I am trying to connect several computers located in a remote site to our company network. we have been given internet access but not a public ip address. we can use addresses in the range 192.168.10.0/24
I would like to create a site to site vpn using a product like pfsense. our company firewall is checkpoint firewall 1.
Can anybody give some assistance with this?
VPN device need to have public IPv4 address to have Azure S2S
Related
I have a TCP Server for a my personal chat, I want to expand my connection beyond my local network and I want to open my port: 28752 to my IP public of pc to enter wherever I want only when my computer is on.
I have seen different solutions for example DMZ to associate my local IP to public IP, but i want to do this without modifying to router's setting I wanted to do it from a program. Is it possible?
It is possible to open up ports. But it depends on the OS in which you are trying to accomplish it. You can use the linux iptables to manipulate the ports opened and closed to any linux machine. IptablesSome examples . The ports should also be opened on the firewall layer outside the VM. eg: It could be AWS access policy, Security group, MAC's security firewall. Your laptop, when connected to the internet, will have a public IP address, you can share that public IP. But these IP address will change when you get connected to a different router. You can use AWS cli commands to assign a static IP address for your machine and expose it publicly. At the least minimum, you would need a public DNS server to expose your IP publicly. Easy way to achieve this is by putting in web server on cloud. Without a domain , you cant expose your IP. Once you have finalized on the domain (eg: AWS Route 53, Ingree IP from K8 etc), you can change/manipulate them from your program. It need not be language specific.
I am running a ddns client on Ubuntu for Nextcloud server, however my ISP has done something to the router so internet IP showing in the router is different from my public IP which causes an issue when ddclient updates the IP of my domain.
I have tried to contact my ISP but they want me to pay a huge amount for a fixed IP.
Is there any solution for this?
My router model is HG8245Q2.
*PS: The IP shown in the image is just an example.
Note: I tried this on a another router model HG8245Q, and it gives me the same IP on both router and google. so no issue on the old router model.
The IP address you see in your router is just another internal IP address from private range 10.x.x.x
This means your router is not connected directly to the internet but to another subnet of your ISP. And only this subnet is connected to the internet over another router (with NAT) and this router has a public IP address.
This is standard behavior with most of ISP because they have limited count of public IP addresses. If you need public IP, you have to pay for it, change ISP who gives you one for free or try some edge case solution like rent VPS server and make VPN tunnel to your home router (this requires advanced networking skills)
Maybe DDNS comes in handy for you. You can opt for free DDNS services like DynDDNS or NoIP.
Steps [I personally prefer noip.com ]:
Create a Free Account
Choose a hostname(We can say a domain name pointing towards ur system IP)
Download their desktop client(To sync your Dynamic IP with the hostname you selected)
Boom it's done! Use that hostname instead of IP wherever needed, traffic will be redirected to your system. Just take care of port forwarding and firewall settings.
hello I created a website with IIS. I open ports and everything. I can access this website from another network with ip and port
like http://81.215.xx.xx:81 . but with any computer with same network (LAN) I cant access http://81.215.xx.xx:81 like this. I can only access when I write the static ip of that machine. like http://192.168.1.3:81/
I want to access with external ip in lan how can I do that?
Your LAN most likely has another equipment, a router for example which has an interface with the other IP address, http://81.215.xx.xx:81. Your router forwards requests to your server based on its routing table. This routing does not exist when you are in the private network. That is why you can only access the server with its private IP address which is in the same range as your computer when you are in that network.
I and unable to RDP Azure VM on my corporate network using "DNS:Port" (like vmname.cloudapp.net:3389). It works fine on my home network, which means, endpoints are set correctly.
However, it was possible to RDP VM using Public IP but not anymore. With public IP, I was able to RDP VM on my corporate network, but not sure this has restricted recently?
Any way of to access a VM using Public IP rather DNS:Port format?
Thanks
It is common for enterprise IT to block outbound ports because some argue this provides better security. I don't think this necessarily makes sense, but here's what you can do to verify. As a best practice, always connect to Windows Azure VMs using DNS names rather than IP addresses because the addresses are subject to change, while DNS names will not.
1 Confirm the port you're trying to connect to. By default, Windows Azure assigns a port in the dynamic range (49152–65535) for Remote Desktop, which is mapped internally to the usual RDP port 3389. You can see which one this is by checking your VM endpoint public port in the Windows Azure portal (Select Virtual Machines > Your VM > Endpoints tab > RemoteDesktop entry). You need to connect using this port after the name (using the Connect button in the portal gives you an RDP shortcut file that does this for you). If my public port is 62472, I put this in the Remote Desktop Connection computer field:
percepten-VM1.cloudapp.net:62472
If you like, you can edit the public port here in the portal using the "Edit the endpoint" option on the RemoteDesktop entry. That way you can make it 3389 if your IT department asks you for a single port number to allow outbound.
2 Test your DNS resolution to your VM using nslookup or ping. If you get "non-existent domain", then your corporate DNS is blocking Windows Azure resolution. This is what you want to see:
>nslookup percepten-vm1.cloudapp.net
Non-authoritative answer:
Name: percepten-vm1.cloudapp.net
Address: 157.56.182.135
3 If you can resolve DNS, then try using an outbound port scan tool to verify port 3389 is allowed out. I found a nice one at portquiz.positon.org. To use, open the site with a port appended in the URL. In this case, open "http://portquiz.positon.org:3389". You should see this on the page:
Outgoing port tester
This server listens on all TCP ports, allowing you to test any
outbound TCP port. You have reached this page on port 3389.
...
4 If you receive "page not available", then the port is blocked. Try contacting IT to ask them to open port 3389 (or the entire dynamic range if you're feeling ambitious). If they want to open it only to specific places on the Internet, provide them this list of all Windows Azure IP address ranges:
Windows Azure Datacenter IP Address Ranges
Hope that helps!
Noah Stahl
Percepten
I can't access my host machine from my guest machine using the computer name (i.e. WINS). I can access it using whatever IP address it happens to have at the time, but I need a consistent way of accessing it (even if I'm not online).
I have a Windows Server 2003 guest virtual machine and a Vista host. I'm using Shared Networking (NAT). I'm running Microsoft Virtual PC 2007 SP1. I've set my DNS server to 192.168.131.254 and everything else is DHCP. Any help is appreciated.
Make a domain name in the windows hosts file on the Vista Host system:
C:\WINDOWS\system32\drivers\etc\hosts
172.16.16.4 localserver
Here is the blog that explains it:
http://blog.flexuous.com/2007/02/04/virtual-pc-ip-routing-enabling-vpc-nat-loopback-connector-at-the-same-time/
You didn't mention the network setup. If you happen to control the router, such as a home network, you've got a couple of options.
Dynamic DNS updates. When a host gets it's IP address via DHCP, it can automatically update it's DNS records with it's hostname. This is similar to services such as dyndns, but also works on your local network without net access.
Static DHCP Assignments - Assign an IP address to MAC Address relationship on the router, so that every time a DHCP request is sent out from that MAC, it will always get the same IP address. Then you can add this address to your hosts file for access via name.
Another option would be to setup a static loopback device on both the host and the guest and place them in their own private network. That way, the IP address will never change. Then, you can add the corresponding IP addresses into the host files of each respective machine to reference by name.