Direct ping to a server not working, but via another server? - ping

Have a small question..
I got below two ips from my team-mate...
G/W Details: 172.27.180.201 (abc/xyz)
Server Details: 192.168.40.132 (abc/xyz).
When I ping to 201, it goes fine. But ping to 132 didnt work.
Now if I do ssh to 201 and from there I ping to 132, then ping works fine.
So I am thinking what kind of changes I have to do in my Linux-machine(Any static route ??), so that I can directly ping to 132 machine ?
Please help me and let me know if I need to provide any other output details...
Thanks.

The 2 machines (G/W & Server) are in different networks since they are using different private IP address ranges.
Private IP address ranges are as follows:
Class A network 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
Class B network 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
Class C network 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
Since you can ping G/W:
you are either in the same network and have a class B IP address
you are in a different network which has access to G/W's network by some means (gateway, vpn tunnel etc.)
G/W can ping Server because it has access to Server's network (or Server itself) by some means (gateway, vpn tunnel, firewall etc.)
Disclaimer: I'm not a network expert, my jargon maybe not appropriate :)

172.27.180.201 should do NAT for you.
Or 192.168.40.132 add route.
You can't access 192.168.40.132 only changing your host.

Related

Caddy on LAN only

I am trying to setup a reverse proxy with Caddy, I also want to use subdomains to point to my different services, so I bought a domain but the domain can only point to an ip-address, and my routers ip-address is not static so to solve that I registered a subdomain on Duckdns and that subdomain is pointing to my routers ip-address all the time, the subdomains on that I payed for have DNS set to point to Duckdns and I have opened port 80 & 443 on my router to point to my server machine that is running Caddy, the caddyfile simply have the domains I payed for point to localhost services.
It works but only on LAN, outside it does not work
If your public IP address is not the same as nslookup mydomain.duckdns.org; the problem is DNS. check your dynamic DNS
client's configuration file for inaccuracies. Restart your router and trial that it works as expected
If the IP addresses match, but you cannot make access from outside the network, its a port forwarding issue. Check port forwarding rules on your router, and opened ports on your server.
sudo ufw status verbose and sudo ss -ltnp are helpful server commands.
If the IP addresses match, but you cannot make access from inside
the network, hairpin NAT is the issue. This is a router issue. Buy
a more feature complete router from your ISP, or setup a local DNS
server to resolve this minor annoyance.
[Using your phone, enable WiFi for 'inside' type testing; disable WiFi for 'outside' type testing].

Amazon Web Service RDS Connection Failure

I am trying to locally run a PHP based project, connecting to an Amazon RDS instance. I am receiving the following error in the browser:
![SQLSTATE[HY000] [2002]]1
I have run a series of networking tests where I pinged the following and received successful test results. I pinged:
iiNet's web address
One of iiNet's DNS servers
The loopback address of my computer
I pinged Google
I then tried the mysql utility to remotely connect and received the
ERROR 2003 (HY000): Can't connect to MySQL server
Last factor I think you should know regarding my own networking situation, I am connecting to the internet via:
modem->Zyxel VPN->Wireless Router->My laptop
What in the Sam Hill is going on?
Thanks,
CM
For this to work, the following must be true:
the RDS instance must resolve to a public IP address (I'd check this for you but since you chose to use a screenshot instead of text, I can't copy paste it, so I'll leave it to you)
the Security Group(s) associated with the RDS instance must allow traffic from your public IP ( the one you'll get from http://wtfismyip.com/text ). This won't bet true by default. I highly recommend you open to your IP, not just everyone, as Mysql is trivial to DOS attack if its port is public.
The network ACL of the VPC hosting the RDS instance must allow the traffic also. This will be allowed by default, so unless you changed the ACLs in your VPC, you can ignore this.
If all those are true, you should be able to connect!

Ethernet setup for point to point connection

I'm trying to debug a point-to-point ethernet interface which is not working, and I'm beginning to suspect that things have changed in Windows since I last tried this.
I have built a board with a fixed IP address, and am hooking it up to my laptop for testing. Although the LEDs seem to blink, and my board manages to negotiate a physical connection, when I try to ping it from the PC, it fails. The same PC successfully manages to ping a second PC with a fixed IP address. Let me explain:
The TCP/IPv4 adapter settings on the PC are:
IP address; 192.168.1.5
Network mask: 255.255.255.0
Default Gateway: undefined
The board has:
IP address; 192.168.1.2
Network mask: 255.255.255.0
Default Gateway: 192.168.1.
When I try to ping the board from the PC, I get "Destination host unreachable" some of the time, "Request timed out" the rest I expect if there's a difficulty to always get "Request timed out". The "Destination host unreachable" has me confused. According to Microsoft, this message means nothing is being put out on the wire, and to try the route utility. I tried to "Route add 192.168.1.2 mask 255.255.255.0 0.0.0.0 IF 6", and several other attempts, including using NirSoft's NetRouteView to add a route, and it fails, with "The parameter is incorrect".
When I take a second PC and set it to
IP address; 192.168.1.2
Network mask: 255.255.255.0
Default Gateway: undefined
Then pinging works, which disagrees with the "Destination host unavailable" which I am seeing when the board is attached (the route is there).
Any suggestions?
With a direct, point-to-point connection you can't ping a second PC - where do you connect it to?
Check arp -a to see if the destination IP address has been resolved to a MAC address. If not, the 'board' is likely configured to another IP address or not at all (waiting for DHCP, running zeroconf, ...).
You don't need any routes with both nodes directly connected to each other (or through a switch).

How to set a name for Apache server?

I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html

Why is connection failing when port-forwarding with dynamic dns in same network

I have a MySQL database running on my raspberry pi.
To access it I use dynamic DNS (duckdns) when I am outside of my network, but I would like to access it with same dynamic domain name when I am inside my network. However it is not working and I always get connection refused.
I would like somehow enable it so I do not have to change in app.config MySQL server address from my dynamic domain to localhost when I am inside my local network.
You'll need a gateway router that supports NAT hairpinning. Many consumer-grade units (and some supposedly commercial-grade equipment) doesn't support this. Either yours doesn't, or you need to find an option to enable it.
When you try to connect to the public IP address from inside the network, the router probably assumes that you want to connect to the router itself.
My cable modem's built-in router at home understands how to do this. When I access my server from the laptop, and connect to the public IP from inside, the router (inside the cable modem) does a transformation on the packets so that my server sees my connection coming from the router's IP address, not my laptop's IP address.
This is what has to happen, because when the server responds, it will respond to the machine that connected to it. If it responded to the laptop's address, the laptop would reject the traffic, since it would be coming from ther server's internal IP, which is not the IP address I connected to. So, it responds to the router, which does a second transform on the packet address, replacing the server's internal IP with the external IP. Remembering the session from previous traffic, the router then sends the packet back to the laptop.
Ultimately this setup can't possibly work for you without the complicity of your router, which may not have that capability.
Some routers, however, have a DNS proxy that will allow you to create static entries. My former DSL modem could not hairpin NAT connections, but it had a way to create DNS entries that would be used to respond to internal DNS queries for a specific host... with a different IP than the one that DNS otherwise provided. That's an alternative workaround if the router supports it.