I'm hosting a website on my computer. I enabled port forwarding to port 8080 using the virtual server option ("The Virtual Server option allows you to define a single public port on your router for redirection to an internal LAN IP Address and Private LAN port if required.") so my website can be accessed by typing our router's IP address and then the public port redirecting to my internal IP (xx.xx.xxx.xx:8080). I also have a domain ready and I am trying to configure an A record in the DNS management panel. The target should be an IP address, but it says invalid value in dnsrecord when I type the address and port. It probably doesn't accept the port, but if I don't specify the public port for my internal IP, the website can't be accessed. Any help?
As you stated, your record should be an IP address and not IP:PORT. So just input the xx.xx.xx.xx address and it should work.
The TTL indicates how long the clients should consider the IP address corresponding to the DNS as valid.
The record type A indicates that it is an address record (returning an IP).
I don't know freenom, but I hope this helps you configuring your DNS record.
The default port is 80 so set port forwarding to that
Related
Trying to create tcp socket connection between via an Ipv6 address, I get Network is unreachable (os error 101)
As a binding local address is used fe80::850***.
Probably it's because of fe80*** is local ipv6 address generated by OS. Is there a way to provide correct configuration for system to make a call via IPv6?
Short answer:
Your IPv6 connectivity is not setup correctly. This is most probably no configuration problem on your machine, but on the gateway router.
Long answer:
You get a "Network is unreachable" error because your operating system does not know how to reach the destination address. Usually it maintains a table called the routing table, where it looks up which network path leads to which ip subnet. It seems that in your case, there are several things missing.
Your interface probably has no configured non-link-local (fe80::/64) address
There is no routing table entry for the destination address range
In the IPv4 world these missing things are usually resolved by a DHCP server. In the IPv6 world, there are two possible configuration options. Either DHCPv6 is used or the IPv6 Stateless Address Autoconfiguration is used. It seems that neither is setup in your network. Note that correctly setting up one of these requires you to have administrative access to your gateway router.
As it required quite long time to find the main reason of the problem, will try to share the solution/investigation steps:
To make sure ipv6 is not configured properly just run 'ping6 ipv6.google.com'. It should return some error message like 'connect: Network is unreachable' or just stuck.
AWS ec2 instances by default are not assigned ipv6 global routable addresses(only ipv4 is assigned). Ipv6 addresses like 'fe80:*' are local routable and can't be used for global requests. To check the list of ip addresses, check eth0 config /sbin/ifconfig. Btw, AWS provides interface to generate global routable ipv6 address for ec2 instance (just check vpc/ec2 console pages - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html)
Check security group of ec2 instance and make sure that in route table ipv6 traffic is allowed.Specifically inbound and outbound rules should include '::/0' for ipv6(or one of them based on the need).
Try 'ping6 ipv6.google.com' again
Run the following command to check whether IPv6 is enabled:
ip addr
If only an IPv4 address is displayed, IPv6 is disabled. Enable it by referring to this tutorial.
If a link-local address (starting with fe80) is displayed, IPv6 is enabled but dynamic assignment of IPv6 addresses is not enabled.
If an IPv6 address other than fe80 is displayed, IPv6 is enabled and an IPv6 address has been assigned.
My computer is using Wi-Fi provided by a tplink router.
I am using a website to get my IP, https://www.whatismyip.com.
My code is fine, because I can connect to the socket in my own computer by using 127.0.0.1.
Here is my code from https://www.geeksforgeeks.org/socket-programming-cc/amp/
But I don't know why my friend can't connect to my socket using the IP I get from the website.
I wonder, do I need to set up something in my router, or am I using the wrong code?
What you get from whatismyip.com is your public IP address. Your computer is probably behind a NAT/PAT (Network Address Translation / Port Address Translation), meaning your machine has a private IP address that gets translated by your router/firewall into the public one displayed by whatismyip.com
You have two solutions:
Get a public IP address from your Internet provider, and disable NAT on your router (probably you'll need help for this).
Configure port forwarding on your router so that it forwards traffic on your public IP address to a given port on your machine.
Today I spent the whole afternoon trying to configure ns1 and ns2 on a cpanel server that is installed on a Google Cloud VM, but the domain does not resolve the ip, I think I'm doing it wrong, I'm doing the following form,
Creating the VM on the platform with a subnet to gain access to an additional ip,
I point the server ip on ns1.yourdomain.com
and the second ip to ns2.mydomain.com
but not one works.
Algem could I give a light of with proceed?
As far as I know, Google Cloud is using private ips for the linux virtual machines. And then they do a 1-to-1 NAT or something like this so in the end your server has a private ip address and all the ports of the public ip that they give you are mapped to all the ports of your private ip on the server.
So you should enable port 53 tcp/udp first of all, on the Google Cloud console so the DNS will actually work on your server. By default, as far as I remember, only port 22 for ssh is allowed, all other ports being blocked. Then for your domain, you have to points ns1 and ns2 to the public ip address or at least ns1 should point to your public ip address and be sure that the nameservers defined for your domain, on your domain registrar, are ns1 and ns2 and at least one of them is pointing to your server.
Do a telnet on TCP port 53 on your public ip address and see if any traffic is allowed. Same goes for UDP.
It's pretty hard to say what is not working since you have provided very limited information but that seems to be the case.
I am attempting to connect to my instance via PuTTY but when I attempt to connect with the inbound rule set to my private range (i.e 192.168.2.0/24) it just won't work. When I set it to the insecure 0.0.0.0/24 all is fine. Can anyone explain, or solve this issue. I am running Windows 7 with all current updates. My IP address is not static.
The 192.168.0.0/16 CIDR range is considered a private network, which means it is not routable. This also means that AWS, when receiving the connection from the PuTTY client on your machine (which might have an IP address of 192.168.2.1, for example), does not see the remote address of that connection as the IP address of your server. Instead, AWS probably sees the remote address of that incoming connection as being an IP address from your ISP. That's why allowing "0.0.0.0" as the inbound rule works; it allows incoming addresses from everywhere.
To find out what CIDR range to use as a more restrictive inbound range for your AWS security groups, you might connect in to your instance, then do:
$ env | grep SSH_CONNECTION
SSH_CONNECTION=1.2.3.4 54068 5.6.7.8 22
In particular, you are looking for the SSH_CONNECTION environment variable. Per the ssh man page, the SSH_CONNECTION environment variable
Identifies the client and server ends of the connection.
The variable contains four space-separated values: client IP address,
client port number, server IP address, and server port number.
Thus the first part of the value, the "1.2.3.4" in my contrived example, would show you the IP address that AWS sees your PuTTY connection as coming from; you can then use that IP address as the basis for a CIDR range.
Hope this helps!
I'm trying to set up the system in the link on Amazon Virtual Private Cloud.
https://docs.google.com/presentation/d/1H3s9O2GnM52cfKWiyt2oK92SSCEU-K1Srz5sw2uuRhU/edit?usp=sharing
My question is "any possible to let TCP server know real TCP Client's IP ?"
I get ip always from load-balancer and no idea about how to get the ip from real client.
Very Thanks.
According to documentation,
Proxy Protocol
The Proxy Protocol header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections. Because load balancers intercept traffic between clients and your back-end instances, the access logs from your back-end instance contain the IP address of the load balancer instead of the originating client. When Proxy Protocol is enabled, the load balancer adds a human-readable format header that contains the connection information, such as the source IP address, destination IP address, and port numbers of the client. The header is then sent to the back-end instance as a part of the request. You can parse the first line of the request to retrieve your client's IP address and the port number.
The Proxy Protocol line is a single line that ends with a carriage return and line feed ("\r\n"). It takes the following form:
PROXY_STRING + single space + INET_PROTOCOL + single space + CLIENT_IP + single space + PROXY_IP + single space + CLIENT_PORT + single space + PROXY_PORT + "\r\n"
The following is an example of the IPv4 Proxy Protocol.
PROXY TCP4 198.51.100.22 203.0.113.7 35646 80\r\n
The Proxy Protocol line for IPv6 takes an identical form, except it begins with TCP6 and the address is in IPv6 format.
The following is an example of the IPv6 Proxy Protocol.
PROXY TCP6 2001:DB8::21f:5bff:febf:ce22:8a2e 2001:DB8::12f:8baa:eafc:ce29:6b2e 35646 80\r\n
If the client connects with IPv6, the address of the proxy in the header will be the public IPv6 address of your load balancer. This IPv6 address matches the IP address that is resolved from your load balancer's DNS name that is prefixed with either ipv6 or dualstack. If the client connects with IPv4, the address of the proxy in the header is the private IPv4 address of the load balancer, which is not resolvable through a DNS lookup outside the EC2-Classic network.
For information about enabling the Proxy Protocol header, see Enable or Disable Proxy Protocol Support.