I'm using an ion-sfu (and signaling) on a AWS instance running on its private network 10.0.0.160
This instance also have an elastic IP address 207.61.171.104
We access that SFU with a VPN that have access to the private network and also through a carrier gateway the elastic IP address.
To make it work on the elastic IP network, we add its IP in the setting:
nat1to1=["207.61.171.104"]
but when we do this the other network 10.0.0.x are no more able to establish a peer connection.
and when adding both to the list like this:
nat1to1 = ["10.0.0.160","207.61.171.104"]
then both are not working.
I'm wondering if it's possible to have both network peers to be able to connect to the sfu
This setting is exposing SetNAT1To1IPs from pion/webrtc.
SetNAT1To1IPs comes with two modes. ICECandidateTypeHost which replaces all your private IPs with one of your choosing (what it is doing right now) or ICECandidateTypeSrflx which just appends an IP of your choosing.
I think we should add a nat1to1_mode to ion-sfu. Where you can choose ICECandidateTypeHost or ICECandidateTypeSrflx. If you are interested would love to help you make that PR! You can try changing the code easily today here
If you have more questions happy to chat here or on Pion Slack
I have a hosted web application, I would like to prevent signup from proxy/VPN/VPS ip address. How do i check whether the users ip address is proxy/vpn/vps syste.
For example clixsense.com site, users can't create account, it shows cannot access from proxy/vpn/vps ip address.
Thanks in advance.
Clixsense.com may pay someone who knows that certain sites are proxy/vpn/vps sites and are then able to block those sites. Short of that, there is nothing special about an IP address that would tell you that one is a proxy address vs. an actual endpoint address.
For example, network address translation (NAT) is a common form of "proxying". Your typical cable/DSL router makes it possible for more than one person to connect to the internet from your house. You're all sharing the same ISP IP address. The router stores a table of IP address to port numbers that it uses to establish outgoing communications. When a reply from the internet is received, the router performs a lookup and routes the traffic appropriately. From the viewpoint of the server on the internet, it came from that one single IP address that your router is "connected" to from your house, even though your computer has one IP address and your spouse's computer has a different IP address.
HTH.
This is a "Blocked Port 80" related question, but maybe something a bit unique. I've yet to find a good answer. It's more academic than anything as I know running a production server at your house is a ridiculous idea.
I'm running a development server (LAMP) at my home but my ISP blocks port 80. The DNS for my domain is set up to "URL Redirect" to my IP and port number. My router is port-forwarding to my server, and I have Apache set up so it's listening on port 8081.
The issue is that when you access the domain, the URL in the browser is resolved from my domain name to the IP and port number, and is displayed as such. For example, you type "www.banana.com" into the browser, the site is displayed but now the URL is shown as "12.23.456.11:8081".
Is there any way to fix this so that the domain name does not become IP and port number?
Can you use Apache proxy functionality somehow?
Could you use mod_rewrite to change the IP and port number back to the domain name?
Thanks in advance!
This question has three parts. First the issue of the domain: in order to substitute a domain name in place of an IP address you need some name server that can map your desired name to an address. This is at the host level and not the port level so a domain name will encompass all ports you might host from it. If you are using your home Internet connection (which I suspect you are since you talk about a blocked port) then you need to take into account that from time to time your public IP address can change. Your options are to pay for (or request) a static IP from your ISP or use a dynamic DNS service that can rapidly update their records as your IP address changes.
As for your port number. Mod_rewrite only handles the path part of a URL, for using different ports internally you want mod_proxy. The Apache web sever with mod_proxy would be configured to listen on the public port you want (that I assume is port 80) then mod_proxy would take incoming requests and send them to another web server on a different port (or even different server). To the outside user this happens invisibly. The problem is if your ISP wont let you host your site on port 80 then it logically won't let you proxy from port 80. To get around this would be a little harder. Personally I would look at a virtualized server from people like Rackspace or Linode. You would get (for relatively little money) a fully configurable server on the open Internet with no restrictions on port usage and a static IP. Even better if you mess something up you can just virtually delete your server and start over with a fresh OS image.
Finally the clean URLs your question title suggests. It's possible this wasn't part of your actual question but just in case, mod_rewrite is a smart module that can let you map clean URLs like /cars/Toyota/1997 and turn them into more ugly requests like /cars.php?make=Toyota&year=1997. Clean URLs not only look better they make it easier to reorganize web code behind the scenes as your web site evolves.
One last thing, and its amazing to me that this question has gone so long without even a comment about this but, this question is really not a good fit for StackOverflow. Possibly ServerFault.com. Good luck! :)
One of my real weak points in programming is networking, so I admit that I may be a little over my head with this project. Please feel free to tell me if what I'm trying to do doesn't make any sense
What I am trying to do, basically, is run a program on my laptop (Node.JS, probably) that handles requests from a website, does some functions, and serves data back to a client running on the website. (Research tells me this is called an RPC server)
When you listen for requests in Node.JS, you specify a port and optionally an IP Address- localhost, 127.0.0.1, is what all the tutorials I've read have used, but that's not sufficient for what I'm trying to do
I've read that I'll need to set up a static IP Address? But I think those are relative to my LAN, so they'll be like 192.168.0.X. So then what would I specify for the IP for the server and the client? (I don't think the port particularly matters). Do I need a DNS?
I hope this makes sense, sorry for so many questions, thank you for your help
You can run a server on your local machine, and you will specify your local IP address for the script, like 192.168.0.x. But for this server to ever receive a connection, your client must connect to your external IP address. It is the IP address that you get from your Internet provider when you connect to Internet. If your external IP is static, i.e. it does not change, then you can use it in your client script. If the external IP changes, you must setup a DNS record that would resolve the name of your computer. DynDNS can be used for that purpose.
If you have a router, it must be setup so that it forwards connections to your laptop where the server runs. And your firewall must be configured to allow connections.
Consider the following setup:
A windows PC with a LAN interface and a WiFi interface (the standard for any new laptop). Each of the interfaces might be connected or disconnected from a network. I need a way to determine which one of the adapters is the one connected to the internet - specifically, in case they are both connected to different networks, one with connection to the internet and one without.
My current solution involves using IPHelper's "GetBestInterface" function and supplying it with the IP address "0.0.0.0".
Do you have any other solutions you might suggest to this problem?
Following some of the answers, let me elaborate:
I need this because I have a product that has to choose which adapter to bind to. I have no way of controlling the setup of the network or the host where the product will run and so I need a solution that is as robust as possible, with as few assumptions as possible.
I need to do this in code, since this is part of a product.
#Chris Upchurch: This makes me dependent on google.com being up (usually not a problem) and on any personal firewall that might be installed to allow pinging.
#Till: Like Steve Moon said, relying on the adapter's address is kind of risky because you make a lot of assumptions on the internal network setup.
#Steve Moon: Looking at the routing table sounds like a good idea, but instead of applying the routing logic myself, I am trying to use "GetBestInterface" as described above. I believe what it should do is exactly what you outlined in your answer, but I am not really sure. The reason I'm reluctant to implement my own "routing logic" is that there's a better chance that I'll get it wrong than if I use a library/API written and tested by more "hard-core" network people.
Technically, there is no "connected to the Internet". The real question is, which interface is routeable to a desired address. Right now, you're querying for the "default route" - the one that applies if no specific route to destination exists. But, you're ignoring any specific routes.
Fortunately, for 99.9% of home users, that'll do the trick. They're not likely to have much of a routing table, and GetBestInterface will automatically prefer wired over wireless - so you should be good. Throw in an override option for the .1% of cases you screw up, and call it a day.
But, for corporate use, you should be using GetBestInterface for a specific destination - otherwise, you'll have issues if someone is on the same LAN as your destination (which means you should take the "internal" interface, not the "external") or has a specific route to your destination (my internal network could peer with your destination's network, for instance).
Then again, I'm not sure what you plan to do with this adapter "connected to the Internet", so it might not be a big deal.
Apparently, in Vista there are new interfaces that enable querying for internet connectivity and more. Take a look at the NLM Interfaces and specifically at INetworkConnection - you can specifically query if the network connection has internet connectivity using the GetConnectivity method.
See also: Network Awareness on Windows Vista
Unfortunately, this is only available on Vista, so for XP I'd have to keep my original heuristic.
I'd look at the routing table. Whichever NIC has an 0.0.0.0 route AND is enabled AND has the lowest metric, is the nic that's currently sending packets to the internet.
So in my case, the top one is the 'internet nic'.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.10 10.0.0.51 20
0.0.0.0 0.0.0.0 10.0.0.10 10.0.0.50 25
(much other stuff deleted)
Another alternative is to ping or GetBestInterface 4.2.2.2 - this is an old and venerable DNS server, currently held by GTEI; formerly by Sprint if I remember right.
Start > Run > cmd.exe (this works in XP and Vista): ipconfig /all
This displays all info about the interfaces in your computer. The "public" facing interface should have a public IP address. For starters, it should not be 192.168.x.x or 10.x.x.x :)
running traceroute to some public site will show you. Of course, there may be more than one interface that would get you there.
Look at the routing table? Generally, unless you're routing between the networks in windows (which is possible, but unusual for a client computer these days) the interface that holds the default route is going to have the Internet connection.
Your question didn't detail why or what you're doing this with so I can't provide any specifics. The command line tool "route" may be of some help, but there are probably libraries for whatever programming language you're using to look at the routing table.
You can't rely on the IP address of the interface (e.g., assuming an RFC-1918 address [192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8] isn't the internet) since most sites have some kind of NATed firewall or proxy setup and the "internet" interface is really on a "private" lan that gets you out to the Internet.
UPDATE: Based on your further information, it sounds like you have a decent solution. I'm not so sure about the choice of 0.0.0.0 since that's a boundary case for IP address -- might be OK on your particular mix of platform/language. Sounds (from the API description) like you could just specify an address, so why not some address known to be on the Internet, e.g. the IP address of your web site, or something more random like 65.66.67.68? Just make sure not to pick one of the rfc-1918 addresses, or the localhost range (127.0.0.0/8), or multicast, any other reserved range, and any address that resolves to a .mil or .gov (while it doesn't sound like getbestinterface sends any traffic, it would suck to find out by having the feds break your door down... :)
Looking at the network point of view, either could be routing to the "internet" at any time. If things like spanning tree protocol are enabled on a switch then you may find that what may have been the routing card to begin with may not be anymore.
Ping google.com though each NIC.