I sorry to botther with this...
I have a public IP 181.188.xxx.yyy and I have a Local IP range which is 192.168.10.0/24 on that range I have a Server which is 192.168.10.3 which runs different services on diffente ports, lets say Expressjs on 3000, Mongogb on 27017.
I have a Nat thar redirects from outside to public IP depending on the required port to the required service.
What I need to do, now is the inverse thing, detect when a local host is tryng to get an IP 181.188.xxx.yyy from internal network Mikrotik should forward to an Internal IP host.
Can Anyone lend me a hand with it please??
That you describe sounds like a hair pin nat because in the network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its public IP address to the web server behind it.
Please see here for more info.
Related
Here is the scenario:
I have asked my ISP to give me public IP, which I can connect to my laptop and access from other outside network. They gave me following
IP : 103.51.2.198
subnet mask : 255.255.255.248
default Gateway : 103.51.2.193
preferred dns : 8.8.8.8
Alternate dns : 8.8.4.4
I have connected PPPoE connection in my laptop (not in router) and set these values at TCP/IP V4. My internet connection is fine.
But If I ping from other network by this IP (103.51.2.198), request is timed out.
Than I checked whatsmyrealip. and the IP is (103.51.2.102). this IP is a public IP of my ISP provider. And they are trying to give me an IP from that IP.
My ISP providers are not expert in networking nor am I. They are also not sure how they can give me a public IP.
I am not sure about what are they trying to do. and how will they give me another IP from a public IP. It will be very helpful, If anyone can explain the problem. and give a solution.
First of all, it's called public IP not "realIP".
Anyways, the answer for your question is:
You cannot access your home computer because it is behind NAT so it is unreachable from the outside of your network.
Quick example on how NAT works:
Scenario:
Private IP: 192.168.0.10
Public IP: 1.2.3.4
You are connecting to webserver on IP: 5.5.5.5
What happens:
You send data to your router, telling it that you want something from
5.5.5.5, your router assigns you a random port, let's say 11111,
sends the data with source IP 1.2.3.4 and port 11111. Stuff
happens on the webserver and the data comes back. Router reads it and
remembers that everything going to 1.2.3.4:11111 belongs to
192.168.0.10 so it sends you the data.
Here everything works because it's your computer the one starting the connection, otherwise, the webserver would never be able to connect to you.
I use a static IP connection, Configured to TPLINK router.
I have a local server running which i can access from my network, but i want it to be accessed outside network.
So I did port forwarding. and its Successfully running.
Now the problem is :: The IP address of my WAN is also a private address like 10.10.X.X, so when am entering http://10.10.X.X, i can access my site, but not outside my network. Please guide me how to fix this?
If your WAN address is a private address, your ISP is using CGN. This is becoming more common since the RIRs have, or soon will, run out of public IP addresses to assign to ISPs. It sounds like your ISP has run out of public addresses and needs to use private addresses for its residential customers, reserving its remaining public addresses for its business customers which are willing to pay for public addresses.
Basically, your ISP is using NAT, too. You would need to have the ISP forward your port on its NAT router, but the odds of that are zero since it probably has a policy you agreed to to not host servers on your residential LAN (buried in the fine print of the ISP agreement). This situation will play out more and more over time.
You have to use the "Virtual Server" settings. Port triggering is used for.
Once the modem router is configured, the operation is as follows: 1. A local host makes an outgoing connection to an external host using a destination port number defined in the Trigger Port field. 2. The modem router records this connection, opens the incoming port or ports associated with this entry in the Port Triggering table, and associates them with the local host. 3. When necessary, the external host will be able to connect to the local host using one of the ports defined in the Incoming Ports field.
It is not used for incoming connections which are triggered from outside!
Of course, to have it working you have to have an application listening on that port not only having the firewall on Windows allowing the port.
After you set up the "Virtual Server" a port scanner should show you the port is open (even without having a running application listening) - it will try to port forward it. I use ShieldsUp for testing.
Working in VMWare vCloud.
Webserver has internal ip 172.16.0.61, public ip 148.25.6.22 (invented numbers);
App Server has internal ip 172.16.0.52
From App Server I can ping and surf Webserver using its internal 172.16.0.61, but... how can I reach it (from App Server) using its public 148.25.6.22?
Just searching for something that let me say to the App Server
148.25.6.22 => 172.16.0.61
If I had a domain name I could resolv it in /etc/hosts, but at the moment I have just ip.
Thanks in advance
If I understand you correctly, your servers are behind a NAT, which masquerades their IP addresses (which is why your webserver has both an internal and an external IP address - the external one is actually the NAT's public address).
You can define a local route on your appserver, which will direct packets sent to 148.25.6.22 to 172.16.0.61, however that defeats the purpose, as that would cause the appserver to just send everything to the internal address.
What you should do is configure port forwarding on your NAT - this means that the NAT will listen on a port you specify, and all communication which reaches this port will be forwarded to the webserver's internal IP to another port you specify, for example: 148.25.6.22:8080 => 172.16.0.61:8080. Now, if your appserver connects to 148.25.6.22:8080, the packets will reach the webserver at port 8080.
Suppose that I am sharing a public ip 56.162.XXX.XXX with some other users. Now I have a local ip that I see if I type ipconfig in the command prompt. That is 192.168.2.3. Now I have a program running on port 3630 listening to any incoming connection. I can call myself with the help of loop back ip ie. telnet 127.0.0.1 3630, and i see that two programs are getting connected and can exchange data. I can also telnet and get connected with my laptop from another laptop which is sharing same public ip as mine by the command telnet 192.168.4.20 3630. But how should I do the same from a remote computer? I mean a computer which has a different public ip.
Actually I want something like "telnet public ip(local ip) port no". The other computer is also sharing a public ip with some other users.
You will need to setup some kind of NAT (Network Address Translation) or PAT (Port Address Translation) that will forward the requests for port 3630 to your local IP.
The actual configuration to use will depend on your firewall/router. If you have a standard ADSL router, there is likely to be a configuration page in there that will allow you to do this.
You will need to read up on port forwarding and NAT.
http://en.wikipedia.org/w/index.php?title=Port_forwarding
Ignoring other possiblities such as Request.ServerVariables["HTTP_X_FORWARDED_FOR"], does Request.ServerVariables["REMOTE_ADDR"] gives me the "principal" IP of the client?
I'm talking about the IP that made the actual TCP connection.
Will ServerVariables["REMOTE_ADDR"] always be the "real" IP address of the remote endpoint?
Just to clarify: Even if it's a proxy who made the real TCP connection I'd like have its IP, and not a forwarded one.
Yes, except if its been through a NAT firewall. A NAT firewalled address would be masquerading many 192.168.x.x or any other private subnet behind a public IP address. So you'd be looking at the IP address of the NAT firewall (i.e. a Linksys Router or what have you).
Be warned that many cell phone carriers have HUGE NAT networks so they always look like they are coming from one or two public IP addresses.
The REMOTE_ADDR variable will be the IP of the system that directly connected to your web server to request the URL; so it would be the forward-most proxy server, if there is a proxy server.