Reach internal machine using its public IP from internal network - networking

Working in VMWare vCloud.
Webserver has internal ip 172.16.0.61, public ip 148.25.6.22 (invented numbers);
App Server has internal ip 172.16.0.52
From App Server I can ping and surf Webserver using its internal 172.16.0.61, but... how can I reach it (from App Server) using its public 148.25.6.22?
Just searching for something that let me say to the App Server
148.25.6.22 => 172.16.0.61
If I had a domain name I could resolv it in /etc/hosts, but at the moment I have just ip.
Thanks in advance

If I understand you correctly, your servers are behind a NAT, which masquerades their IP addresses (which is why your webserver has both an internal and an external IP address - the external one is actually the NAT's public address).
You can define a local route on your appserver, which will direct packets sent to 148.25.6.22 to 172.16.0.61, however that defeats the purpose, as that would cause the appserver to just send everything to the internal address.
What you should do is configure port forwarding on your NAT - this means that the NAT will listen on a port you specify, and all communication which reaches this port will be forwarded to the webserver's internal IP to another port you specify, for example: 148.25.6.22:8080 => 172.16.0.61:8080. Now, if your appserver connects to 148.25.6.22:8080, the packets will reach the webserver at port 8080.

Related

Nat / Redirect / Forward ports Mikrotik

I sorry to botther with this...
I have a public IP 181.188.xxx.yyy and I have a Local IP range which is 192.168.10.0/24 on that range I have a Server which is 192.168.10.3 which runs different services on diffente ports, lets say Expressjs on 3000, Mongogb on 27017.
I have a Nat thar redirects from outside to public IP depending on the required port to the required service.
What I need to do, now is the inverse thing, detect when a local host is tryng to get an IP 181.188.xxx.yyy from internal network Mikrotik should forward to an Internal IP host.
Can Anyone lend me a hand with it please??
That you describe sounds like a hair pin nat because in the network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its public IP address to the web server behind it.
Please see here for more info.

Port forwarding with private IP

I use a static IP connection, Configured to TPLINK router.
I have a local server running which i can access from my network, but i want it to be accessed outside network.
So I did port forwarding. and its Successfully running.
Now the problem is :: The IP address of my WAN is also a private address like 10.10.X.X, so when am entering http://10.10.X.X, i can access my site, but not outside my network. Please guide me how to fix this?
If your WAN address is a private address, your ISP is using CGN. This is becoming more common since the RIRs have, or soon will, run out of public IP addresses to assign to ISPs. It sounds like your ISP has run out of public addresses and needs to use private addresses for its residential customers, reserving its remaining public addresses for its business customers which are willing to pay for public addresses.
Basically, your ISP is using NAT, too. You would need to have the ISP forward your port on its NAT router, but the odds of that are zero since it probably has a policy you agreed to to not host servers on your residential LAN (buried in the fine print of the ISP agreement). This situation will play out more and more over time.
You have to use the "Virtual Server" settings. Port triggering is used for.
Once the modem router is configured, the operation is as follows: 1. A local host makes an outgoing connection to an external host using a destination port number defined in the Trigger Port field. 2. The modem router records this connection, opens the incoming port or ports associated with this entry in the Port Triggering table, and associates them with the local host. 3. When necessary, the external host will be able to connect to the local host using one of the ports defined in the Incoming Ports field.
It is not used for incoming connections which are triggered from outside!
Of course, to have it working you have to have an application listening on that port not only having the firewall on Windows allowing the port.
After you set up the "Virtual Server" a port scanner should show you the port is open (even without having a running application listening) - it will try to port forward it. I use ShieldsUp for testing.

Cannot access machine via DNS in the private network

I have a machine in my private network with IP 192.168.1.10
I have a DNS name, "toto.mydns.com", a DNS client is running on the machine.
I configured the router for Port forwarding.
I can access the machine when i am outside my home, when using a pulic IP address it works but when i am at home and i get a dynamic IP address trough DHCP from my router, i cannot use toto.mydns.com anymore, i must use 192.168.1.10 to access.
I would like to know if i need to configure something on the router for that ?
Thank you !
toto.mydns.com will resolve to your external public IP
There will almost certainly be nothing routing that IP through to your router, and thus through NAT to your internal address.
The easiest way to resolve this (Pun very much intended) is to have a hosts file entry on your computers running inside your network so that they resolve the same DNS address to the internal address.
A much harder, but more fun, way would be to set up your own DNS server inside your network, have the DHCP dish it out as the primary DNS server for your network and put in an entry for your internal address :D
Have fun...
Toto.mydns.com is accessible from outside,this DNS is assigned on a machine with a static IP address(sorry not dynamic),so the IP of this machine is 192.168.1.10.
Whrn i am at home in my private network i need to enter 192.168.1.10 and toto.mydns.com does not work.Any help???

Connect to a server on a private network

I am learning how to create an ubuntu server to use to host a database and run a script as a thread to do some things for my graduation project...
I installed ubuntu server with lamp environment and managed to connect it to an ethernet local network that connects to the internet .. my design looks like this
except the router is also connected to a dsl modem and to the internet...
I can easily connect to the server from the local network but how can I connect to it from outside this private network ?
I know the router public ip address and the server private ip address
You need port forwarding. mean, in your router settings you define that incoming requests to specific port/protocol will redirects to specific ip (of the ubuntu).
See https://en.wikipedia.org/wiki/Port_forwarding
You will need to set up port forwarding on the router such that the router's external port 80 is forwarded to the server's private port 80.
What router is it? Its guide should detail how to set up port forwarding

ASP.NET Request.ServerVariables["REMOTE_ADDR"] <<< gives the "physical" connection IP?

Ignoring other possiblities such as Request.ServerVariables["HTTP_X_FORWARDED_FOR"], does Request.ServerVariables["REMOTE_ADDR"] gives me the "principal" IP of the client?
I'm talking about the IP that made the actual TCP connection.
Will ServerVariables["REMOTE_ADDR"] always be the "real" IP address of the remote endpoint?
Just to clarify: Even if it's a proxy who made the real TCP connection I'd like have its IP, and not a forwarded one.
Yes, except if its been through a NAT firewall. A NAT firewalled address would be masquerading many 192.168.x.x or any other private subnet behind a public IP address. So you'd be looking at the IP address of the NAT firewall (i.e. a Linksys Router or what have you).
Be warned that many cell phone carriers have HUGE NAT networks so they always look like they are coming from one or two public IP addresses.
The REMOTE_ADDR variable will be the IP of the system that directly connected to your web server to request the URL; so it would be the forward-most proxy server, if there is a proxy server.

Resources