There are 2 Linux servers in my company (Let's call them A, and B).
A and B are located in a Local Area Network. They don't have public IP addresses. They can send packets to each other using private IP addresses such as 172.27.X.X.
My company only allows us to establish a VPN connection to server A using AnyConnect when we are at home.
Now there's a web app hosting on server B. How can I open the web app using my browser when I'm at home?
The web app on server B listens to port 80 and 443.
I'm able to view web apps on server A when the VPN connection is established. But don't know if it's possible to use server A to get access to the web app on server B.
The most common solution to this is SSH port forwarding AKA SSH tunneling.
To build a tunnel from your local port 8080 to port 80 on remote server B through remote host A, simply do:
ssh -L 8080:<host-B-IP>:80 username#<host-A-IP>
For port 443 on server B:
ssh -L 8443:<host-B-IP>:443 username#<host-A-IP>
Afterwards, you can just open the website using localhost:8080 or localhost:8443.
Related
Here is what i have:
GCP instance without external IP (on VPC, and NAT), and it accepts HTTP HTTPS requests
firewall allows ingress TCP for 0.0.0.0 and also for IAP's IP 35.235.240.0/20 on all ports for all instances
I ssh to the instance via IAP and run the application in the terminal on port 5000 and 0.0.0.0 host and leave the terminal hanging, but when I connect in parallel through cloud shell and ssh to this instance through IAP, and then click on web preview on port 5000, I get "Couldn't connect to a server on port 5000".
I have said that it could be a firewall rule blocking IAP, so that's why I gave access to all ports for IAP (for testing)
P.S: the process has been done on a VM with external IP and it got validated ( but without the need to connect to cloud shell to do web preview, I checked the UI with IP:port in the browser )
What did I miss?
You may be following the guide on Building Internet Connectivity for private VMs and this part on Configuring IAP tunnels for interacting with instances and the use of TCP Forwarding in IAP. By Tunneling other TCP connections:
"The local port tunnels data traffic from the local machine to the remote machine in an HTTPS stream. IAP then receives the data, applies access controls, and forwards the unwrapped data to the remote port."
You can create an encrypted tunnel to a port of the VM instance by:
gcloud compute start-iap-tunnel INSTANCE_NAME INSTANCE_PORT \
--local-host-port=localhost:LOCAL_PORT \
--zone=ZONE
I guess you want to use INSTACE_PORT and LOCAL_PORT the same, 5000.
Be aware of it's known limitations.
I don't have a public ip address so I'm looking to host a server while connected to a VPN, the VPN server is running on a VPS that I own and its running SoftEther VPN server.
In my machine I connect to the VPN and then run the server app, however I check in http://www.canyouseeme.org/ to see if its successfully hosted and can be accessed from internet but its not and it shows "connection refused", if I host the server on the VPS machine it works, but I don't want that, it should be hosted on my machine and should be accessible using the ip address of the VPS/VPN.
You probably want to set up port forwarding on your VPN server.
When you connect to the VPN, your traffic goes through it, but you don't "become" it - the traffic directed to the VPN server (like an attempt to connect to your app) will not be forwarded to your VPN client machine - this is not the purpose of VPNs.
There is a page with port forwarding setup here. This is to be done on the VPN server.
The alternative I use is to setup port forwarding via SSH on the application server and ditch the need for VPN. Check Remote Port Forwarding here. It works fine, encrypts your data between the application server and the gateway, but there might be bigger overhead and it may be more prone to die when the network connection is temporarily lost.
i was trying to establish an ftp connection on my LAN and WAN , i use windows 8 , i configured the IIS , and opened port 21 , actually disabled firewall , i created a new user to access my ftp folder 'A' , it worked fine on LAN by accessing
ftp://192.168.1.10 (my local ip),from any pc on my LAN.
The problem is , i am trying to access through ftp but this time from WAN , i configured the router to port forward to my LAN (192.168.1.10) , i looked up my static ip , now i have a login panel
ftp://393.32.3.2(random ip) when it comes to authentification i used the user i created but it is not working , any ideas ?
FTP uses both port 20 and 21. You have only port forwarded port 21 which is used to initiate and control connections to FTP servers.
This means you will be able to connect to your FTP server and log in, but it will not be able to transfer any files because that uses port 20.
Hope this helped!
-Kad
you must configure in your router ports 1025-3500 forwarding to yours server ex: 192.168.0.100
you must configure in your router ports 21(all protocols tcp&udp) forwarding to yours server ex: 192.168.0.100
Imagine we have a hosting containing:
a search engine running on port 5678 (it's required this port it's open in order to work).
nginx running on port 80.
When a user connects to our website and search something on it, he is only connecting through port 80, but never through 5678. We can check this running "netstat -an".
So my question is: If the client it's never connecting directly with the search engine's port, why we need to keep it open?
Normally client requests are coming to your web server (port 80 or 443), and your web server (your php,or your java code) has a logic to connect to your search engine and send back the result to the client via port 80/443 (local socket connection, if web server and search server running on the same server). so clients need not to connect directly to your search engine port (5678). (from external networks). may be your web server internal interface and search engines internal interface connect locally via local s socket connection.
I'm not sure how you run your web server and search engine, is it two different servers or nginx act as a load balancer and send the client request to your multiple search servers. i think your search engine port use internally to communicate with your web server hosted software. or may be you run both nginx and search server on the same server.
other guess is your firewall or router forwarding port 80 request to your search server port 5678 (port forwarding).
try this on your search server
netstat -pant
this will give your all connection details, like local address,foreign address,state, and PID/Program name
Hope that helps
You can connect to a webserver using a different port. Port 80 is the default for web servers. (port 443 for secure, https, connections) so it's not normally specified since it's 'understood'
But you can, actually, specify a different port to connect to. In your example, a user would specify which port they want to connect to in the URL
http://www.example.com:5678
The same reason why some services live on other ports, like 22, 3000, 3306, 8080, 9000, you might not access those ports directly but maybe some other apps/services/protocols connect to it internally, or could even be not on the same server, like if you have separate app/db/mail servers, they would contact each others by ports.
I got access via SSH (root access) to a Machine that's inside a network at my client's office.
I'm programming in my computer a PHP application that needs to integrate to LDAP. The LDAP server is in another server at my client's network and not accesible from outside, however I can perfectly access it via the server I can connect to via SSH.
My question is: IS there anyway I can make a tunnel and setup a port in my computer to get the traffic forwarded to the LDAP server using my SSH connection to one of the computers on the network?
Thanks!!!!
Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.
ssh -L 9999:ldapserver:389 user#otherhost
Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.
Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.