Nginx: one port to multiple IP fowarding - nginx

I am new to Nginx, and I am looking to have my router port forward a No Machine remote access (NX) request to a Nginx server which would then forward the request again to the correct Virtual Machine for viewing. I am trying to do this because my router only allows one port to one IP forwarding. I want one port to multiple IP forwarding. How would one go about doing this? The issue seems to be that No Machine only allows me to specify my router IP and no way of having Nginx know which machine to forward the request to that it is given from the router.

NginX is of no use here. It will work for HTTP and HTTPS , so Ignore it.
What you're actually thinking of is Port address translation. However PAT will work only when the connection is initiated from the secured side (your virtual machines in this case). So again, this is not helpful either.
The only other possible way is to have individual 1-to-1 NAT. Not sure about the type of router you have, but I had done something similar in the past using IPTables.
Besides, this question is more suited to ServerFault where you might get better responses than on StackOverflow.

Related

How to port forward shared ip?

My isp gave me a shared IP as usual. I asked them to give me a dedicated IP, but they said there are no dedicated ip packages. I read some articles about this, some people said it is possible to forward port on a shared IP. My ISP blocks every port possible.
I tried general port forwarding,, but it didn't work. Is it actually possible to port forward a shared ip?,, If it is, then how to do that? OR if every port is blocked, then how do the other applications work?

Redirecting minecraft port to another

We are transferring our Minecraft server to a different host and there's a pretty good chance, that it will be running on a different port.
I currently have two records on the server website:
mc.domain.sk CNAME {ServerIP}
_minecraft._tcp.mc.domain.sk SRV 5 25560 mc.domain.sk
So just changing the port in the SRV record should be fine. But here's the catch - many players have been connecting to our server using the port too. Basically using mc.domain.sk:25560 instead of just mc.domain.sk. Is there any way to forward this 25560 port to another port (f.e. 25561)?
First of all, CNAME must NOT point to an IP. It must point to another domain name, so unless you mis-wrote the question, your setup is incorrect.
Is there any way to forward this 25560 port to another port?
Is any downtime acceptable? If yes, then it's easy just spawn a proxy (nginx) at that domain and that port, and redirect all incoming traffic to another domain and another port.
If downtime is not acceptable, then you need somehow to migrate active connections between hosts. Even if you manage to do this at IP/TCP level, I don't know if your application will be able to handle this correctly. Cannot help on that.

What hostname did the client use to connect to my TCP server?

In http the client supplies the hostname it used to connect to the service with. Now, for bare TCP connections, is there something similar one can do? My scenario is I have a service that has multiple open TCP ports and that works fine, but for convenience I would like to use the same port and subdomains. Is there any layer I can add on top (like a load balancer), or change the service? I have control over most things, basically anything goes.
Example:
Today I can connect to two TCP services like so: foobar.com:1001 and foobar.com:1002. Is it possible to have e.g. service-1.foobar.com:1000 go to foobar.com:1001 and service-2.foobar.com:1000 go to foobar.com:1002.
Different services can bind to same port but on different IP. Hence different domains shall resolve to different IPs : Port combination [where Port is same for all services]. And you can use Proxy service as from HA Proxy to route connections to final destination.
If I understand your question correctly based on your example then no it is not possible. In this case, there is no difference between an HTTP and TCP connection.
In both cases, the hostname is simply resolved to an ip address. If you setup DNS resolution for foobar.com, service-1.foobar.com, service-2.foobar.com to point to the same ip address then they will all go to the same machine.
I have at times needed to have a service running on a different port internally than it is accessible externally. For that, if you are running on Linux, you can simply use iptables to do the port forwarding.
You can find other stack overflow questions/answers for setting up the port forwarding.
https://serverfault.com/questions/140622/how-can-i-port-forward-with-iptables

HttpListener working on local network, but not externally

I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi

find out/predict the port the router is/will be using for a given connection

I know that ipchicken.com will tell you your router's ip address and the port it is using for your connection. But can this information be obtained "locally"? (Without relying on a website).
What I want it for is establishing a connection between two random hosts...without a "dedicated server" in the middle. My problem is to reach through the NAT. I think the best bet is a kind of TCP hole punching, where both hosts connect somewhere and then just tell each other (it can be by phone or chat or similar) the current ip address and the port number their routers are using. It should trick the routers into forwarding the packets to the hosts, albeit coming from a different source than they originally connected to.
Is it possible to find the port number your router is using to patch you through in a more local manner than ipchicken.com?
Are there any ideas on other possible approaches to this problem?
EDIT: Setting port forwarding on the router is not an option in this case, as many people (including me) do not have admin powers over their routers and I do not want to impose such a task on the "users" of my application
The router would use a different source port for every outgoing connection, so checking based on an outgoing connection will not work for your use case.
For an incoming connection, i.e., if you want to reach a specific machine behind a NAT device (like a home router), you'll have to explicitly open up some ports on the router and set up forwarding rules. The router would then listen for incoming connections on that port and forward it to a machine:port based on the configured rule.
How you do this would depend on the specific router make/model. Search the web or logon to the admin interface and look around, it should be easy to find. However make sure you understand the security implications of opening up a port on your router!
UPDATE based on edited question:
Without port-forwarding and if both devices are behind NAT, your only solution is to have an intermediary server! If only one of them is behind NAT, you can have that machine initiate the connection.
You could use a Stun server as the external globally reachable server.

Resources