Port forwarding - networking

I have a simple requirement of hosting a webserver on my computer. But unfortunately, the internet connection provided by my employer has only ports 21 & 80 open. Rest of all the ports are closed. I tried port forwarding for ports 80 and 21 but they are already in use by my employer itself. So, is there any other way of hosting a webserver on my computer?
P.S.: I am on linux with Apache.

Does the firewall run an HTTP proxy, or is it just a simple port forwarder? If it's a proxy, it may be able to forward to different internal IPs based on the Host: header, similar to the way virtual web hosts operate.
If not, you won't be able to use these ports. A NAT router can forward a port to only one IP. If hosting the webserver is a job requirement, as you say, you should be able to contact the network administrator and get another port opened for it. If they won't do it on your request, your manager should be able to confirm the requirement.

Related

IIS - Website at port 8080 can be accessed using localhost but not with external IP address

I have 3 websites running on my server, all of them on different ports. One is on port 80 and it works fine, the other one is on port 88 and it also works fine. Today I deployed a third one on port 8080, opened the port in Firewall.
I can access it with http://localhost:8080/, with 127.0.0.1:8080 and with it's internal IP address. I can't access it using the external IP address for some reason. I tried accessing it locally using the external IP address and I tried from another computer.
It is worth noting that the website on port 8080 is almost identical to the one on port 80.
Initially I thought it was a firewall issue but I disabled the firewall and tried again and I get the same result (The website took too long to respond).
I am using Windows 10 on the server.
Any ideas as to why this is happening?
I figured out the answer. I am using an EC2 instance from Amazon Web Services for a server. I forgot to go into the console in AWS and open the port there too. I did that and now it's working as it should.
There could be couple of reasons.
Cloud Provider(AWS) Specific
Check your subnet's ACL rules. Both ingress and egress
Check the security group attached to the instance. It should allow ingress
on that port/protocol
Windows Server Firewall: All windows servers and desktops have firewall running which blocks any non-standard traffic. Make sure to add a custom rule to allow the traffic that you want to allow. I found this https://computingforgeeks.com/how-to-open-a-port-in-windows-server-firewall/ link helpful

Port-forwarding and website hosting: Two domains, same ip, different computer

So I have two domains:
http://firstexample.com
http://secondexample.com
on my router I currently have portforwarding so that when someone goes to http://firstexample.com, they see the website that my computer with internal IP 192.168.0.15 is hosting
How can I set it up so that if someone goes to http://secondexample.com, they would see the website that my other computer, with internal ip 192.168.0.16 is hosting?
Both of my computers have the same public IP.
Is it a setting on my router I would change? Or would godaddy allow me to configure something?
No it is not possible to listen for two domains on the same IP/port configuration, using just Layer3/4 functionality alone. Most of the web servers do it based on the Host field in the request. If you are okay with using two ports on your router, that's possible eg. you can do something like following port forwarding
<router_ip>:80 -> 192.168.0.15:80
<router_ip>:8080 -> 192.168.0.16:80
But the problem with that is anyone trying to access http://secondexample.com should always access it as http://secondexample.com:8080 which is very inconvenient.
Here's another alternative you can do -
run a webserver on say 192.168.0.15 like nginx or something and create two backends one for each http://firstexample.com and http://secondexample.com . Refer nginx docs for how to do it. You'd not need three machines for that firstexample.com can run on 192.168.0.15 (except not on a standard port 80 but on a port 8080 say) and secondexample.com would run on another machine. And then add only following entry on your router port forwarding
<router_ip>:80 -> 192.168.0.15:80 # assuming ngninx is listening on port 80.
I am assuming both firstexample.com and secondexample.com do resolve to your router IP address.

HttpListener working on local network, but not externally

I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi

Ports :80 and :443 traffic

I am sorry if this question does not make sense but I am struggling to understand this topic. I have made an audio video style application that uses ports :80 and :443 but my senior developers worry is that it will not work because other applications also use ports :80 and :443 like skype and gmail.
My question is how do I get past this issue? Is it possible?
Again sorry if the question does not make sense
Thanks!
If you hosting your application, then it would not be problem. As you said other application like gmail etc uses the same port 80, i.e. means gmail server keeps listening on the port 80. When we access the gmail, any port is selected (1024 <) on client side. these ports are usually called as ephemeral ports
So when you access gmail, port say 41667 on your machine opened and connected to port 80 of gmail. port 80 inturn pass to other available port and keeps listening so many user at the same time can access gmail.
The convention for ports 80 and 443 is for http and https protocols.
Gmail listens on those ports, but it is sitting on a remote host, the local ports are random.
Skype do make use of those ports as an alternate configuration.
If you are coding both sides, you should consider other ports (>1024).
If you are relaying on users connecting to your server with regular http or https stay with 80 and 443, otherwise they will have to know the port and specify it in the http call (http://<YOUR_HOST | IP>:<PORT#>).

port forward http port (80) on virgin super hub

I am currently working on a project to make my apache server live, which is new me so this is the first time I am doing anything like this. basically I have gone in to the router and requested port forwarding on port 80 for my local IP address, but to no effect. when I test it with a web tool which tells you if a port is open or not it says it's closed. More confusingly when I run a netstsat -a command it shows http as listening. I'm not sure if its a firewall issue or I'm going about it all wrong. any Ideas would be much appreciated. Thanks
You need to be testing from outside your local network. If you run netstat on your server, of course it is going to say "listening". Is your web testing tool being run from outside your firewall? You should also be able to turn off wifi on your phone and test hitting your broadband IP address:80. Are you forwarding from port 80 on your router to port 80 on your server? Is it possible that your provider is blocking port 80 for residential accounts?
First google for an online port scanner and ask it to scan port 80.
Second if you're using Ubuntu ufw (firewall) is probably running default deny rules so do this: sudo ufw allow 80
To check it's working just plug your WAN IP into your browser URL bar, it should connect to your test page in /var/www/html/index.html

Resources