Localhost to be accessible via Internet
Hi,
I know that this has been well documented over the internet but I just can't seem to be able to get it working :geek:
I have a local machine (from now on PC) on which I have a local host running (from now on service). The service is well accessible via the intranet, either on the local machine or via any other machine connected to the local intranet. The PC/server is running Windows 10 and the firewall is disabled and the ports for accessing the service are added to the list of exceptions.
Now, I have a ASUS router, which I would like to use to port forward this service via the internet. As long as I have a DDNS registered on the router and it is getting recognised, I should just be able to enter https://myDDNS: port and theoretically I should reach the service running on the PC/server, right? But it is not happening :shocked2:
Any ideas?
Re: Localhost to be accessible via Internet
Does it work without DDNS, as in using your external IP? You can see your external IP with http://ifconfig.io/
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Jonatron
Does it work without DDNS, as in using your external IP? You can see your external IP with
http://ifconfig.io/
Even with external IP, the port forwarding still must be configured, correct? No, it doesn't work. Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication.
On my router, I can see clearly the WAN IP (which is different from what Showip.net shows - http://ifconfig.io/ is not loading at all).
On the port forwarding page I've selected the port range (which you enter when dialling in) the same as the local port and the port I'm using when accessing the service via the intranet. I've selected for the local IP the PC/server and the protocol which is supposed to be TCP.
I can access the service on the intranet when I type https://localIP: port, but nothing happens if I type https://myDDNS: port or https://externalIP: port.
Any ideas?
EDIT: And I can confirm that i can access the ASUS router via the internet using the DDNS.
Odd, I can only access the router via the DDNS on the PC/server, other services can't reach it from WAN.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
... I should just be able to enter
https://myDDNS: port and theoretically I should reach the service running on the PC/server, right? ...
Have you set up the port forwarding on the router? It won't know which local machine should service that request unless you tell it, so it'll just drop the inbound traffic. There should be a port forwarding section in your router settings where you set both the inbound port and the local machine that will deal with the traffic.
Quote:
Originally Posted by
Bonebreaker777
Even with external IP, the port forwarding still must be configured, correct? No, it doesn't work. Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication....
Any ideas?
Heh - almost all ISPs put some degree of port blocking in place, but I suspect mobile ISPs are even more locked down than terrestrial. I'd put money on the port being blocked by the ISP, so the traffic isn't even getting to your router.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication.
It's possible, mobile data can be awful with restrictions, blocking, carrier level NAT, transparent proxies, and other horrible stuff.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
scaryjim
Have you set up the port forwarding on the router? It won't know which local machine should service that request unless you tell it, so it'll just drop the inbound traffic. There should be a port forwarding section in your router settings where you set both the inbound port and the local machine that will deal with the traffic.
Heh - almost all ISPs put some degree of port blocking in place, but I suspect mobile ISPs are even more locked down than terrestrial. I'd put money on the port being blocked by the ISP, so the traffic isn't even getting to your router.
So, theoretically all I need is the ports which are definitely not locked down by the ISP (mobile internet - Vodafon) that should be enough to get it working, right?
Re: Localhost to be accessible via Internet
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Millennium
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
Sorry, what? :shocked2:
Before I've added the modem to the router, the localhost was functioning fine. On all clients connected to the network (due to a SQL Express running on the main server and every client accessing the IP of the PC/server).
You're saying:
Quote:
Originally Posted by
Millennium
I don't see a way to do this without a modem?!
- you mean you're unsure if it can be done with a modem or without a modem?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Millennium
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
I don't think the OP means he is using the locahost address (127.0.0.1) but referring to the machine as the local host. IIRC, 127.x.x.x is not a routable address.
@bonebreaker777 - what port does your service use for its inbound connections?
Re: Localhost to be accessible via Internet
Hi Peterb - you mean what port I'm using while accessing the service within the intranet? It's 8090. Why?
Re: Localhost to be accessible via Internet
I think a good first test would be to try connecting to another known service on the same port from your device - don't think you've mentioned what port it is you are using, but proving that you can use that port/protocol on another server would go some way to pinpointing your own issue.
As already mentioned, mobile data is massively restricted and is prime suspect so far
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
Hi Peterb - you mean what port I'm using while accessing the service within the intranet? It's 8090. Why?
Just checking its not a common one blocked by some ISPs as an attack vector :)
So you have port forwarding on the router to forward port 8090 to the hosts local IP address?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
peterb
Just checking its not a common one blocked by some ISPs as an attack vector :)
So you have port forwarding on the router to forward port 8090 to the hosts local IP address?
So as long as I've set a port, for example 123, which I'll be dialling from the outside and the router redirects it localIP :8090, all should be fine, right?
Would it be better to attempt VPN - as long as I would be part of the virtual local intranet, I should be able to access the localIP without an issue, correct?
Under VPN I mean to create a VPN on the router or that won't work, would it?
Re: Localhost to be accessible via Internet
The port you are connecting to might be relevant - try using one above 1024.
Yes a VPN should work.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
peterb
The port you are connecting to might be relevant - try using one above 1024.
Yes a VPN should work.
Well. The following happened:
- DDNS successfully registered, according to the router
- Port forwarding enabled - entered the local port to be targeted, the local IP to be targeted and the port I'll be using externally (port 1666)
- Once the router refreshed with the new settings, I've hit myDDNS :1666 and nothing happened (This site can't be reached)
- Added port 2048, just to be sure - same results :|
So, VPN - what should I do exactly :)
- Create a VPN server on this router with the mobile connection and try clients connecting to it?
- Sign up for a commercial VPN service and have both the router and the clients connect to...?
Re: Localhost to be accessible via Internet
Ok, here's some specifics:
https://i2.wp.com/ferroustom.files.w...ng?ssl=1&w=450
Let's say you have the above setup - the IPs are obviously all made up.
It's safest to use IP addresses instead of DDNS as that will reduce the troubleshooting complexity.
As a user outside the firewall, in order to access the daemon running on port 8090, you need to:
Set up port forwarding so that port 8999->192.168.0.248:8090
Note that it's exceptionally likely that this needs to be done for TCP (not UDP). Servers running around 8090 are usually webapps like confluence/JIRA.
When you now hit: http://30.40.50.80:8999 traffic will be sent to the daemon on port 8090 of 192.168.0.248.
The above assumes a domestic router without additional firewall rules etc.
If you attempt to connect to http://30.40.50.60:8999 from inside the firewall (ie from your local LAN) weird stuff may happen depending on how the firewall/router works.
Once this is all working, you can set up DDNS and start using domain names.
If you still hit problems, it's worth seeing what IP address the daemon is bound to on the server so something like:
netstat -an
and look for port 8090.
It needs to be listening to either 0.0.0.0 (linux) or [::] (windows) - which means listen to all IP addresses associated with the server or, in the example above 192.168.0.248. It's possible that for whatever reason it's bound to 127.0.0.1.
I would assume that either you're not port forwarding to the daemon correctly or you're doing UDP instead of TCP.
If all of the above still doesn't work, have you checked ACLs on the application itself and the software firewall on the server? If you can access it from your local subnetwork, but not the Internet, it's possible that there's some security causing it not to respond.
If that STILL doesn't help, what happens if you attempt to telnet to the port from outside the firewall - ie in the above case:
telnet 30.40.50.60 8999
That causes a very basic TCP connection. You should be able to tell from that whether or not a connection is being established or whether it's being blocked.
All of the above assumes that you're using a domestic/SOHO router. If you're doing something more business grade, you may have to worry about routing/hardware firewalls.
A few more details would help with troubleshooting a great deal. What OS is the server running? What's the application you're trying to expose? What's the model of the firewall etc.