Allow NAT from single external address - Mikrotik - external

I have an RB951G-2HnD that I'm trying to create a rule to allow 1143 through from WAN to a particular server on the LAN. I've created a rule, but I want to limit access to 1143 to a single external IP address. Any tips on how I can limit it to a single external IP address?

In the same rule set src. ip( first tab on ip firewall nat rule) with this public ip that you want to allow trasit

Related

Google Compute Engine How to bind new external IP address to the instance

I need to get new external IP address every time when I recreate my instance.
Current implementation may use previous ips.
How can I achieve the goal with static or ephemeral ips?
Or how can I get GCE ips pool?
I am adding bellow information with Kolban.
For the external IP Google cloud has two categories:
Static external IP addresses
Ephemeral external IP addresses
The basic difference between these two are Static one is long term assignment until hey are explicitly released from that assignment, and remain attached to a resource until they are explicitly detached. Where, Ephemeral remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is stopped, any ephemeral external IP addresses that are assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects.
As you are wishing for the new IP address for your instance, it seems Ephemeral external IP addresses is a better choice. But you can use the Static external IP addresses to create an IP pool anyway and rotate your reserved static external IP address, which has cost implications.
The external IP are configured in the accessConfigs. You can see accessConfigs if you describe your instance by below command in cloud shell.
$ gcloud compute instances describe [INSTANCE_NAME] --zone=[ZONE]
You can create a new VM and assign a static IP with the help of the Document and below command.
$ gcloud compute instances create [INSTANCE_NAME] --private-network-ip [IP_ADDRESS]
OR
You can change or assign an external IP in your existing VM following the steps of the document (GCLOUD), which are:
[Optional] Reserve a static external IP address (if you want to have the reserve external IP and this has cost implications).
Delete existing access configs.
Add the new external IP address.
When you create a Compute Engine instance and give it a public IP address you have two choices for that IP. It can either be ephemeral ... this means that the IP address is assigned (randomly) by Google and may change the next time the Compute Engine is restarted. The alternative is that it is static. These are IP addresses that Google fixes for you and are explicitly yours until you release them. There is no charge for a static IP address if it is actively being used (eg has a Compute Engine running that is using it). However if unused, you are charged 24 cents a day (1 cent an hour).
If, for some reason, you need a new IP address for a compute engine on demand, you can reserve a new static IP address and associate that with your compute engine.
See also:
Reserving a static external IP address

How to set a name for Apache server?

I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html

Hosting multiple websites in Google Compute Engine

We have 8 websites and 5 of them are small. I would like to host those 5 website in same instance but their ip must be same and static. I couldn't find a way how to allocate a static ip for each of them and how to host them in a single instance. They are PHP. Their db's are hosted in Google SQL.
Per the Google Compute Engine docs on static IP addresses:
An instance can have only one external IP address. If it already has an external IP address, you must first remove that address by deleting the old access configuration, then adding a new access configuration with the new external IP address.
That said, you don't need to have a separate static IP address per website—you can serve an arbitrary number of sites from a single VM by using a feature such as Apache virtual hosts which let you serve a different site depending on the hostname that is requested by the user.
This can be possible using Protocol Forwarding.
You can have different IP addresses for each website while using single Virtual Machine.
I had successfully hosted my 3 sites using method in past. If you need, I can write up a detail explanation on some blog.

Database reference a DNS name instead of IP address?

I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS? We currently own a website and were wondering if there was a solution to have something like db.website.com refer to our Amazon Web Services database? Is this possible?
When a database instance is launched under Amazon RDS (Relational Database Service), an endpoint is provided in the form of:
db.crwobkqad31a.ap-southeast-2.rds.amazonaws.com:3306
If you wish to apply a more friendly DNS name, configure a CNAME record in your DNS server (eg Amazon Route 53) that maps the friendly name (eg db.website.com) to the database endpoint.
The DNS name will resolve to an IP address. If the database is publicly-accessible and the name is resolved outside your Amazon VPC, a public IP address will be returned. If the name is resolved within your Amazon VPC, a private IP address will be returned.
You will typically want to protect your database from outside access by placing it into a private subnet. It is unusual to want to give end-users direct access to a database (which I'm assuming you want to do, given the desire for a friendly DNS name), but that is your choice.
I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS?
Not only can you, but you must. Your RDS will have an endpoint like something.random-string.us-west-2.rds.amazonaws.com. Correcting directly to its IPs is dangerous as the server's IP may change unexpectedly (if the server is modified, scaled, has an issue, or fails over).
You can use a CNAME pointed at your RDS endpoint, if you like, to use something like db.example.com instead of your RDS endpoint.

dyndns equivalent for ports? (so that port changes don't require config file changes)

DynDNS et. al. are great for not having to put IP addresses in config files... I put the dyndns domain in the config and if I ever want to change the server location I just update it in one place, and the config stays the same. But what if I want to change the port number that's used? Is there an equivalent for ports - so that I can also get what port to connect to from some service just like I get the IP from DynDNS? Or what's another solution (besides not changing the ports)?
DynDNS and DNS in general has the main purpose of not having to remember a host by its IP address. The DynDNS part comes is mostly to solve the issue of people who don't have static IP addresses, and they occasionally get new IP addresses when their DHCP leases expire.
The original intention wasn't really meant to account for someone purposely changing their IP address or port numbers. Usually a service is on a well known port that doesn't change, such has 80 for http. Depending on the protocol, you could set up a well-known port, and then have it redirect to a different port. As an example, some websites will redirect port 80 to 8080, but this is protocol dependent. This also won't work for a lot of other protocols, and you're usually stuck with the port you choose.
Using DynDNS I access three different machines behind the same router by simply adding a colon and the port number just as if I were adding it to a static IP address (ie myhome-computer.dyndns.biz:1234 ). Each port points to a different internal ip in the router. This works fine with my free host account. However, I am not aware of a port identifier that could report as the DynDNS host app does.