Is there a way to access a machine from outside the LAN without port forwarding?
I have two scenarios in my current setup port forwarding is complicating:
I have two FTP servers on the same router I want to access from outside
I want to Remote Control/Access files on Windows computers on the network
Right now, the first option is possible, but it needs reconfiguring the router, while other one seems impossible outside the LAN.
Is there something like [global IP address]/[machine name] or [global IP address]/[Local IP address]?
We need more information. Are these addresses IPv4 RFC 1918 addresses, publicly routed addresses, or IPv6?
If they are in the RFC1918 (10.x.x.x, 172.16.x.x, 192.168.x.x) address space then, simply no. Those addresses are not publicly routed and therefore must be translated to a non-RFC 1918 address.
Otherwise, yes, you can.
If your servers should be available to the public - the answer will be "no".
If you plan to give a limited number of users (for example, only you) access to this servers then you have some options:
Use SSH tunnels with, for example, PuTTY and set up a Forwarding for each service you want to expose to your computer and access it over localhost:port.
localhost:21001 --> 192.168.1.3:21 (FTP1)
localhost:21002 --> 192.168.1.4:21 (FTP2)
Advantage: you can setup your "port-forwardings" at clinet-side
Disadvantage: you need a router or another computer running the SSH server
Use a VPN (for example, OpenVPN, PPTP, etc.) to get access to your LAN from outside. Then you can act like you are in your LAN.
Advantages:
easy to use if setup properly
you can use almost every protocol
Disadvantage: Need to setup VPN Service/Gateway
Related
I was wondering if typing remote server url instead of typing localhost in spring boot properties db url (spring.datasource.url) is slower? Let's say I am running spring boot application on server with IPv4 123.123.12.12, will typing
jdbc:mariadb://123.123.12.12:3306/dbname
make it slower than
jdbc:mariadb://localhost:3306/dbname ?
When you access localhost, your /etc/hosts file will tell your computer not to look any further and redirects you to your own computer. When you access the IP address, your computer will ask the router to fetch the data, and your router will then point back to your computer.
Directly using the IP address of any interface on the localhost - either the loopback interface (127.0.0.1) or any other - is the option with the absolutely best performance. The packets will be actually routed through the loopback interface (no matter which IP is actually used) at - practically - CPU speed.
There are three reasons, however, to prefer 127.0.0.1 over the IPs of the other interfaces:
The loopback interface is crucial to the operation of the system and
as such it is initialized very early in the boot process and nearly
always available.
It is not affected by external factors: while removing the eth0 cable
will not by itself interrupt localhost's access to itself via eth0's
IP, it will mess things up if you have any of the many
"autoconfiguration" systems that will happily shutdown the interface
on link loss.
If you have a firewall setup, it's quite possible that the rule chain
is longer (and thus slightly worse performance-wise) when the IPs of
the public interfaces are involved.
Loopback, Also Refer This
Yes, setting up IP or DNS are slower than localhost. In case of localhost, application does not need to verify anything. It will directly try to connect the database on same server. But in case of IP and DNS, it first need to check that provided url is valid and then will connect to database.
I have a dedicated windows 2012 server with 12 dedicated IPs.
I want to be able to make connections simultaneously from two different ips that I choose.
This will be used for two different browser applications.
I have tried the following:
ForceBindIP %IP_ADDRESS% %APP_EXE%
But the IP doesn't change, the browser always displays the lowest IP from my added range.
I have also experimented with a script that removes all the ips, and then just adds one.
netsh interface ipv4 delete address "Ethernet" 104.251.111.110
netsh interface ipv4 delete address "Ethernet" 104.251.111.111
netsh interface ipv4 delete address "Ethernet" 104.251.111.112
netsh interface ipv4 delete address "Ethernet" 104.251.111.114
....
netsh interface ipv4 add address "Ethernet" 104.251.111.115 255.255.255.0
This changes the address BUT I end up having only one IP for both applications.
If the applications you intend to use doesn't support binding to interfaces/ip (true, it's uncommon), you can use SOCKS or Proxy software (which is a lot more common, especially browsers).
For instance you could install WinGate or Squid http://www.squid-cache.org (which is the one I know most).
Squid-Cache have the ability to bind to different outgoing addresses based on rules (http://www.squid-cache.org/Doc/config/tcp_outgoing_address/ ).
Basically what you need to do is:
install Squid
add ACL for loopback IP mapping, such as:
acl IP110 src 127.0.0.1/32
acl IP111 src 127.0.0.2/32
[...]
tcp_outgoing_address 104.251.111.110 IP110
tcp_outgoing_address 104.251.111.111 IP111
[...]
And the default, which is just formally needed:
tcp_outgoing_address 104.251.111.110
Each application will then need to be configured with a Proxy (or SOCKS, if you go that way), which is a configuration option most commonly available. On the proxy configuration set the corresponding local IP:
for outgoing connection using IP .111, use proxy on 127.0.0.2
for outgoing connection using IP .110, use proxy on 127.0.0.1
.. and so on.
Make sure Squid (or WinGate) bind to localhost 127.0.0.1/24, so you shouldn't have big security concerns, but if this is exposed on internet you may want to proceed to security assessment anyway.
This way if you decide to offload some application remotely, to other server, you can still manage to use the same outgoing IP(s), you just need to change squid configuration to allow external connection, which could be a big plus for scaling.
It looks like you're searching for a fix involving little rework of the browser applications. Assuming that you're using IIS to serve the applications, you should:
Using File Explorer or command line, soft-link the application configuration in another root folder for each instance of the browser application.
Using IIS, recreate the application as a site for each of the above browser application folders.
Using IIS, bind each instance of the browser application to the IP address you wish to serve it with.
Caveat: It's tempting to use the same app pool for all instances, but evaluate your hardware before! Remember that (depending on the application requirements) you create a single point of failure when using a single app pool. Create separate app pools with identical parameters to reduce this risk.
I would like that outgoing web service calls from different EC2 instances will have the same origin IP address. Is there any proper solution for this problem which is not defining a NAT within the Amazon VPC?
All the questions I found over the www (see below) related always end-up with a NAT recommendation and I am wondering is there another solution but the NAT solution?
https://serverfault.com/questions/530783/multiple-outgoing-ip-on-one-amazon-ec2-instance
https://forums.aws.amazon.com/message.jspa?messageID=430341
http://engineering.silk.co/post/31923247961/multiple-ip-addresses-on-amazon-ec2
To have requests come from a single IP address, then the machine with that IP address needs to send all the requests (obvious, I know). Therefore, it either needs to be the source of those requests, or requests from other machines need to route through that machine.
The easiest way to route requests through a single machine is to treat it as a NAT. This involves:
Modifying route tables so that traffic destined for the Internet routes to the NAT server
Configuring the NAT server to forward the traffic to the Internet and pass back responses
This could be done via a proxy rather than a NAT, but the result is effectively the same.
It is not possible to give the same IP address to multiple machines, since the return traffic won't know where to go. (Actually, it is possible -- see Anycast on Wikipedia, but this is only for incoming traffic to stateless services.)
If I have a UDP server repeatedly receiving requests from the same client machine, when might the client's incoming IP address change even though the user is actually still on the same machine and has not done anything deliberate to change her IP address?
I can think of two cases: (1) packets are coming in via proxy servers that use a pool of different IP addresses, and (2) the client machine is using a dynamically assigned IP address that has expired and been reassigned to a new IP address.
Are there any other cases?
Is it a mobile client? If so, it could change networks. For example -
A phone switching b/w 3G and wi-fi
A laptop changes wi-fi networks (this is infrequent though)
One of my real weak points in programming is networking, so I admit that I may be a little over my head with this project. Please feel free to tell me if what I'm trying to do doesn't make any sense
What I am trying to do, basically, is run a program on my laptop (Node.JS, probably) that handles requests from a website, does some functions, and serves data back to a client running on the website. (Research tells me this is called an RPC server)
When you listen for requests in Node.JS, you specify a port and optionally an IP Address- localhost, 127.0.0.1, is what all the tutorials I've read have used, but that's not sufficient for what I'm trying to do
I've read that I'll need to set up a static IP Address? But I think those are relative to my LAN, so they'll be like 192.168.0.X. So then what would I specify for the IP for the server and the client? (I don't think the port particularly matters). Do I need a DNS?
I hope this makes sense, sorry for so many questions, thank you for your help
You can run a server on your local machine, and you will specify your local IP address for the script, like 192.168.0.x. But for this server to ever receive a connection, your client must connect to your external IP address. It is the IP address that you get from your Internet provider when you connect to Internet. If your external IP is static, i.e. it does not change, then you can use it in your client script. If the external IP changes, you must setup a DNS record that would resolve the name of your computer. DynDNS can be used for that purpose.
If you have a router, it must be setup so that it forwards connections to your laptop where the server runs. And your firewall must be configured to allow connections.