i have the following example hosts:
Host A:
public IP: 200.0.0.1
private IP: 10.0.0.1
Host B:
public IP: 200.0.0.2
private IP: 10.0.0.2
If host A is pinging 200.0.0.2 it will use the external gateway, see a bunch of hops trough hetzners network and arrives finally on host B.
Is there an easy way to re-route the traffic to 10.0.0.2 what would only be 1-2 hops?
If host A is pinging 10.0.0.2 it works as expected.
I just would like to fight any mistakes where the public ip or even the public hostname is used instead of the local ip.
Related
I have 2 EC2 instances - one in public subnet one in private.
I need both of them to access a service via public ip and port forwarding on Mako router.
Mako router port forwards port 552 to local 192.168.. ip
I set up firewall rules on Mako router that whitelists 2 public IPs - one of the EC2 instance in public subnet and NAT Gateway public IP (was also able to confirm it is the Internet ip from the instance in private subnet via dig myip.opendns.com #resolver1.opendns.com
curl from EC2 instance in public subnet works
curl from EC2 instance in private subnet doesn't
Endpoint I am hitting is rtsp://admin:password#123.123.123.123:552/Streaming/Channels/2
Any thoughts? What might be wrong? Advise on troubleshooting/mitigation?
We have just set up Mikrotik router and have public ip address and our local ip address for the server.
We created a dst-nat rule where anyone who accesses
public_ip:80 is applied a dst_nat to local_ip:8082 port
However, from our local ip address we cannot access this public ip address.
It will work if at hosts file we write local_ip public_dns_name.
Why does mikrotik not send to the public_ip address, i.e does not apply a dst-nat rule?
The problem got solved via adding srcnat rule, which masquearades all traffic from local network
Chain
srcnat
Src. Address -> our local network
192.168.88.0/24
Dst. Address -> our server
192.168.88.249
Protocol
6 (tcp)
Action
masquerade
This problem and its solution are explained on microtik's documentation: https://wiki.mikrotik.com/wiki/Hairpin_NAT
Basically, the router translates everything into local IP addresses when replying to machines inside the network. Your client sent a request to some public IP, so it's waiting for a reply from that same public IP. The microtik translated the request into a local IP, so it sent a reply with the wrong "from" address, and your client ignored it. You can work around this by setting up a masquerade rule, or by adding a static DNS entry that bypasses the need for a public IP.
In my case, the problem was that the rule was set up to only work for traffic coming in on WAN (not LAN). I changed it to route traffic from anywhere, as long as it is requesting my public IP.
chain: dstnat
dst address: <public ip>
protocol: 6 (tcp)
dst port: 80
in. interface list: all
action: dst-nat
to addresses: <server local ip>
to ports: <server port>
I have configured the keycloak server. I'm able to access the server with private IP address (192.X.X.X).
When I'm mapping this IP address to the external domain name, the keycloak page is not opened.
Moreover, I'm trying to run server as both format - such as
-b=192.x.x.x
-b=0.0.0.0.
None of them is working.
What is the problem and how can I resolve it?
The problem there is that private IP addresses (the ones in ranges below) are not routeable on the internet. You have to use public IP address to be access from the internet (out of domain).
Private ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
So actually what happens, when You set this IP address to the DNS server (set domain example.com to change into 192.168.1.1), it will correctly translate. However after that, the routers will drop the traffic, as it cannot go over the internet.
More on topic for example here: https://www.lifewire.com/what-is-a-private-ip-address-2625970
Solution:
consider this fake public IP address as yours 88.123.123.123, domain example.com
1) Get the server a public IP address so it can be reached from the internet, set forwarding-protocol on Your router at the company/home, e.g. transfer rule:
<from public int> -> <to private int>
--------------------------------------
88.123.123.123:80 -> 192.168.1.1:80 //Port for HTTP traffic
88.123.123.123:443 -> 192.168.1.1:443 //Port for HTTPS traffic
2) Set up listening of Your server on 0.0.0.0 and 192.168.1.1 should work just fine.
3) Last, set up the DNS translation on the DNS server.
example.com -> 88.123.123.123
Example of topology:
There is public IP 24.65.45.89 and the IP of the server 10.20.0.2:
I want to access localhost of a computer but other computers in the same network also has the same public IP. Can we access its localhost host by knowing both(public and private) IP address of that computer. I want to connect to it directly(not through any software like ngrok or VPN).
Thanks in advance.
You can only access localhost on the computer itself. Localhost refers to 'this node' by definition.
When communicating on an internal network you usually use the private IP addresses, not the public one(s). Connecting to a computer with a private IP behind a public IP requires reverse NAT aka destination NAT aka port mapping.
Connecting out from and right back into the same network through NAT may require a special firewall setup aka hairpinning. It's usually easier and faster to use split-brain DNS and resolve the public name to the private IP address of the device.
Here is the scenario:
I have asked my ISP to give me public IP, which I can connect to my laptop and access from other outside network. They gave me following
IP : 103.51.2.198
subnet mask : 255.255.255.248
default Gateway : 103.51.2.193
preferred dns : 8.8.8.8
Alternate dns : 8.8.4.4
I have connected PPPoE connection in my laptop (not in router) and set these values at TCP/IP V4. My internet connection is fine.
But If I ping from other network by this IP (103.51.2.198), request is timed out.
Than I checked whatsmyrealip. and the IP is (103.51.2.102). this IP is a public IP of my ISP provider. And they are trying to give me an IP from that IP.
My ISP providers are not expert in networking nor am I. They are also not sure how they can give me a public IP.
I am not sure about what are they trying to do. and how will they give me another IP from a public IP. It will be very helpful, If anyone can explain the problem. and give a solution.
First of all, it's called public IP not "realIP".
Anyways, the answer for your question is:
You cannot access your home computer because it is behind NAT so it is unreachable from the outside of your network.
Quick example on how NAT works:
Scenario:
Private IP: 192.168.0.10
Public IP: 1.2.3.4
You are connecting to webserver on IP: 5.5.5.5
What happens:
You send data to your router, telling it that you want something from
5.5.5.5, your router assigns you a random port, let's say 11111,
sends the data with source IP 1.2.3.4 and port 11111. Stuff
happens on the webserver and the data comes back. Router reads it and
remembers that everything going to 1.2.3.4:11111 belongs to
192.168.0.10 so it sends you the data.
Here everything works because it's your computer the one starting the connection, otherwise, the webserver would never be able to connect to you.