I have configured the keycloak server. I'm able to access the server with private IP address (192.X.X.X).
When I'm mapping this IP address to the external domain name, the keycloak page is not opened.
Moreover, I'm trying to run server as both format - such as
-b=192.x.x.x
-b=0.0.0.0.
None of them is working.
What is the problem and how can I resolve it?
The problem there is that private IP addresses (the ones in ranges below) are not routeable on the internet. You have to use public IP address to be access from the internet (out of domain).
Private ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
So actually what happens, when You set this IP address to the DNS server (set domain example.com to change into 192.168.1.1), it will correctly translate. However after that, the routers will drop the traffic, as it cannot go over the internet.
More on topic for example here: https://www.lifewire.com/what-is-a-private-ip-address-2625970
Solution:
consider this fake public IP address as yours 88.123.123.123, domain example.com
1) Get the server a public IP address so it can be reached from the internet, set forwarding-protocol on Your router at the company/home, e.g. transfer rule:
<from public int> -> <to private int>
--------------------------------------
88.123.123.123:80 -> 192.168.1.1:80 //Port for HTTP traffic
88.123.123.123:443 -> 192.168.1.1:443 //Port for HTTPS traffic
2) Set up listening of Your server on 0.0.0.0 and 192.168.1.1 should work just fine.
3) Last, set up the DNS translation on the DNS server.
example.com -> 88.123.123.123
Example of topology:
There is public IP 24.65.45.89 and the IP of the server 10.20.0.2:
Related
We have just set up Mikrotik router and have public ip address and our local ip address for the server.
We created a dst-nat rule where anyone who accesses
public_ip:80 is applied a dst_nat to local_ip:8082 port
However, from our local ip address we cannot access this public ip address.
It will work if at hosts file we write local_ip public_dns_name.
Why does mikrotik not send to the public_ip address, i.e does not apply a dst-nat rule?
The problem got solved via adding srcnat rule, which masquearades all traffic from local network
Chain
srcnat
Src. Address -> our local network
192.168.88.0/24
Dst. Address -> our server
192.168.88.249
Protocol
6 (tcp)
Action
masquerade
This problem and its solution are explained on microtik's documentation: https://wiki.mikrotik.com/wiki/Hairpin_NAT
Basically, the router translates everything into local IP addresses when replying to machines inside the network. Your client sent a request to some public IP, so it's waiting for a reply from that same public IP. The microtik translated the request into a local IP, so it sent a reply with the wrong "from" address, and your client ignored it. You can work around this by setting up a masquerade rule, or by adding a static DNS entry that bypasses the need for a public IP.
In my case, the problem was that the rule was set up to only work for traffic coming in on WAN (not LAN). I changed it to route traffic from anywhere, as long as it is requesting my public IP.
chain: dstnat
dst address: <public ip>
protocol: 6 (tcp)
dst port: 80
in. interface list: all
action: dst-nat
to addresses: <server local ip>
to ports: <server port>
I want to access localhost of a computer but other computers in the same network also has the same public IP. Can we access its localhost host by knowing both(public and private) IP address of that computer. I want to connect to it directly(not through any software like ngrok or VPN).
Thanks in advance.
You can only access localhost on the computer itself. Localhost refers to 'this node' by definition.
When communicating on an internal network you usually use the private IP addresses, not the public one(s). Connecting to a computer with a private IP behind a public IP requires reverse NAT aka destination NAT aka port mapping.
Connecting out from and right back into the same network through NAT may require a special firewall setup aka hairpinning. It's usually easier and faster to use split-brain DNS and resolve the public name to the private IP address of the device.
I'm able to open the website being served on port 4568 on 127.0.0.1 (localhost) and my private ip address, but I can't seem to do so on my public ip address. I've tried to access the website by typing :4568 after my public ip like I did for my localhost and private ip.
Is it possible to open a site running locally on my computer through my public IP? If so, how? If not, why not?
NOTE: I'm not exactly clear what tags are appropriate. Feel free to add or remove any you deem inappropriate.
You are likly behind a NAT. What this means is that your public IP address and private IP address are not necessarily mapped to each other fully. To explicitly map your application to your public address, try the following:
Go to your modems management page
Look for a 'Port Forwarding' tab (might be under an advanced or
router menu)
There will probably be two or three field to enter:
The port on the public ip address to forward traffic from
The IP address to forward traffic to (your private IP)
(might be there) The port to send it to on the private IP
Assuming this works, all traffic going to your public IP address on that port will now go to your private IP address.
WARNING This is a simple rule and everyone on the internet can now access that port
Also make sure your web server is listening on 0.0.0.0 (all IP addresses) and your local firewall is allowing remote connections on the port in question.
Working in VMWare vCloud.
Webserver has internal ip 172.16.0.61, public ip 148.25.6.22 (invented numbers);
App Server has internal ip 172.16.0.52
From App Server I can ping and surf Webserver using its internal 172.16.0.61, but... how can I reach it (from App Server) using its public 148.25.6.22?
Just searching for something that let me say to the App Server
148.25.6.22 => 172.16.0.61
If I had a domain name I could resolv it in /etc/hosts, but at the moment I have just ip.
Thanks in advance
If I understand you correctly, your servers are behind a NAT, which masquerades their IP addresses (which is why your webserver has both an internal and an external IP address - the external one is actually the NAT's public address).
You can define a local route on your appserver, which will direct packets sent to 148.25.6.22 to 172.16.0.61, however that defeats the purpose, as that would cause the appserver to just send everything to the internal address.
What you should do is configure port forwarding on your NAT - this means that the NAT will listen on a port you specify, and all communication which reaches this port will be forwarded to the webserver's internal IP to another port you specify, for example: 148.25.6.22:8080 => 172.16.0.61:8080. Now, if your appserver connects to 148.25.6.22:8080, the packets will reach the webserver at port 8080.
I'm curious why a client(android or c# based program, etc) behind a private router(or gateway, anyway with a private ip such as 192.168.xx.xx) can get a response from a request to a http server.
I know that this works, but just want to know how.
Is the client which is getting back the response need port forwarding unless it's not using a public ip?
He doesn't need port forwarding.
This can work by using NAT or PAT (Network Address Translation or Port Address Translation) configured in the Router mostly configured by the ISP's in the edge router.
-EDIT (more explanation added):
The edge router has some public IP (mostly pool of IP's) configured to communicate in internet (public network).
When the request that comes from internal network with private IP it takes that and changes the source IP (private IP) to one of the public IP's that has configured, thus the request would look like is made by the router itself.
Mostly will attach also a port number and save it in a database table (local db in router) with the private IP of the device who originally made the request and will forward the request to the internet.
Then, when the response is received by public server in that router, it will map it by the port with the private IP that had saved it in local db earlier, so it will know to whom it belonged originally, and will forward that to the IP