in front of the service. It's just good practice, like locking your house.
Run this on vps:
echo "GatewayPorts yes" >> /etc/ssh/sshd_config
And this on your raspberry pi:
ssh -L remote-port:localhost:your-local-port your-vps.com
You will access server using: your-vps.com:remote-port
Related
I have a router os installed on a virtual server, with 3 interfaces:
lan-192.168.1.1/24
wan-192.168.2.1/24
wifi-192.168.3.1/24
I have a PPOE client to connect over WAN to ISP and get static public IP
x.x.x.x
I have a windows server with DNS, HTTP services on LAN interface, and 1 wireless access point on WIFI interface.
I have created rules for block incoming connection from internet, except 80,53,...
I have created dst-nat from my public IP x.x.x.x to local server IP.
Another dst-nat from LAN to server LAN IP address.
Also SRC NAT to masqurade, LAN and WIFI connections to server.
Another SRC-NAT masqurade for access internet.
Also mikrotik DNS service used to get records and catch from my local server DNS service.
All things work good, until, I want create hotspot service on WIFI interface.
dynamic firewall filters and NATs destroy all things work.
Scenario is access WIFI users to internet by authentication and access local server locally and free.
Also internet access for lan users free.
Also public web access to my server from internet.
Thanks in advance!
NOTE: Skip to TLDR if you just want the direct answer.
This configuration has been made far more complicated than necessary. I'm going to write this up from memory because I don't have an unused router handy at the moment, but this should work.
I'm going to make some assumptions here:
You do not want anyone from the WAN or PPPoE to be able to reach your LAN.
You don't want anyone from the WIFI to be able to reach your LAN except for HTTP or DNS.
You FULLY intend to circle back once everthing is working and ENABLE HTTPS on your server. THIS IS IMPORTANT!!!
First, set up everything to work without restriction. No rules except for a single masquerade entry. You want to masquerade all traffic NOT destined for 192.168.0.0/16. This rules is all you will need. the DST-NAT rules are unnecessary unless you want to provide service to traffic on the PPPoE interface.
Next, add the following firewall rules under the FORWARD chain:
ACCEPT all Established and all Related traffic (no other restrictions).
ACCEPT FROM 192.168.3.0/24 TO TCP 80,53,443 destined for your Windows Server IP address.
ACCEPT FROM 192.168.3.0/24 TO ICMP destined your Windows Server IP address.
ACCEPT FROM 192.168.1.0/24 TO !192.168.0.0/16. This allows Internet access for the LAN.
ACCEPT FROM 192.168.3.0/24 TO !192.168.0.0/16. This allows Internet access for the WIFI.
DROP everything else.
Make sure everything still works. These basic rules will give you at least some protection on your LAN from random people connecting to your WIFI. This way, if you ever disable your Hotspot to allow unrestricted access through your Wifi, you're LAN is still protected.
* TLDR *
Now you can set up your hotspot. The most important part is on your Walled Garden IP list tab, under IP -> Hotspot. You must add entries here allowing access to whatever servers you want to function before someone logs on, specifically your server's HTTP, DNS, etc services. The Hotspot will translate these into automatically-created firewall rules for you.
Finally, I would remiss if I didn't tell you that this is not a complete firewall setup, and there's all sorts of stuff that can go wrong here if things are not implemented properly. My email is in my profile here if you are interested in paid assistance.
My friend wanted to connect to my computer using Remote Desktop Connection. But the problem is I am confused what my Ip address is.
My computer is connected to the internet via router via broadband internet network. My ip address is dynamic.
Here, my main purpose is not only the remote connection but also learning how dynamic ip connect to another pc.
I searched for ip address on Google. They show me an ip address. But I think it is not mine, it's related with the router or broadband network. I also find a WAN ip (it is different from that i found on google) on router settings. It did't work.
I used Team Viewer. It worked perfectly. But I want to do that manually because I am going to make a multiplayer game on GM8.
It will helpful if someone explain about ip and port forwarding.
Teamviewer is a great tool, but uses different techniques than what you plan to do. Teamviewer always uses an outgoing connection and use a mediator on the Internet to connect you and the other PC.
You should ask your Internet provider if he technically enables you to be reachable from the outside Internet. Often this is not possible at all, even if you configure your router the correct way.
When you ask this you can ask him if you have a static IP.
It seems you are not aware of basics of IP networking, so I'd strongly advise against trying this on your router as wrong settings would render it useless. But here's for your information how port forwarding and IP Address and dynamic DNS can be used to solve your problem.
Basically your ISP is likely to give you a router having an IP address. If this IP address is a global IP address, it is possible to connect to this IP from outside. How do you find out whether your IP address is global? Look for your WAN IP address setting. If it is in 10.x.x.x or 192.168.x.x range, it's unlikely to be global and in that case it might not be possible to connect to your computer from outside - without help of a third server (some kind of a registration server, where you connect and register your application). The Registration server would determine your globally visible IP address and then convey it to another Application who is interested in connecting to it. This is somewhat complicated to make it work (but if you intend to make a game - this is something you'd have to do regardless). This is mostly how software like TeamViewer would work.
If you have a global IP address - it means it can technically be reached from anywhere in the world. In that case you could use port forwarding to make things work for you. Port forwarding works basically as follows - You expose a certain port (on TCP) to external world - say 8000 and then you make a setting like following on your router.
<TCP>-<RouterIP>-8000 --> <TCP>-<Your LAN IP><Your application Port>
(You can find you lan ip using ipconfig on windows or ifconfig on Linux).
Now all connections coming to port 8000 would be directed to your application. You might want to do it on UDP as well and the protocol above would change. That is how you 'open' a few ports to be accessible from outside, configure them on your router and then run corresponding applications on your network.
There's another thing called dynamic DNS, where the IP address you use if it is dynamic (and global) can be registered with a Dynamic DNS server so that you don't have to know and remember the current WAN IP Address. But that can be for later.
Hope that helps.
I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi
My goal is to have two laptops in a network. One is acting as a server, serving webpages to the other. The catch here is that neither is connected to the outside internet.
What I have done so far is setup WAMP on the server laptop, and it successfully serves web pages on localhost. Now I want to access these pages on the other laptop.
To do this, I had the server create an ad-hoc network and connected the other laptop to it, but I'm stuck - and I'm worried I'm not on the right track. I followed this tutorial but in the end I figured out that just explained how to spoof a text URL as an IP address, and not really what I was looking for.
So I guess I have two questions:
Is my method the best way to do this (with ad-hoc networks)? Is there some way to connect a laptop to a wireless router and have the laptop act as a server to another laptop?
If my WAMP and ad-hoc network should work, how do I connect other laptops to my server through the ad-hoc network?
Thanks!
I would suggest the first option: get a wifi router. Then you can assign static IP adresses from the routers private network or use DHCP server on the router. Hopefully you will have an option to reserve IP adresses on DHCP server so you dont have to check every time what IP adress the laptop acting as a server got. You use this address to access your web server. Also, you can use this router later as a gateway to the internet if you want.
In ad hoc mode you will probably get an address from 169.254.0.0/16 link-local scope, and you can check it by running ipconfig as #Robadob already suggested.
On your hosting laptop open cmd and call ipconfig look for the internal IP address on the network interface your hosting the ad-hoc network.
Enter that IP address into the browser on your client laptops web browser instead of localhost.
If that doesn't work, try other ip addresses listed by ipconfig (incase you used the wrong) and then check the properties of your ad-hoc network, windows firewall and any other firewall software to disable anything that might be blocking it.
An ad-hoc network is suitable option for what your doing, most people would probably use a switch or router though, however that requires hardware you probably don't have.
I'm making an XNA game. When I started, I had a broadband connection with real IP, so I could host servers of any kind without any problem, but now I don't have that connection any more and I want to be able to let players from outside my local network connect to my server again. How do I do that? How do big guys at studios do that?
Cheap option:
Configure your home router (it does have real, but probably dynamic, IP address) to forward connections on some port of your liking to your server on the local network. Read up on Network Address Translation - that's the trick routers use to hide a network behind a single routable IP.
Setup a DDNS account somewhere, so people can find your game server by name instead of changing IP address.
Expensive options:
Buy static IP package from your ISP (not always available).
Deploy your game at a Hosting Service.
Generally there are two ways to connect two clients:
Give each client other client's IP address and let them connect to each other.
Give each client a mid-server's IP address and tunnel the traffic through it.
First way assumes each client has a real IP address and they both can be a server to one another. Second way is for when one or both clients don't have real IP address.