The premise is this;
We have a piece of hardware, bought by a consumer with no technical skill. This hardware runs a web server, hosting a simple web site. This web site needs to be reachable even if it's sitting behind a home router firewall. How could this be solved? The connection doesn't strictly have to go over port 80 to the web server, some forwarding could be in the equation too, if needed.
How would you solve this?
There are a number of things that normally need to happen for a web server to be accessible from the internet:
Network firewall - allow traffic on port 80 or 443 to the server
Server firewall - Proper pin holes or turn it off.
Web server - Bind all IP/hostnames properly
You can control the server firewall and the web server, what you need to get around is the network firewall. One way I have seen this done is by creating a site to site VPN between the web server and your location. You then point your firewall to redirect the traffic over the VPN and the web server that is now accessible from the internet, but all traffic does go through you.
With out adding entries to your clients firewalls or giving the web server a public IP this is not possible.
Related
I created an asp.net core web app that works locally.
not configured for https if that matters.
I did the port forwarding for the app through my router in two ways
dmz way
firewall rules way
I set the firewall on the computer and router for port numbers 4999-5002
here are the settings for the firewall on the computer
inbound rule
outbound rule
Here is the console window that comes up when running the website
console window
So when I try to access the app using my IP that I get from IP chicken.com the browser will say too long to respond.
What am I missing?
My Isp is att and I do believe they allow hosting of a web server with my plan
There have been many articles on various forums on how to setup mcrosoft active directory domain services. I am a bit new to the field, so please bear with my ignorance. I have a very basic query whose answer i am not able to find. I have an office of 20 people where i would like to deploy AD Domain services to have a better control. i want to know how should i set my network PHYSICALLY. I have a router supplied by my internet provider. Where exactly should i put my server? Can i plug my server anyhere in the network and connect the users through domain, or the main internet wire should plug into the server first and the users in turn be connected to the server. enter image description here I hope i am clear. Should internet ‘flow’ from the server which has AD to users, or i can put the serverver anywhere in the topology.
In a small size network like yours, 1 server should be enough. It should be somewhere behind the router. Plugging it into the switch is fine as it will have a internal address.
You will need DNS on your server which will install when you promote to a DC. All of your computers need to look at your server for DNS. Your Server's DNS should have a forwarder to your ISP DNS or to a public DNS. It doesn't matter if you server or your router does DHCP so long as it gives out the server Internal IP for DNS.
What would I do:
I would plug your ISP into the Router, Your Router into your Switch, and all computers + server into the Switch.
You can place your server anywhere in the topology. It is not necessary for all user traffic to the internet to be routed through the server.
With small-scale deployments (less than 25 Users) I typically just put the server on the same switch and subnet as the users.
Im trying to find a way to host a web server (flask app on raspberry pi) at home. The problem is that my apartment complex provides internet to me and so my public IP is that of the apartment router.
When I go to the public IP, instead of seeing my webpage, I see the login to my apartment's router. This is obviously because that router isn't set up to forward port 80 to my personal router.
I dont really feel comfortable asking the property manager to open forward all incoming port 80 traffic to me, nor do I think they would do it.
So what are my options here? How can I route the traffic from my webpage to just my router?
Thanks!
Let's be clear: if you are behind a router, it needs to be configured to redirect port to your computer. That is the purpose of a router. And the first benefit is that it protects you against outside attacks.
So you have 2 options:
1. ask who ever manage the router to configure redirection (maybe you could ask for another port than 80?)
2. deploy your web-server on the cloud
Otherwise, maybe you could get another internet connection (wireless?)
So I'm trying to setup my home server that is accessible from the Internet. I have created my Web site in ASP and configured my IIS. It works great on my local machine AND other computers on the local network can access it. I want to make it online, so that it can be accessed from elsewhere. I created an account on DynDns, and configured it to redirect the requests to my Internet IP. Then, I configured my router to forward all the incoming requests on port 80 to my local IP address, on which my Web site runs. However, when I go to my DynDns address, it redirects me to my router's home page instead. I have disabled my firewall (I know, not a good idea, it's just for testing purposes) but still no success. Does anyone have any idea what could be going wrong? I have a SMCWBR14S-N4 if that helps.
I've heard of some routers that have reserved port 80 for there configuration pages. I think the general work around there is to run your webserver on a non-standard port like 8080, but I don't have a whole lot of experience with this, so it could be something else entirely. :)
Update: For any future readers, always remember to test your external address and port forwarding on a computer outside of the network the server is on.
I use to develop my project on my localhost, on apache in ubuntu machine.
Sometimes i need to show progress to my costumer.
Is it possible to access to localhost from remote machine?
You can use a service that provides a tunnel to your local service, such as localtunnel, pagekite or ngrok. These services simplify setting up remote demos, mobile testing and some provide request inspection as well.
I find ngrok useful because it provides a https address, which is needed to test things like webcam access.
Terms used in this answer:
Host = machine with site on it
Client = machine you are trying to access the host from
If the host and client are on the same network, you can access the host from the client by entering
http://(hostname or ip address)
in your client's browser. If the site is not running on port 80 (for http) or port 443 (for https), add the post as so (this example is for if your server is on 8080, a common alternate port):
http://(hostname or ip address):8080
If the host and client are not on the same network, and you need to reach across the internet from the client to see the host, you will need to make your host available on the internet for the client to access.
This can be extremely dangerous for your information security if you're not sure what you're doing and I'd recommend getting a cheap-o hosting account (can get them for like $10/month at places like 1:1 hosting).
There are many methods to do this - the difference is security, easiness of the configuration and cost of the solution.
Following I am typing some methods with some analyses
Port Forwarding (with Dynamic DNS and SSL encryption)
This requires router configuration (to forward your routers public port to loclhoat port), however this requires you to have fixed ip address. In case your ip address is not fixed (in most cases) you need to use Dynamic DNS services to be able to use domain name instead ip address (there are lot of available free services). Here we still have security question open. To solve security question i.e. setup ssl certificate we can use Let’s Encrypt service ( https://letsencrypt.org/ ) to get free certificate, however we should configure local server to use the certificate or we should setup reverse proxy (in most cases nginx or apache) and configure proxy to use certificate.
Conclusion – Hard to setup if we want to have secure connection (can be done for free)
VPN
For this scenario we should use VPN services. We should connect our local machine to VPN then in other side we should connect our client's machine to VPN that will allow us to access to localhost by local IP address. We can set up our own VPN server however this requires knowledge to do it right.
Conclusion – Easy, Paid, Secure, Bad User Experience (connecting to VPN every time you need to connect to localhost)
Tunneling
For this scenario we can use free tunneling services (i.e. https://tunnelin.com/). The process is very straight forward i.e. Register a User, Connect your device to service (by running one line command on device), use Web interface to open/close secure tunnels to the device.
Conclusion – Free, Secure, Easy
Yes, if you have a public and static IP. Usually, ISPs offer static ips during a session (i.e. until you disconnect and connect again)