I'm not a big expert in setting up networks, please help.
What I have?
I have a server running a server on port 80, on the local network I
can reach it at https://192.168.1.100:80
I have an external fixed IP for access from outside, let it be 88.77.66.55.
I have a router on which I have configured port forwarding from 192.168.1.100:80 to 8080.
As a result, I can reach my service using external IP https://88.77.66.55:8080, but when when I try to access directly from this server i get network error, host not reachable.
From other devices this server is available from internal (192.168.1.100:80) and external (88.77.66.55:8080) address fine. From this server, it is accessible to itself only via the local network (192.168.1.100:80). Why and how to setup it?
Router settings:
Chrome error:
Here is what i have:
GCP instance without external IP (on VPC, and NAT), and it accepts HTTP HTTPS requests
firewall allows ingress TCP for 0.0.0.0 and also for IAP's IP 35.235.240.0/20 on all ports for all instances
I ssh to the instance via IAP and run the application in the terminal on port 5000 and 0.0.0.0 host and leave the terminal hanging, but when I connect in parallel through cloud shell and ssh to this instance through IAP, and then click on web preview on port 5000, I get "Couldn't connect to a server on port 5000".
I have said that it could be a firewall rule blocking IAP, so that's why I gave access to all ports for IAP (for testing)
P.S: the process has been done on a VM with external IP and it got validated ( but without the need to connect to cloud shell to do web preview, I checked the UI with IP:port in the browser )
What did I miss?
You may be following the guide on Building Internet Connectivity for private VMs and this part on Configuring IAP tunnels for interacting with instances and the use of TCP Forwarding in IAP. By Tunneling other TCP connections:
"The local port tunnels data traffic from the local machine to the remote machine in an HTTPS stream. IAP then receives the data, applies access controls, and forwards the unwrapped data to the remote port."
You can create an encrypted tunnel to a port of the VM instance by:
gcloud compute start-iap-tunnel INSTANCE_NAME INSTANCE_PORT \
--local-host-port=localhost:LOCAL_PORT \
--zone=ZONE
I guess you want to use INSTACE_PORT and LOCAL_PORT the same, 5000.
Be aware of it's known limitations.
I have setup tomcat7 on my new windows server 2012 r2 (default connector port 8080). I am able to run tomcat and access the dashboard by loading http://localhost:8080 in the server's browser.
However, I am losing hair trying to load this page over the web at http://xx.xx.xxx.xx:8080. The connection simply times out.
When I load http://xx.xx.xx.xx:80 which I read is open by default, it loads the default windows server page full of welcome text.
After some reading, I created inbound and outbound rules for opening TCP port 8080, firewall protection is turned off, I still see no change in results even after restarting tomcat server everytime.
When I run netstat -an on the server, this line is present:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
which I presume should mean that the machine is listening to inbound connections on port 8080 from all network interfaces.
Why on earth can't I access my tomcat dashboard over the web?
You need to add the inbound rule for TCP 8080 in Windows Firewall, and configure the rule to allow NAT Traversal.
I have got chef-server installed on a centos machine.
Everything is working as expected except that I cannot access the chef-server web interface from another machine on my local network.
I can access the web interface from the centos machine itself:
telnet mychefserver.local 4000
Connected
If I do the same from my machine I have got:
telnet: Unable to connect to remote host: No route to host
I can successfully ping mychefserver.local from my machine
Any idea how to configure nginx with chef-server to access the chef-server from the network?
Since Chef Server 10, the web interface uses normal HTTPS (TCP 443), it only listens on the high ports locally, and nginx proxies as needed to the different backend services. I would try with a normal web browser as telnet isn't exactly great at error messages. Normally I would expect that to mean telnet is getting TCP transmission errors, but maybe it is just confused? If it is really a TCP transmit error then more likely the internal DNS is having issues. .local often means mDNS which has uneven support in some places, I would try an actual IP address to be sure.
My issue was iptables.
I stopped iptables and I can access the chef-server from my local network again.
I'm trying to use NETSH PORTPROXY command to forward packets sent to my XP PC (IP 192.168.0.10) on port 8001 to port 80 (I've a XAMPP Apache server listening to port 80).
I issued the following:
netsh interface portproxy add v4tov4 listenport=8001 listenaddress=192.168.0.10 connectport=80 connectaddress=192.168.0.10
Show all confirms that everything is configured correctly:
netsh interface portproxy show all
Listen on IPv4: Connect to IPv4:
Address Port Address Port
--------------- ---------- --------------- ----------
192.168.0.10 8001 192.168.0.10 80
However, I'm not able to access apache website from http://localhost:8001. I'm able to access through the direct port at http://localhost as shown below.
Additionally, I've also tried the following:
1. Access the Apache website from a remote PC using the link: http://192.168.0.10:8001. Firewall turned off.
2. Changing listenaddress and connectaddress to 127.0.0.1.
Without further information, I can't find a way to resolve the problem. Is there a way to debug NETSH PORTPROXY?
Note: By the way, if you're wondering why I am doing this, I actually want to map remote MySQL client connections from a custom port to the default MySQL Server port 3306.
I managed to get it to work by issuing:
netsh interface ipv6 install
Also, for my purpose, it is not required to set listenaddress and better to set connectaddress=127.0.0.1, e.g.
netsh interface portproxy add v4tov4 listenport=8001 connectport=80 connectaddress=127.0.0.1
If netsh's port proxying is not working as expected, then you should verify the followings, preferably in that order:
Make sure the port proxy is properly configured
Start or restart the related Windows service
Ensure support for IPv6 is installed
Make sure the port is not blocked by a firewall
Make sure the port proxy is properly configured
This might seems to be trivial, but just in case, take the time to review your configuration before you go any further.
From either a command prompt or PowerShell prompt, run the following command:
netsh interface portproxy show all
The result should look something like this:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
24.12.12.24 3306 192.168.0.100 3306
24.12.12.24 8080 192.168.0.100 80
Carefully review those settings. Make sure that you can indeed connect to the addresses on the right side of that list, from the local computer. For example, can you locally open a web browser and reach 192.168.0.100:80? If the protocol is not HTTP, then use telnet: telnet 192.168.0.100 3306 (see here for how to install the Telnet client on Windows).
Then, are the values on the left side correct? Is the IP address valid for your machine? Is that the port number you are trying to connect to, from the external machine?
Start or restart the related Windows service
On latest versions of Windows, netsh's port proxying is handled by a Windows service named "IP Helper" or "iphlpsvc". Proxying will obviously not work if that service is stopped. I have also faced situations that turned out to be resolved by restarting that service.
To do that in latest versions of Windows:
Open the Task manager, then go to the Services tab.
In the "Name" column, find the service named either "iphlpsvc" or "IP Helper".
Right click on that service, then select Restart. If restart is not available, then the service is probably stopped, and actually has to be started, so select Start.
On previous versions of Windows, look for Services in Administrative Tools, inside the Control Panel.
Ensure support for IPv6 is installed (older releases of Windows only)
On earlier versions of Windows (that is Windows XP, for sure, upto some early releases of Windows 10, apparently, though this is not clear), netsh's port proxying feature (including for IPv4-to-IPv4 proxys) was actually handled by a DLL (IPV6MON.DLL) that was only loaded if IPV6 protocol support was enabled. Therefore, on these versions, support for the IPv6 protocol is required in order to enable netsh's port proxying (see Microsoft's support article here).
From either a command prompt or PowerShell prompt, run the following command:
netsh interface ipv6 install
If you get an error indicating that command interface ipv6 install was not found, then it means that you are using a recent release of Windows, in which netsh's IPv6 support is implicit and cannot be disabled.
Make sure the port is not blocked by a firewall
A local firewall may potentially block the port even before they reach the IP Helper service. To make validate this hypothesis, temporarily disable any local firewall (including Windows' native firewall), then retest. If that works, then simply add a port exclusion to your firewall configuration.
I have the problem with you. I have solve it just now. There is a Windows Service named "IP Helper" that supplies the funcions tunnel connections. You should ensure it has been started.
You must Run Command.exe as Administrator first, by right-clicking the Command Prompt icon and choosing Run as Administrator. You will asked to confirm.
Paste your netsh Command in the command.exe window and press Enter.
If no error message is shown, the command worked.
In your web browser go to http://your-up:8001 to see it works.
The Windows Event Log might have information to help find the cause of a failure.