FritzBox 7362 SL accidentially accessible via IPv6 - portforwarding

I have a FritzBox 7362 SL running with the following config:
DynDNS (only IPv4 address mapping)
port exposure to a local web server (ports 80 and 443)
remote access via MyFritz activated
no other remote access or VPN activated
Everything worked fine for years. Today I changed registered a new DynDNS and adjusted the settings for the FritzBox. The new DynDNS now also supports mapping to IPv6 addresses.
After that, my webserver isn't accessible anymore. Instead, now the login page of the FritzBox appeares, for both, HTTP and HTTPS. Login is refused, thank godness, even with valid credentials.
I found out, that this is only true when the IPv6 address or the new DNS name is applied. The DNS name now also maps to the IPv6 address. Applying the IPv4 address accesses my webserver (when reactivating the port exposure)
I triple checked all the FritzBox' setting; there is definitely no active remote access setting left. I also removed the port forwarding setting and the MyFritz exposure (and restarted the box, of course).
Does anyone have an idea about this?

Related

How to setup local domain in local network that everyone can see?

I have a few web-based local applications for home-automation purposes, those are accessible through IP addresses with port numbers something like http://192.168.1.100:8080.
What I am trying to achieve is to link each individual IP and port number combination to an internal domain name, so that anyone can use domain and subdomain names rather than IP addresses.
For example a person can specify a URL of http://kitchen.home rather than an IP address with port number URL such as http://192.168.1.100:8080.
At the same time http://192.168.1.100:8081 could be mapped to a domain name such as hall.home so that a URL of http://hall.home could be used instead of that IP address and port number.
The access to a server should not require having to modify the hosts file of individual PCs but should be some kind of a domain name server that maps domain names to IP address and port number for any PC on the local network.
I have set up a DNS server on a PC running bind9 as a DNS server under Ubuntu 20.04 on my home network in order to have my own special domain names.
A few details about DNS and proxy server with HTTP
To map several different subdomain names within a domain to specific ports on the same PC, you will need a proxy server installed on the the PC as well as a DNS server for the local network. Domain names are mapped to a specific IP address with the DNS protocol and are not mapped to a specific port at the IP address.
In my case I have the same PC hardware with Ubuntu 20.04 that has (1) Bind9 for my DNS server and (2) Apache for my proxy server. I could use two different PCs, one as a DNS server to resolve domain names to IP addresses and the other offering various services accessed either through a single IP port using a proxy server listening on the port to dispatch connections to the services or directly to the service by specifying the correct port number of the desired service.
For example http://kitchen.home/ in a browser would instruct the browser to open a TCP connection to the IP address represented by the domain name kitchen.home using port 80, the default HTTP protocol port. A DNS server is used to resolve the domain name kitchen.home to an IP address. With a URL of http://kitchen.home:8081/, the browser will ask the DNS server to resolve the domain name kitchen.home to an IP address and then open a TCP connection to that IP address but using port 8081 rather than the standard HTTP port 80.
So for http://kitchen.home/ to map to port 8080 at that IP address and for http://hall.home/ to map to port 8081 at that IP address you need to combine a DNS server, which resolves the domain name, with a proxy server residing at port 80, the standard HTTP port. The proxy server will then redirect the request to a different port on the PC selected based on the subdomain name, hall or kitchen, of the entire domain specifier, kitchen.home or hall.home.
See https://stackoverflow.com/a/58122704/1466970 which describes setting up Nginx as a proxy server.
The Apache web server can also serve as a proxy server which is what I'm looking into. See this tutorial from DigitalOcean, How To Use Apache HTTP Server As Reverse-Proxy Using mod_proxy Extension as well as Setting up a basic web proxy in apache.
My environment
I have a Windows 10 PC downstairs with a Ubuntu 20.04 PC upstairs communicating through an Arris router to my cable internet provider. Both PCs are connected to my local home network with WiFi.
The Ubuntu 20.04 PC is my Subversion server using Apache web server. I spend most of my time with the Windows 10 PC downstairs, using PuTTY to connect to the Ubuntu PC with one or more terminal windows when needed. I plan to work with Visual Studio on the Windows 10 PC accessing Subversion through the Apache web server as well as using the Ubuntu PC as a database server (MySQL) and web server (Apache with Php) and microservices (golang and node.js).
I wanted to setup a DNS server on the Ubuntu PC and then point my Windows 10 PC to use the local DNS server for a special domain name while using standard DNS servers such as Google at 8.8.8.8 and 8.8.4.4.
What I did
The procedure I followed was (see How to Configure BIND9 DNS Server on Ubuntu 20.04 and see as well Domain Name Service (DNS) and Everything You Need To Know About Ubuntu DNS Servers):
install bind9 using sudo apt install bind9
create a firewall rule sudo ufw allow Bind9
modify the file /etc/bind/named.conf.options
modify the file /etc/bind/named.conf.local
create a copy of /etc/bind/db.local for my new domain name, home.x
modify the new file, /etc/bind/db.home.x, with the correct rules
The domain name I wanted to use locally was home.x with the idea that if I entered a web site URL of http://www.home.x/ the resulting page would be the Apache web server on my Ubuntu PC. Or if I entered http://home.x/svn the result would be the Subversion repository on my Ubuntu server.
Note: in order for Subversion access through Apache, I had to set that up. See enabling Subversion access via Apache web server and DAV on Ubuntu if you are interested in that.
Details on changes and modified files
The Ubuntu PC has an IP address of 192.168.0.4 on my local network. In the descriptions below, this IP address is used where ever the Ubuntu PC is referenced.
I added a forwarders section to the file /etc/bind/named.conf.options in order to forward any DNS requests that were unknown to my Ubuntu server to some other DNS server. The IP addresses I copied from the list of DNS servers returned by the Window 10 command ipconfig /all which I ran on my Windows 10 PC. The changed file is as follows:
rick#rick-MS-7B98:~/Documents$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
// following forwards are to Google DNS servers at 8.8.8.8 and 8.8.4.4
forwarders {
8.8.8.8;
8.8.4.4;
209.55.27.13;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
After changing the file /etc/bind/named.conf.options, I then ran the check utility, which found no errors, and then restarted the bind service.
sudo named-checkconf
sudo systemctl restart bind9
Next I added a new zone directive to the file /etc/bind/named.conf.local to create a DNS entry for my new, local domain name home.x. The modified file looks like:
rick#rick-MS-7B98:~/Documents$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "home.x" {
type master;
file "/etc/bind/db.home.x";
};
Finally I needed to create the file /etc/bind/db.home.x specified in the file directive of the zone directive. I did this by starting with a copy of the existing file /etc/bind/db.local by using the command
sudo cp /etc/bind/db.local /etc/bind/db.home.x
I then modified the file /etc/bind/db.home.x in order to specify the rules I needed to resolve the domain name of home.x as well as the subdomain of www.home.x to the IP address of my Ubuntu PC. The modified file looks like:
rick#rick-MS-7B98:~/Documents$ cat /etc/bind/db.home.x
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA home.x. root.home.x. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns.home.x.
# IN A 192.168.0.4
# IN AAAA ::1
ns IN A 192.168.0.4
www IN A 192.168.0.4
At this point I could test that things worked from my Windows 10 PC by using the nslookup command from a command window. I tried it first without specifying the Ubuntu PC IP address and then with the Ubuntu PC IP address
C:\Users\rickc>nslookup home.x
Server: dns.google
Address: 8.8.8.8
*** dns.google can't find home.x: Non-existent domain
C:\Users\rickc>nslookup home.x 192.168.0.4
Server: UnKnown
Address: 192.168.0.4
Name: home.x
Addresses: ::1
192.168.0.4
I then used the Windows 10 Control Panel (Control Panel > Network and Internet > Network Connections) to see a list of my network adapters in order to modify the DNS server addresses my WiFi adapter was using. This setting is found by doing a right mouse click on the adapter to pop up a floating menu, select Properties to bring up the Properties dialog then select Internet Protocol Version 4 then click the Properties button on the dialog and modify the DNS server address. Below is a screen shot of the dialogs.
After modifying the DNS server address, I retried the nslookup without specifying a DNS server address and the command finds home.x:
C:\Users\rickc>nslookup home.x
Server: UnKnown
Address: 192.168.0.4
Name: home.x
Addresses: ::1
192.168.0.4
When I tested a URL of http://www.home.x/ the test page of my Apache web server is displayed. When I tested a URL of http://home.x/svn the web browser showed the directory tree of my Subversion repository. When I access my Subversion repository with http://home.x/svn/trunk/ within the Ankh Subversion plug-in with Visual Studio 2017 it works.
Other thoughts
One issue with this setup is that if my Ubuntu PC is not up and running then the Windows 10 PC will not have a functioning DNS server until either the Ubuntu PC is brought up or the DNS server address is set back to the original setting on the WiFi adapter. Previously, it was set to discover a DNS server. It may be that I can change this back and from a specified DNS server address, the IP address of my Ubuntu PC, and my Windows 10 PC will discover my Ubuntu PC as a DNS server anyway.
DNS names are independent of port numbers. A dns record correlates a name to an IP address. If you want to omit the port number from urls, you either need to host on the default ports (80/443), or use a proxy.
With a home network, the dns can be tricky, and usually depends greatly on the specific router you have. Your options are basically:
Maybe your router has an interface for defining host overrides. OpenWRT has such a thing, and some routers have a similar dns server on them that you can add host entries to.
Get a public domain name. You can have an A record for example.com that points at a local network address. The server itself may only be accessible inside your network, but the dns will be available anywhere.
Run your own dns server and tell your router to use it as the default resolver for your network.
Maybe mDNS could suit your needs for .local domains.

Local DNS override works randomly with Bind

I have a Bind DNS server on my local network to get *.home resolution, and a forwarders section for every other domains. I also have a local web server which serve some subdomains of *.mydomain.com from the outside, with my ISP box redirecting ports 80/443 to it.
But from any computer within my local network, if I try to access any of the *.mydomain.com address, the IP address returned is my public IP address and the ISP box doesn't redirect the request to my server. I used a workaround by adding the subdomains *.mydomain.com with the local IP address of the server in /etc/hosts on each local computer but it's not perfect since I have to change it if I move a computer to another network, plus I can't do this on my non-rooted Android devices.
The perfect solution would be to have my local DNS overrinding the DNS entries for *.mydomain.com with the local IP instead of the public one. I tried some Bind9 configurations for this, some using the "response-policy" directive, some without it, but in every case, I get the external IP ~50% of the time and I can't figure out why. This happens on every computer I use (some are on Ubuntu, some with Windows), also on my Android phones.
Using dig #mydns subdomain.mydomain.com return the local IP so I assume that the Bind configuration is OK, but dig subdomain.mydomain.com (or ping) doesn't always return the proper IP. I also tried to disable forwarders for the subdomain like this :
zone "mydomain.com" {
type master;
file "/etc/bind/db.mydomain";
forwarders {};
};
I flushed the DNS cache of my computers and there is no other DNS server on my network so I don't understand how this can happen. I also tried to log requests on the Bind server and I don't see requests with the external IP address returned (only those with the internal). So where did these requests go through ?
I finally found out what the problem was : my custom DHCP/DNS server was configured for IPv4 only, but my ISP box also provide IPv6 capabilities, so all the DNS requests from the devices on the network where sent on both protocols and half of the time, the request was answered by the ISP box instead of my custom DNS.
I disabled IPv6 for now and the problem is gone. I'll configure it for my custom server later.

HttpListener working on local network, but not externally

I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi

Accessing WAMP server from a different network

I was trying to setup WAMP server on my machine . Am able to access the localhost from the same PC or remotely from other devices in the same network .
However I would like to know how can I access it from a different network ?
Check the port 80 forwarding on your router. Forward port 80 of that particular machine/server to your router. That server should have a permanent local IP like 192.168.1.* or 192.168.2.*, etc whose port 80 is forwarded to the public IP of your router. This provides access to your server/machine with the set IP from outside your network!
For router settings, open a browser, in the location bar, type http://192.168.1.1 or whatever your router manual says it to be. You will need the default user/pass to login.
In order to have a permanent access to your home server with a domain, You need to get a permanent public IP for your network from your Internet service provider in order to assign a domain name to it.

Cannot access website using host headers on local windows 7 and iis 7

I have a problem accessing my website created using Visual Studio on my local pc.
The pc is using Windows 7 and a static ip address has been configured. I have added a hostname "192.168.0.1 hosts myweb.mylocal.com" on c:\windows\system32\driver\etc.
On IIS I have configured the binding myweb.mylocal.com with impersonation set enabled and windows authentication is enabled.
The user login just keeps prompting even though I have entered the correct username and password.
Yea 192...* is router reserved IP.
I had the same issues with Windows 7 and and its due to IPV6.
Try disabling the IPv6 Protocol in "Control Panel\Network and Internet\Network Connections" and right clicking your stablished connection to your router, unticking the IPv6 and leaving the IPv4 selected to see if that will make a difference.;
Your local IP is more than likly :::1 or something along then lines!
-- Update
Where you have set you ip 192.168.0.1 to route to your local domain, try setting it to 127.0.0.1 so that it loops to itself and not via the gateway, Or you can leave it as it is and add the rule to your router to send traffic from the HTTP Port 80 to your PC.

Resources