Getting a Static Public IP or any other workaround - networking

I'm developing an integration with an API which requires to whitelist customers based on IP addresses. I can easily get outbound IP from Production environments such as Azure or AWS and get those whitelisted.
How can I configure it for my desktop whose public IP keeps on changing after every few hours?

Getting a fixed IP address for your home computer is dependant on your internet provider. Sometimes they offer fixed IPs for 'Business' customers only or such.
Another solution might be to stand up an OpenVPN instance in your cloud then only whitelist that IP address and your expected partner prod addresses. Then you just connect to your VPN to access your API, you can do this from anywhere as your only dependant on the IP address of the cloud OpenVPN instance.
This solution also scales with your development as you only need to add new OpenVPN users to let other developers work with you and don't need their ever changing IP addresses.

I found an easy solution from NordVPN. It has an option to get a dedicated IP VPN :)

Related

How do I assign my server IP to a local device?

I have a raspberry pi connected to my router with a local IP. I want to access the raspberry pi from outside (from another country) the local network via web browser. So, I have purchased a VPS which has its public IP.
Now how can I assign this VPS IP to the raspberry pi or any other local devices?
how can I assign this VPS IP to the raspberry pi or any other local devices?
That's not how the internet works.
In short, the VPS provider has a pool of IPs and it or its ISP is responsible for publishing routes to the rest of the internet, informing the rest of the internet how to route to those IPs.
You can't just "move" the public IP to your local network; the rest of the internet won't route traffic to it. It would be kind of like writing "1600 Pennsylvania avenue" on the front of your house - you wouldn't cause you to get White House mail, right? Because regardless of what you write there, the post office doesn't use it as a source of truth for mail routing.
There's a few of the options you have:
use ngrok to expose an endpoint to your local service. Ngrok's servers can proxy connections back to your local environment without it having to be online. This will be accessible by anyone on the internet, but is more obscure than an ipv4 address which can and will be easily found (see below). This is a quick and easy solution, and what I'd recommend in your case.
you already have the VPS. Run the code there instead of on the raspberry pi. It will almost certainly be more reliable and higher speed than your home internet.
you also already have a public IP, assuming your pi's local router has a route to the internet. the router is performing NAT so that devices "behind" it with only internal addresses can still communicate with the world. You can almost certainly configure your router to forward a certain port to your pi's internal IP address.
set up a VPN between the private networks, or between the individual hosts on the private networks. This is a lot of work and will require more knowledge of IP networking. If this interested you, I'd recommend looking at Wireguard (recommended) or OpenVPN.
Finally, keep in mind that unless you do something to make it not the case, your service, once on a public IP, will be accessible from the wide world. Since IPv4 space is pretty small by 2022 standards, and there are only 65000 some IP ports per address, it won't take nefarious parts of the internet long to find your service. You can't hide in the obscurity of an IPv4 network.
If your public address is ipv6 instead, those are essentially unguessable and much more likely to go unnoticed. Same thing is true of ngrok - since it has very large set of potential URLs, it's hard to guess. Still, I'd set up some sort of authentication in front of the service. It's just good practice, like locking your house.
Run this on vps:
echo "GatewayPorts yes" >> /etc/ssh/sshd_config
And this on your raspberry pi:
ssh -L remote-port:localhost:your-local-port your-vps.com
You will access server using: your-vps.com:remote-port

How can I open my local TCP port to public?

I have a TCP Server for a my personal chat, I want to expand my connection beyond my local network and I want to open my port: 28752 to my IP public of pc to enter wherever I want only when my computer is on.
I have seen different solutions for example DMZ to associate my local IP to public IP, but i want to do this without modifying to router's setting I wanted to do it from a program. Is it possible?
It is possible to open up ports. But it depends on the OS in which you are trying to accomplish it. You can use the linux iptables to manipulate the ports opened and closed to any linux machine. IptablesSome examples . The ports should also be opened on the firewall layer outside the VM. eg: It could be AWS access policy, Security group, MAC's security firewall. Your laptop, when connected to the internet, will have a public IP address, you can share that public IP. But these IP address will change when you get connected to a different router. You can use AWS cli commands to assign a static IP address for your machine and expose it publicly. At the least minimum, you would need a public DNS server to expose your IP publicly. Easy way to achieve this is by putting in web server on cloud. Without a domain , you cant expose your IP. Once you have finalized on the domain (eg: AWS Route 53, Ingree IP from K8 etc), you can change/manipulate them from your program. It need not be language specific.

using dedicated IP of VPS for your personal web server

Pretext: There is a ABC company providing Virtual Private Server for $xx, which includes features like blah1, blah2, blah3 and 1 dedicated IP address.
I have my home FiOS internet connection.
I have serverA, serverB, serverC running at my home.
Let's assume ServerA is a web server.
Scenario 1:
To access this web serve from outside my LAN, I would type "myDynamicIPAddress", we are assuming it still has the same lease token, and get access to my website successfully.
Scenario 2:
I am at my school/work(I work at a corporate office). I would type "myDynamicIPAddress" to access my web server. Since my IP address is dynamic/residential, it is blocked(All residential IP are blocked by default, to reduce the chance of them getting infected and sending out spams).
My question:
Is there any way to connect my home network to the VPS that I purchased(the one with dedicated IP, remember?), so that I can use that dedicated IP address to connect to my web server from my school/work where residential IP address are blocked(this also means no Dyndns.com/no-ip.com).
I hope I explained my question correctly and I posted it in the right section.
Thank You in advance.
EDIT1: I found this one question, but I want to do the exact opposite of what the user in this question is asking for.
https://superuser.com/questions/498529/is-it-possible-to-use-a-static-ip-assigned-by-my-isp-for-an-offsite-web-server-o
The answer is the same as the other question, for the same reasons. The IP address is routed to the owning network prefix so it can't be used at a different location without changing the Internet routing tables to point the overall prefix to route to a different place. Since you don't own the network prefix, you can't do that.

How Hide private dedicated server at home

I installed a dedicated server at home which works fine. I host several services like mysql, apache, websocket, etc... The problem: people who go to my website will know my personal ip address. I hidded my ip under a type A DNS but there is no problem for people to get my real ip.
So how can i fully hide my ip address. Are there some services that provide this? Proxy? Vpn?
This is a tricky question. You cannot truly hide the public-facing IP address of a server if you intend it to be accessed by the public, because they need the IP to route to you.
If you use a public proxy, that proxy will have to know your real IP.
If you use a private proxy, then anyone who wants to visit your site will need to know the IP address of the proxy server, which is probably also owned by you.
If you expose all the services only on the internal network, then you can VPN into your home network to get your services, but then nobody else be able to use your services. Also, the VPN server's IP address will need to be public to anyone you want to give access to.

Whats my IP and subnet from Azure website?

Im building out an Azure hosted website, but it needs to reach into our home office to connect to some internally hosted web services. Our firewall is setup to only allow traffic over certain IP's, so we're looking to determine what IP range we need to allow access to.
Currently I'm still using the MSDN "Free" Azure subscription, so I don't know what options may be limited, but is there a way I can determine what source IP, subnet, whatever my Azure hosted site will attempt to call my web services from?
Thanks!
Be careful opening your firewall to the entire Azure datacenter IP ranges. Anybody can host anything in Azure, including malicious software, so if you open your firewall to the entire Azure IP range you may as well just open to 0.0.0.0-255.255.255.255 because in effect you are getting the same security.
A better option is to deploy your service and just whitelist that one IP address. That IP address is guaranteed to remain the same until you delete your service. With the ability to do in-place upgrades and VIP swaps there should be no reason why you would need to delete your hosted service and lose your IP address. If you ever do run into a scenario where you need to delete/redeploy you can always update your firewall at that time.
It sounds like this is what you're looking for:
Windows Azure Datacenter IP Ranges

Resources