Re: [Pi3web-users] Help
Brought to you by:
zimpel
Menu
▾
▴
Re: [Pi3web-users] Help
|
From: Holger Z. <zi...@t-...> - 2005-06-28 19:47:08
|
Hi Samuel,
yes, it's possible to reach an accessible host in your home network
through the internet, although the way how to reach it depends on the
infrastructure you are using and also on your ISP.
The IP address range of your home network is a so called 'private
class C' network and a host within this network isn't visible to the
internet. The internet one can visualize as a huge conglomerate of
public (and private) networks connected through routers, switches etc.
Now the question is, how a remote host is able to address a host in
your private network by an unique internet address if there are many
other class C networks using the same private address range and which
are possibly also connected to the internet?
The answer is quite simple, your network (and any host in it) isn't
available by its private address (only known within this network) but
the network is reachable by an (either statically or dynamically
assigned) IP address within the public address range of your ISP.
The 'glue' between this external and public address and a host within
your network is a functionality called 'IP forwarding', which is often
implemented by dial-in routers or firewalls. This means, it has to be
configured, that an incoming request for a certain TCP port (e.g. 80
for HTTP) will be forwarded to a certain ip address (host) within your
network, where the corresponding TCP service (e.g. an HTTP server) is
listening on a specified port (which can but need not to be the same as
the external port).
As you can see, there's a major difference between outgoing (can go
anywhere) and incoming (can only reach permitted hosts) traffic to/from
the internet. Fortunately this protects your network from attacks from
the 'outer world'. It also presents your network to this 'outer world'
as a single host, whether there are really 1, 2 or more (254) computers.
Therefore this technique is also often called 'IP masquerading'.
This is, how it works in general, the practical details depend on your
system and especially on the components responsible for connecting your
network with the internet.
I recommend to read the manual of the router component having internet
(WAN) connectivity to figure out, how IP forwarding can be configured.
Often this component is connected with or even built into an isdn, cable
or dsl modem. But this task can also be performed by a PC in your
network if it is running as a TCP router.
After having this configured, your friends should reach your website by
your public IP address, e.g. http://84.185.203.164/ (this is really my
current IP address), even if your web server keeps listening on address
192.168.1.8.
There are many more details to be optionally considered:
- if the hosts in your network get their (dynamic) IP address via DHCP,
the web server should listen on address 0.0.0.0, which means any
interface available (I assume, this doesn't apply to you, because
you can access your website under a fix address from within the
private network).
- how to figure out your public IP to tell it to friends? E.g. the
'router status' of my NETGEAR FWG114P shows this information. There
are also utility programs available performing the same.
- if your public IP address is assigned dynamically by your ISP, it
normally will change every time you establish a connection to your
ISP. Your friends won't recognize this and won't see your website
anymore after you re-connect. There are different ways to solve this
- publish the updated IP address information. There are tools
performing this by e.g. updating a public website where you have
write access (e.g. via ftp) or by sending an e-mail notification
- using (dynamic) DNS. There are free services (e.g. dyndns.org)
providing DNS resolution for a subdomain (e.g. zimpel.dyndns.org)
to your public IP address. There's also a (web) interface to update
the reqired address information as often it changes, which is even
implemented by many dsl routers or modems. I.e. if you sign on such
a (free) service and configure dynamic DNS correctly, everything is
updated automatically.
- do this IP forwarding configuration carefully, because you're drilling
holes into your firewall. Especially the configuration of a default
host for any unresolved packets or opening to many (or all) ports to
the internet will weaken your network and open it for attackers from
the internet. There is a good service for checking the correct
firewall configuration - http://www.grc.com/ and then follow the
links for 'ShieldsUP!'
Additional hint:
It can be a good idea to run a secondary firewall at all hosts in
your network or - this is an expert task - to implement a 'DMZ'
(DeMilitarized Zone), this means a '2 stage' firewall, where all
public accessible services reside on hosts in the DMZ.
Sorry for the comprehensive explanations about all these things. I don't
want to be boring but I think this can be useful for other readers too.
Hope, this will help you to get your issue fixed.
--
Kind regards,
Holger
P.S.:
I will keep my PC on this night and you can try out (but don't hack me!)
http://84.185.203.164/
https://84.185.203.164/
http://zimpel.dyndns.org/
https://zimpel.dyndns.org/
showing secure HTTPS and standard HTTP service hosted by a single
Pi3Web instance and a configured second virtual host (by DNS name).
Samuel Cosovan schrieb:
> I was wondering if it is possible to access my website from a remote
> computer off my home network? The computers in my home network can
> access it but when I told my friends to try it out at their homes it
> said page cannot be displayed. The server is running and everything is
> working but they cannot access it. If you have any idea what is going
> wrong email me at sam...@ho... and help me.
>
> My website is http://192.168.1.8 and i can access it from my computer
> and the other 4 computers in our household that are all networked up. If
> you can help please send me an email.
>
> Thanks
>
> _________________________________________________________________
> Sell your car for $9 on carpoint.com.au
> http://www.carpoint.com.au/sellyourcar
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Pi3web-users mailing list
> Pi3...@li...
> https://lists.sourceforge.net/lists/listinfo/pi3web-users
>
|
