What are all the IP Address to white list to receive the incoming messages from the wechat server.
There is a webhook URL we have to be configured in wechat console mp.wexin.qq.com to receive the incoming messages.
The following ips addres we have identified for whitelisting to receive the messages, not sure these may change .
i would like to know the list of ip address for wechat server. Can any one have this information or please provide some lead from where i can get this information.
machine#1:~/Work/cryptographic-workspace/keystore-cryptographic-service$ nslookup mp.weixin.qq.com
Server: 172.17.5.36
Address: 172.17.5.36#53
Non-authoritative answer:
mp.weixin.qq.com canonical name = mpv6.weixin.qq.com.
Name: mpv6.weixin.qq.com
Address: 203.205.239.172
Name: mpv6.weixin.qq.com
Address: 203.205.239.154
Name: mpv6.weixin.qq.com
Address: 203.205.239.171
machine#2:~/Work/cryptographic-workspace/keystore-cryptographic-service$ nslookup api.weixin.qq.com
Server: 172.17.5.36
Address: 172.17.5.36#53
Non-authoritative answer:
api.weixin.qq.com canonical name = hk.api.weixin.qq.com.
Name: hk.api.weixin.qq.com
Address: 203.205.239.82
Name: hk.api.weixin.qq.com
Address: 203.205.239.94
Please check out the following documentation
https://developers.weixin.qq.com/doc/offiaccount/en/Basic_Information/Get_the_WeChat_server_IP_address.html
They provide an API to query the list of possible callback server ips.
Related
I'm connecting to a host using an IP address (ex. 123.123.123.123) rather than a hostname and I get this exception:
javax.net.ssl.SSLException: Certificate for <123.123.123.123> doesn't match common name of the certificate subject: abcdef.test.group
I can see the actual hostname of 123.123.123.123 in the debug output under 'peer alternative names' so I am guessing that the problem is because I am using the IP address and it's unable to resolve this to a hostname and so match against the peer host list.
I'm using the IP address because the local DNS has not been setup, and before I ask admins to update the /etc/hosts file to map that IP to a host I want to check that the problem is indeed that I am using an IP address.
As I've typed this in I've convinced myself that it is - but it would be good if someone else agreed.
After update of /etc/hosts file with the IP/hostname mapping all is well.
On the server, I installed the VPN using the "setup-ipsec-vpn" script of the hwdsl2 user. I found him here.
As a result of its actions, the script provided me with: User name, password and IPsec PSK code.
However, on the router, I have to put information about Tunnel password, handshake interval and Authentication. You can see the tab with the router configuration here. Unfortunately, I could not find such information (neither at Github nor on the server).
The router is a Huawei B525.
What can I do in this case? Do not complete these fields? Change some configuration in some way?
LNS address: IP (name) of the server
Host Name: Whatever
Tunnel password: IPsec PSK code
Handshake interval: 30s (dpddelay in vpnsetup.sh)
Authentication: Can be "Auto"
We have just set up Mikrotik router and have public ip address and our local ip address for the server.
We created a dst-nat rule where anyone who accesses
public_ip:80 is applied a dst_nat to local_ip:8082 port
However, from our local ip address we cannot access this public ip address.
It will work if at hosts file we write local_ip public_dns_name.
Why does mikrotik not send to the public_ip address, i.e does not apply a dst-nat rule?
The problem got solved via adding srcnat rule, which masquearades all traffic from local network
Chain
srcnat
Src. Address -> our local network
192.168.88.0/24
Dst. Address -> our server
192.168.88.249
Protocol
6 (tcp)
Action
masquerade
This problem and its solution are explained on microtik's documentation: https://wiki.mikrotik.com/wiki/Hairpin_NAT
Basically, the router translates everything into local IP addresses when replying to machines inside the network. Your client sent a request to some public IP, so it's waiting for a reply from that same public IP. The microtik translated the request into a local IP, so it sent a reply with the wrong "from" address, and your client ignored it. You can work around this by setting up a masquerade rule, or by adding a static DNS entry that bypasses the need for a public IP.
In my case, the problem was that the rule was set up to only work for traffic coming in on WAN (not LAN). I changed it to route traffic from anywhere, as long as it is requesting my public IP.
chain: dstnat
dst address: <public ip>
protocol: 6 (tcp)
dst port: 80
in. interface list: all
action: dst-nat
to addresses: <server local ip>
to ports: <server port>
When I use the openstacksdk, I tried use conn.network.find_port() method to find the port, but I only knows the local_ip address, but the conn.network.find_port() params requires the id or the name.
In my openstack cloud, I list the ports:
You see, I only knows the fixed_ips' ip_address, but how can I get the port by openstacksdk?
So a couple of days before, I tried creating a Home FTP Server, which I can access from my own network. It worked. But now I want to go further. I wanted my Home FTP Server accessible from any network via an external IPv4 address. So here is my problem.
Every time if I want to connect to my server on localhost or on my local IP address, it works. But when I try to connect with the same credentials on my external IP address, it says that it cannot retrieve the directory listing:
Status: Connecting to *************:800...
Status: Connection established, waiting for welcome message...
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (**,***,*,***,***,106)
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing
The (obfuscated) IP address in the 227 response does not match the (obfuscated) server IP address in the "Connecting to ..." message.
I tried turning off my firewall, forwarded port 21 and port 800 for both TCP and UDP, but nothing worked. I also made exceptions for both ports, and that didn't work as well.
Another problem is, that if I want to log in on my external IP address on my FileZilla Server, it shows this:
Connecting to server -censored-:14147...
Error, could not connect to server
Trying to reconnect in 5 seconds
My question is: how do I create a Home FTP Server which is can access remotely?
Response: 227 Entering Passive Mode (**,***,*,***,***,106)
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
If the IP address in the 227 response to the PASV command does not match the actual FTP server IP address, the server is misconfigured.
This usually happens, when the server is not aware of its external IP address and reports its internal IP address. But most FTP clients (including FileZilla) would be able to detect that by checking the IP address against a range of addresses reserved for local communications within a private network. See Server sent passive reply with unroutable address in FileZilla. As that did not happen, the server is probably explicitly configured with an incorrect IP address.
For generic information, see my article about network configuration needed for FTP.
You have to reconfigure the FTP server to the new IP address. In FileZilla FTP server you can do that by going to Edit > Settings > Passive mode settings > IPv4 specific > External Server IP Address for passive transfers in FileZilla Server Interface.