Localhost to be accessible via Internet
Hi,
I know that this has been well documented over the internet but I just can't seem to be able to get it working :geek:
I have a local machine (from now on PC) on which I have a local host running (from now on service). The service is well accessible via the intranet, either on the local machine or via any other machine connected to the local intranet. The PC/server is running Windows 10 and the firewall is disabled and the ports for accessing the service are added to the list of exceptions.
Now, I have a ASUS router, which I would like to use to port forward this service via the internet. As long as I have a DDNS registered on the router and it is getting recognised, I should just be able to enter https://myDDNS: port and theoretically I should reach the service running on the PC/server, right? But it is not happening :shocked2:
Any ideas?
Re: Localhost to be accessible via Internet
Does it work without DDNS, as in using your external IP? You can see your external IP with http://ifconfig.io/
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Jonatron
Does it work without DDNS, as in using your external IP? You can see your external IP with
http://ifconfig.io/
Even with external IP, the port forwarding still must be configured, correct? No, it doesn't work. Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication.
On my router, I can see clearly the WAN IP (which is different from what Showip.net shows - http://ifconfig.io/ is not loading at all).
On the port forwarding page I've selected the port range (which you enter when dialling in) the same as the local port and the port I'm using when accessing the service via the intranet. I've selected for the local IP the PC/server and the protocol which is supposed to be TCP.
I can access the service on the intranet when I type https://localIP: port, but nothing happens if I type https://myDDNS: port or https://externalIP: port.
Any ideas?
EDIT: And I can confirm that i can access the ASUS router via the internet using the DDNS.
Odd, I can only access the router via the DDNS on the PC/server, other services can't reach it from WAN.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
... I should just be able to enter
https://myDDNS: port and theoretically I should reach the service running on the PC/server, right? ...
Have you set up the port forwarding on the router? It won't know which local machine should service that request unless you tell it, so it'll just drop the inbound traffic. There should be a port forwarding section in your router settings where you set both the inbound port and the local machine that will deal with the traffic.
Quote:
Originally Posted by
Bonebreaker777
Even with external IP, the port forwarding still must be configured, correct? No, it doesn't work. Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication....
Any ideas?
Heh - almost all ISPs put some degree of port blocking in place, but I suspect mobile ISPs are even more locked down than terrestrial. I'd put money on the port being blocked by the ISP, so the traffic isn't even getting to your router.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
Not sure if it makes a difference but I'm using a 3G mobile modem for the internet communication.
It's possible, mobile data can be awful with restrictions, blocking, carrier level NAT, transparent proxies, and other horrible stuff.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
scaryjim
Have you set up the port forwarding on the router? It won't know which local machine should service that request unless you tell it, so it'll just drop the inbound traffic. There should be a port forwarding section in your router settings where you set both the inbound port and the local machine that will deal with the traffic.
Heh - almost all ISPs put some degree of port blocking in place, but I suspect mobile ISPs are even more locked down than terrestrial. I'd put money on the port being blocked by the ISP, so the traffic isn't even getting to your router.
So, theoretically all I need is the ports which are definitely not locked down by the ISP (mobile internet - Vodafon) that should be enough to get it working, right?
Re: Localhost to be accessible via Internet
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Millennium
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
Sorry, what? :shocked2:
Before I've added the modem to the router, the localhost was functioning fine. On all clients connected to the network (due to a SQL Express running on the main server and every client accessing the IP of the PC/server).
You're saying:
Quote:
Originally Posted by
Millennium
I don't see a way to do this without a modem?!
- you mean you're unsure if it can be done with a modem or without a modem?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Millennium
Localhost gets ALL ports from your ISP connection IP. I don't see a way to do this without a modem?!
I don't think the OP means he is using the locahost address (127.0.0.1) but referring to the machine as the local host. IIRC, 127.x.x.x is not a routable address.
@bonebreaker777 - what port does your service use for its inbound connections?
Re: Localhost to be accessible via Internet
Hi Peterb - you mean what port I'm using while accessing the service within the intranet? It's 8090. Why?
Re: Localhost to be accessible via Internet
I think a good first test would be to try connecting to another known service on the same port from your device - don't think you've mentioned what port it is you are using, but proving that you can use that port/protocol on another server would go some way to pinpointing your own issue.
As already mentioned, mobile data is massively restricted and is prime suspect so far
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
Hi Peterb - you mean what port I'm using while accessing the service within the intranet? It's 8090. Why?
Just checking its not a common one blocked by some ISPs as an attack vector :)
So you have port forwarding on the router to forward port 8090 to the hosts local IP address?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
peterb
Just checking its not a common one blocked by some ISPs as an attack vector :)
So you have port forwarding on the router to forward port 8090 to the hosts local IP address?
So as long as I've set a port, for example 123, which I'll be dialling from the outside and the router redirects it localIP :8090, all should be fine, right?
Would it be better to attempt VPN - as long as I would be part of the virtual local intranet, I should be able to access the localIP without an issue, correct?
Under VPN I mean to create a VPN on the router or that won't work, would it?
Re: Localhost to be accessible via Internet
The port you are connecting to might be relevant - try using one above 1024.
Yes a VPN should work.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
peterb
The port you are connecting to might be relevant - try using one above 1024.
Yes a VPN should work.
Well. The following happened:
- DDNS successfully registered, according to the router
- Port forwarding enabled - entered the local port to be targeted, the local IP to be targeted and the port I'll be using externally (port 1666)
- Once the router refreshed with the new settings, I've hit myDDNS :1666 and nothing happened (This site can't be reached)
- Added port 2048, just to be sure - same results :|
So, VPN - what should I do exactly :)
- Create a VPN server on this router with the mobile connection and try clients connecting to it?
- Sign up for a commercial VPN service and have both the router and the clients connect to...?
Re: Localhost to be accessible via Internet
Ok, here's some specifics:
https://i2.wp.com/ferroustom.files.w...ng?ssl=1&w=450
Let's say you have the above setup - the IPs are obviously all made up.
It's safest to use IP addresses instead of DDNS as that will reduce the troubleshooting complexity.
As a user outside the firewall, in order to access the daemon running on port 8090, you need to:
Set up port forwarding so that port 8999->192.168.0.248:8090
Note that it's exceptionally likely that this needs to be done for TCP (not UDP). Servers running around 8090 are usually webapps like confluence/JIRA.
When you now hit: http://30.40.50.80:8999 traffic will be sent to the daemon on port 8090 of 192.168.0.248.
The above assumes a domestic router without additional firewall rules etc.
If you attempt to connect to http://30.40.50.60:8999 from inside the firewall (ie from your local LAN) weird stuff may happen depending on how the firewall/router works.
Once this is all working, you can set up DDNS and start using domain names.
If you still hit problems, it's worth seeing what IP address the daemon is bound to on the server so something like:
netstat -an
and look for port 8090.
It needs to be listening to either 0.0.0.0 (linux) or [::] (windows) - which means listen to all IP addresses associated with the server or, in the example above 192.168.0.248. It's possible that for whatever reason it's bound to 127.0.0.1.
I would assume that either you're not port forwarding to the daemon correctly or you're doing UDP instead of TCP.
If all of the above still doesn't work, have you checked ACLs on the application itself and the software firewall on the server? If you can access it from your local subnetwork, but not the Internet, it's possible that there's some security causing it not to respond.
If that STILL doesn't help, what happens if you attempt to telnet to the port from outside the firewall - ie in the above case:
telnet 30.40.50.60 8999
That causes a very basic TCP connection. You should be able to tell from that whether or not a connection is being established or whether it's being blocked.
All of the above assumes that you're using a domestic/SOHO router. If you're doing something more business grade, you may have to worry about routing/hardware firewalls.
A few more details would help with troubleshooting a great deal. What OS is the server running? What's the application you're trying to expose? What's the model of the firewall etc.
Re: Localhost to be accessible via Internet
Mobile broadband providers are crap for this sort of thing, they block all sorts. Largely due to IPv4 address exhaustion.
Depending on your router's capabilities, you may be able to run tools like tcpdump from the command line to sniff inbound packets. If you set that to capture packets on your service port you will be able to see if your ISP is blocking requests as you'll get at the very least TCP SYN packets. This will give you a definitive answer to whether your ISP is getting in the way.
If your service is available from other machines locally, you don't need to worry about address binding above in b0redom's post as it'll either be your loopback or your nic.
I'm not sure what VPNs allow you to host through their connections, you may have the same problem as mobile operators. Depending on your budget and the service you want to run you could look at a very cheap VPS and either host remotely, or use a SSH tunnel to broker connections.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
b0redom
Ok, here's some specifics:
https://i2.wp.com/ferroustom.files.w...ng?ssl=1&w=450
... reduced text ... sorry...
A few more details would help with troubleshooting a great deal. What OS is the server running? What's the application you're trying to expose? What's the model of the firewall etc.
Okay - according to the internet my public IP address is 12.123.123.123 (I've replaced some numbers, of course).
In the router I've disabled the firewall and port forwarded the following:
Service Source IP Port Range Local IP Local Port Protocol
'Name' -left blank- '8999' 'local IP' '8090' 'TCP'
And then I've tried to access it from outside type the following into the browser: http://12.123.123.123 :8999
It was thinking for quite a while but eventually displayed: This site can't be reached.
What OS is the server running? - Windows 10 Pro, firewall disabled
What's the application you're trying to expose? - Some sort of a monitoring service, using mySQL (can give the name too if you're interested)
What's the model of the firewall? - Both Windows firewall and the router firewall are turned off while testing the connections
Quote:
Originally Posted by
b0redom
If that STILL doesn't help, what happens if you attempt to telnet to the port from outside the firewall - ie in the above case:
telnet 30.40.50.60 8999
I should use Putty for this or just type it in the cmd from a machine outside the network?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Dashers
Mobile broadband providers are crap for this sort of thing, they block all sorts. Largely due to IPv4 address exhaustion.
Depending on your router's capabilities, you may be able to run tools like tcpdump from the command line to sniff inbound packets. If you set that to capture packets on your service port you will be able to see if your ISP is blocking requests as you'll get at the very least TCP SYN packets. This will give you a definitive answer to whether your ISP is getting in the way.
If your service is available from other machines locally, you don't need to worry about address binding above in b0redom's post as it'll either be your loopback or your nic.
I'm not sure what VPNs allow you to host through their connections, you may have the same problem as mobile operators. Depending on your budget and the service you want to run you could look at a very cheap VPS and either host remotely, or use a SSH tunnel to broker connections.
VPS is probably a no-go, if I understand the concept of a VPS correctly. The network must be physical and actual devices are connected and disconnected to and from the network. And we need to be able to demonstrate this.
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
Okay - according to the internet my public IP address is 12.123.123.123 (I've replaced some numbers, of course).
In the router I've disabled the firewall and port forwarded the following:
Service Source IP Port Range Local IP Local Port Protocol
'Name' -left blank- '8999' 'local IP' '8090' 'TCP'
And then I've tried to access it from outside type the following into the browser:
http://12.123.123.123 :8999
It was thinking for quite a while but eventually displayed: This site can't be reached.
What OS is the server running? - Windows 10 Pro, firewall disabled
What's the application you're trying to expose? - Some sort of a monitoring service, using mySQL (can give the name too if you're interested)
What's the model of the firewall? - Both Windows firewall and the router firewall are turned off while testing the connections
I should use Putty for this or just type it in the
cmd from a machine outside the network?
If you have a Linux/OSX machine use that, otherwise you'll likely need to install telnet and run it from cmd. You might need to change the source IP to 0.0.0.0 or whatever the wildcard is on your firewall. Just to confirm it definitely works inside the firewall right?
Have you got any working services exposed through that router?
Re: Localhost to be accessible via Internet
Quote:
Originally Posted by
Bonebreaker777
VPS is probably a no-go, if I understand the concept of a VPS correctly. The network must be physical and actual devices are connected and disconnected to and from the network. And we need to be able to demonstrate this.
The VPS is hosted, yes it's virtual, but pretty much everything is on the Internet. Your local devices on your LAN can still be physically connected, you're just using the VPS as a tunnel broker on the Internet to essentially present your service from another place. It's almost exactly the same as a VPN, but you're not bridging or routing, you're tunnelling a single service.
Your requirement sounds a bit odd though. Smells a bit PCI-esq, which is business related. You should speak to your service provider about a dedicated IP address on your 3G connection and that will solve your problem. This will be something available to business users.
Re: Localhost to be accessible via Internet
I don't think anyone suggested it, but have you tried not redirecting the port and using the same external port as internal?
Re: Localhost to be accessible via Internet
Tested a lot of different option, finally settled with a SIM card with a public IP address. Too bad we couldn't find something simpler :(
Edit: so after a while I've managed to get a SIM card with a public IP address and the proper login details. However, I still can't forward any of the ports. Any ideas, please?