Im building out an Azure hosted website, but it needs to reach into our home office to connect to some internally hosted web services. Our firewall is setup to only allow traffic over certain IP's, so we're looking to determine what IP range we need to allow access to.
Currently I'm still using the MSDN "Free" Azure subscription, so I don't know what options may be limited, but is there a way I can determine what source IP, subnet, whatever my Azure hosted site will attempt to call my web services from?
Thanks!
Be careful opening your firewall to the entire Azure datacenter IP ranges. Anybody can host anything in Azure, including malicious software, so if you open your firewall to the entire Azure IP range you may as well just open to 0.0.0.0-255.255.255.255 because in effect you are getting the same security.
A better option is to deploy your service and just whitelist that one IP address. That IP address is guaranteed to remain the same until you delete your service. With the ability to do in-place upgrades and VIP swaps there should be no reason why you would need to delete your hosted service and lose your IP address. If you ever do run into a scenario where you need to delete/redeploy you can always update your firewall at that time.
It sounds like this is what you're looking for:
Windows Azure Datacenter IP Ranges
Related
I'm developing an integration with an API which requires to whitelist customers based on IP addresses. I can easily get outbound IP from Production environments such as Azure or AWS and get those whitelisted.
How can I configure it for my desktop whose public IP keeps on changing after every few hours?
Getting a fixed IP address for your home computer is dependant on your internet provider. Sometimes they offer fixed IPs for 'Business' customers only or such.
Another solution might be to stand up an OpenVPN instance in your cloud then only whitelist that IP address and your expected partner prod addresses. Then you just connect to your VPN to access your API, you can do this from anywhere as your only dependant on the IP address of the cloud OpenVPN instance.
This solution also scales with your development as you only need to add new OpenVPN users to let other developers work with you and don't need their ever changing IP addresses.
I found an easy solution from NordVPN. It has an option to get a dedicated IP VPN :)
Pretext: There is a ABC company providing Virtual Private Server for $xx, which includes features like blah1, blah2, blah3 and 1 dedicated IP address.
I have my home FiOS internet connection.
I have serverA, serverB, serverC running at my home.
Let's assume ServerA is a web server.
Scenario 1:
To access this web serve from outside my LAN, I would type "myDynamicIPAddress", we are assuming it still has the same lease token, and get access to my website successfully.
Scenario 2:
I am at my school/work(I work at a corporate office). I would type "myDynamicIPAddress" to access my web server. Since my IP address is dynamic/residential, it is blocked(All residential IP are blocked by default, to reduce the chance of them getting infected and sending out spams).
My question:
Is there any way to connect my home network to the VPS that I purchased(the one with dedicated IP, remember?), so that I can use that dedicated IP address to connect to my web server from my school/work where residential IP address are blocked(this also means no Dyndns.com/no-ip.com).
I hope I explained my question correctly and I posted it in the right section.
Thank You in advance.
EDIT1: I found this one question, but I want to do the exact opposite of what the user in this question is asking for.
https://superuser.com/questions/498529/is-it-possible-to-use-a-static-ip-assigned-by-my-isp-for-an-offsite-web-server-o
The answer is the same as the other question, for the same reasons. The IP address is routed to the owning network prefix so it can't be used at a different location without changing the Internet routing tables to point the overall prefix to route to a different place. Since you don't own the network prefix, you can't do that.
I have a web service that will provide data to another web application. My problem is deriving from security concern. I don't want the web service to work if the IP of machine that the service is working on is different from the ip I want. For example If somebody copies the web service to his pc, it should not work because the ip address have changed. Moroveri mac address can also be an alternative for me.
Copying a web service is not possible unless you have the source code or the binaries.
If the web service provides data to another web app, simply put a firewall rule that blocks connections from any other IP different from the one you want.
If you were to restrict access by IP address, you would need to change your security configuration every time the IP address changes. For instance, if a second network adapter is added to the server, or if the server is moved to a different network segment.
Also, how will you debug the web service on different machines? Or how would you have a QA environment, which will naturally have a different IP address than in the production environment?
I am running a website on localhost:portnumber on visual studio 2005, and want to allow another person to connect to it from another PC. Is this possible?
You can try following this article and see if it works
http://www.pluralsight-training.net/community/blogs/jimw/archive/2009/09/03/accessing-the-visual-studio-asp-net-development-server-from-iphone.aspx
Possible, yes.
You will need an ip address that is accessible from that other machine.
Your firewall will need to allow the appropriate port to be open (typically 80).
If you want them to use a DNS name, that DNS name must be pointed to your IP. And, again, it must be externally accessible.
Now, if the client is NOT on your local network, then the IP will have to be a public one that is routed to your machine. Depending on where you are (corporate, etc) there may be other firewalls in place to prevent this. In this case contact your local network admin.
Yes its possible for only for testing purposes first you need to install IIS and get dynamic DNS to allow user to connect to your computer (Using your Dynamic IP) Check No-IP , dyndns point this dynamic host to your IIS website, Bindings settings
Yes, it is possible. You need to do two things:
1) Open that "portnumber" for incoming connections through your windows firewall (and any other firewall you may be running).
2) Set up your router to allow incoming connections on that "portnumber" and route those connections to your local computer's IP Address.
That should do it. Be aware that doing this opens up your computer to be hacked if you are not careful.
I published a web application to one of app servers. Now, if I am connected within my company network (no login require), I can access the web site no problem. Now, if I am connected from outside of the network over VPN, I can't access the website (Getting page not found appears). Do I need to configure IIS on the app server for allowing the connection over VPN?
Thanks for your time.
It sounds like you do not have your firewall/router configured correctly to allow traffic from external sources. When your connected via VPN it is like you are connected to the internal network. Without the VPN you need to make sure it is routed correctly and visible through your firewall. Can you ping the IP that you are trying to get to?
Do you get DNS resolution when you connect over the VPN? If you are trying to hit an internal machine name address, you might try changing to the IP address of the machine.