I have a simple PBX running on a computer in an office behind a router.
When PBX registers its SIP trunk, service provider is showing IP:
213.XXX.XXX.XXX
Same IP is shown when a noip2 client is pushing my IP to NO-IP service.
But, when I try to see my IP myself, using online services, like:
http://www.hashemian.com/whoami/
or
curl whoami.io
I get 149.XXX.XXX.XXX
I have no proxies enabled.
1) what could be the reason?
2) is there an online service that can show what my IP is not on port 80 (all those services are constantly showing the 149.XXX.XXX.XXX variant), so I could discuss the results with ISP?
Related
I have been looking for an answer to this problem, but I cannot find what I am looking for. I think, perhaps, it is because I lack the knowledge to ask the question in meaningful way.
I have been learning a lot about remote access to devices at home. I know that ISP's change public IP addresses regularly (dynamic IP address). I know that to get around this, one could use a service like "no-ip", etc. Or one could get a static IP address.
What I do not understand is how some of the latest home automation devices are able to be controlled remotely without use of a static IP, or a service like "no-ip". For example, a wifi enabled thermostat, or lighting system.
If the device had a built in server, or client, then I assume that the device could connect to an outside server in a remote location. The user could then also log into that server and send commands to the device. What I don't understand is how commands sent to the device from a cell phone, for example, can reach the home device. Presumably the off site location of the server would have to know the public IP address where the devise is located, and then port-forwarding would have to be set up to allow access to the device.
What am I missing here? Is it possible to create a homemade wifi enabled thermostat, webcam, or other device without using port-forwarding, no-ip, or a static IP?
Well, there are several ways to bypass the inbound connection constraint of NAT protocol. Such as:
A virtual adapter on the device configured to a VPN server that has an inbound port open ready to transfer data. Various open source solutions such as openVPN are considered as great examples for this service over IOT boards like Raspberry Pi, Beagle Bone, etc. These are used as gateways often. Further, they communicate with the microcontrollers over popular IOT protocols such as MQTT, COAP, etc.
Another solution is to create a port forwarding tunnel, since the router won't block the outbound connection. There are various tunneling services that are availble such as localtunnel, ngrok, etc. You could also use a cloud server that has a public IP such as AWS, DigitalOcean, etc. Again as above mentioned point, they can be implemented in the gateways.
Some devices "phone home" to a server so that there are ports open between them and the servers, and the mobile apps just contact the servers. This is the same way your web browser can receive web pages from a web server. If you have a NAT router, the router must open a port from the inside device to the outside server. This is maintained in a NAT table with expiration timers for UDP and session monitoring for TCP.
I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi
I need to know the ip addresses visiting my server (Windows Server 2003). Scenario - The clients are accessing a particular tool
You can use Wireshark to record all the details about incoming and outgoing connection (IP, ports, packages, etc)
You can use Wireshark or Microsoft Network Monitor (NetMon).
If your server is behind a NAT with Port Forwarding, you should use NAT logs to see who accessed your server.
In IIS, there is a way to log the client IP address, I found this: Log.
You cna also obtain the IP address in your server application, log it, and later analyze it with any log analysis tool.
I and unable to RDP Azure VM on my corporate network using "DNS:Port" (like vmname.cloudapp.net:3389). It works fine on my home network, which means, endpoints are set correctly.
However, it was possible to RDP VM using Public IP but not anymore. With public IP, I was able to RDP VM on my corporate network, but not sure this has restricted recently?
Any way of to access a VM using Public IP rather DNS:Port format?
Thanks
It is common for enterprise IT to block outbound ports because some argue this provides better security. I don't think this necessarily makes sense, but here's what you can do to verify. As a best practice, always connect to Windows Azure VMs using DNS names rather than IP addresses because the addresses are subject to change, while DNS names will not.
1 Confirm the port you're trying to connect to. By default, Windows Azure assigns a port in the dynamic range (49152–65535) for Remote Desktop, which is mapped internally to the usual RDP port 3389. You can see which one this is by checking your VM endpoint public port in the Windows Azure portal (Select Virtual Machines > Your VM > Endpoints tab > RemoteDesktop entry). You need to connect using this port after the name (using the Connect button in the portal gives you an RDP shortcut file that does this for you). If my public port is 62472, I put this in the Remote Desktop Connection computer field:
percepten-VM1.cloudapp.net:62472
If you like, you can edit the public port here in the portal using the "Edit the endpoint" option on the RemoteDesktop entry. That way you can make it 3389 if your IT department asks you for a single port number to allow outbound.
2 Test your DNS resolution to your VM using nslookup or ping. If you get "non-existent domain", then your corporate DNS is blocking Windows Azure resolution. This is what you want to see:
>nslookup percepten-vm1.cloudapp.net
Non-authoritative answer:
Name: percepten-vm1.cloudapp.net
Address: 157.56.182.135
3 If you can resolve DNS, then try using an outbound port scan tool to verify port 3389 is allowed out. I found a nice one at portquiz.positon.org. To use, open the site with a port appended in the URL. In this case, open "http://portquiz.positon.org:3389". You should see this on the page:
Outgoing port tester
This server listens on all TCP ports, allowing you to test any
outbound TCP port. You have reached this page on port 3389.
...
4 If you receive "page not available", then the port is blocked. Try contacting IT to ask them to open port 3389 (or the entire dynamic range if you're feeling ambitious). If they want to open it only to specific places on the Internet, provide them this list of all Windows Azure IP address ranges:
Windows Azure Datacenter IP Address Ranges
Hope that helps!
Noah Stahl
Percepten
I have a simple requirement of hosting a webserver on my computer. But unfortunately, the internet connection provided by my employer has only ports 21 & 80 open. Rest of all the ports are closed. I tried port forwarding for ports 80 and 21 but they are already in use by my employer itself. So, is there any other way of hosting a webserver on my computer?
P.S.: I am on linux with Apache.
Does the firewall run an HTTP proxy, or is it just a simple port forwarder? If it's a proxy, it may be able to forward to different internal IPs based on the Host: header, similar to the way virtual web hosts operate.
If not, you won't be able to use these ports. A NAT router can forward a port to only one IP. If hosting the webserver is a job requirement, as you say, you should be able to contact the network administrator and get another port opened for it. If they won't do it on your request, your manager should be able to confirm the requirement.