I've looked through posts with no real answer to this question: is the address 127.0.0.1 a hardware set address much like promiscuous mode is a hardware setting on devices? I've tried to set my address to 127.0.0.1 on eth0, disable the lo, and even change the lo address, to make packets go out the eth0 port with address 127.0.0.1. The packets always end up on the lo port when I use sniffing tools like wireshark. Is there a way to do this, is this hardware or hardcoded into the drivers?
The loopback address is controlled by software (e.g. in the kernel). It is never associated with any hardware.
You don't specify your operating system, but unless it's very unusual, there really isn't a way to do what you ask (have packets addressed to 127.0.0.1 appear on an external interface).
Update:
Here's the spec:
127.0.0.0/8 - This block is assigned for use as the Internet host
loopback address. A datagram sent by a higher level protocol to an
address anywhere within this block should loop back inside the host.
This is ordinarily implemented using only 127.0.0.1/32 for loopback,
but no addresses within this block should ever appear on any network
anywhere [RFC1700, page 5].
Related
I've been poking around the internet trying to get an answer to this one but so far I've only seen it as "normal" behavior.
I have a fedora 29 host configured to send rsyslog messages over the default 514 port. That works as intented and has been for some time now. I had a client notice that the host would "listen" on an ephemeral port that appears to change with each reboot:
ss -tulnp | grep 46852
udp UNCONN 1536 0 0.0.0.0:468520.0.0.0:* users:(("rsyslogd",pid=676,fd=15))
also:
lsof -i :46852 -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 676 root 15u IPv4 24836 0t0 UDP *:46852
Anyone know why rsyslog is doing this? It appears to be default behavior, and I'm not worried about it as the port can't be hit externally (firewall prohibits it) but just wanted to understand it. I also couldn't find anything in the rsyslog docs that talked about it.
Thanks!
This is just observed behavior I am curious about.
This isn't something that rsyslog is doing, but rather your OS.
Clients are assigned port numbers (random and sequential) by your operating system, as part of the sequence of system calls, that create a network connection. For example TCP and UDP typically use an "ephemeral" port for the client-end of a client–server communication.
These port numbers are - as you said - called "ephemeral" because they are valid only for the life of the connection and have no special significance.
As to why ephemeral ports are used.. I don't know. Maybe someone on ServerFault or Network Engineering can answer this question.
From my understanding ephemeral ports can be used either temporary or private. So if a service (temporarily) needs a port it can use an ephemeral port. After the service has done it's requests and has timed-out for some time, the port is released and can be used by some other service. This way a service doesn't block a port even though it doesn't even use it, or just frequently uses it.
I had to reset my router and modem, after a 3 hour task of getting those working properly again I can connect to the internet.
I had WordPress running locally on MAMP and the IP address I'd connect to was http://192.168.1.141:8888, now I can't access this address at all locally, the page never properly loads. http://localhost:8888/MAMP/ does load, I can access phpMyAdmin, start page etc.
However localhost:8888 sort of 'half' loads? I can see the title of the site I have running locally in the browser tab and at the bottom it says 'connecting to http://192.168.1.141:8888' but it never loads properly.
Restarted MAMP, cleared browser cache, restarted computer etc, nothing fixes it.
While 192.168.1.141 is the address you used to connect to, after resetting your router and modem, depending on how your router assigns IP addresses (statically or dynamically), your IP address may have changed.
How to check your ip address on Windows:
Click start menu
type in cmd.exe
type ipconfig into the terminal
your ip address should be listed in the results
#gilsho: ifconfig is the *nix command, MAMP I think stands for Microsoft / Apache / Mysql / PHP.
Correction: #gilsho: you are right. MAMP is Mac, so you would use ifconfig.
http://en.wikipedia.org/wiki/MAMP
Once you confirm your ip address, we can continue to help you.
Edit: To make things easier for you, I would go into your router (usually 10.0.0.1 or 192.168.0.1) and set up your ip address to a static one (they usually make it easy for you; your mac address can be found in the ipconfig results, just assign the mac address to an ip address in the range it assigns you. That way, the router will always give you the same ip regardless of whether it is restarted or not.). This will not mean you can access your webpage outside of your router network though.
Edit #2:
Try using a simple index.html (maybe your apache comes with one) that you can try loading. Perhaps it is your webpage that bricks something while loading. In any case, it's best to simplify the problem. If you can load a simple html "hello world" page, then it's likely a problem with your code.
Edit #3:
Is your webpage using any additional technologies? You have PHP, Python, Ajax/jQuery, etc. etc. If one of these components or plugins is missing or not configured, you may also see problems such as loading issues, 405/500 errors, etc.
Routers typically use DHCP to hand out local IP address to host machines. I suspect that when you restarted your router your machine received a different IP address. In order to find your new IP address, run:
ifconfig
from the command line. The output should look something like this:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether c9:a4:51:43:5b:1b
inet6 fe80::bae8:56ff:ae23:5c1a%en0 prefixlen 64 scopeid 0x4
inet6 2601:9:400:1185:bae8:56ff:fe43:5b1a prefixlen 64 autoconf
inet6 2601:9:400:1185:fdcd:395b:4671:7cbf prefixlen 64 autoconf temporary
inet 192.168.1.113 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
search for the inet field, that's your current local IP address.
Ok well that took FOREVER to fix, but after I managed to reset my router and set all that up again I decided to use manual DHCP and just changed it back to my old local IP.
God, working with any equipment you get from an ISP is a nightmare.
Assume that there is a web-page called whatisyourip.com and that I have a web-page called changeip.com. A user wants to enter the site whatisyourip.com through changeip.com. Normally, changeip.com would be a proxy server so the user can hide his ip address. That's how users reach forbidden web-pages in their countries. But I want to ask, is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
Short answer: Yes. Make changeip.com a VPN server and assign different IP addresses to those VPN clients. Ensure they send all traffic through the VPN. This usually involves modification of the local routing table on the VPN client workstations for everything to work correctly.
Longer answer... There are several reliable ways to hide IP addresses of TCP sessions...
HTTP Proxy - you already described this situation
Network address Translation - this doesn't sound likely in your scenario
VPN Tunneling - Possible solution instead of HTTP proxy, even if it's something as simple as an SSL VPN. Depending on your constraints, this could also be a viable option.
You can't. TCP connections require a 3-way handshake. You can certainly send a SYN packet to the server to start the process, then change your IP address. but when the site responds with the 2nd-stage of the handshake (SYN+ACK), that packet is now going to your old IP address and your system will drop it - it has no idea that the server is responding to something that was started on the old IP.
You could try something like the Tor network, which offers end-to-end encryption of traffic and cloaking of origins, but it's not something I'd consider "reliable".
Not unless you spoof your IP, in which case the response will go to the forged IP. So no.
DynDNS et. al. are great for not having to put IP addresses in config files... I put the dyndns domain in the config and if I ever want to change the server location I just update it in one place, and the config stays the same. But what if I want to change the port number that's used? Is there an equivalent for ports - so that I can also get what port to connect to from some service just like I get the IP from DynDNS? Or what's another solution (besides not changing the ports)?
DynDNS and DNS in general has the main purpose of not having to remember a host by its IP address. The DynDNS part comes is mostly to solve the issue of people who don't have static IP addresses, and they occasionally get new IP addresses when their DHCP leases expire.
The original intention wasn't really meant to account for someone purposely changing their IP address or port numbers. Usually a service is on a well known port that doesn't change, such has 80 for http. Depending on the protocol, you could set up a well-known port, and then have it redirect to a different port. As an example, some websites will redirect port 80 to 8080, but this is protocol dependent. This also won't work for a lot of other protocols, and you're usually stuck with the port you choose.
Using DynDNS I access three different machines behind the same router by simply adding a colon and the port number just as if I were adding it to a static IP address (ie myhome-computer.dyndns.biz:1234 ). Each port points to a different internal ip in the router. This works fine with my free host account. However, I am not aware of a port identifier that could report as the DynDNS host app does.
Is there a performance difference between TCP connections to:
localhost / 127.0.0.1
a domain which resolves to the local machine
Or more specifically, do the latter connections go through the loopback device, or over the actual network?
The reason I'm asking is I'm thinking about changing database settings in many PHP apps so they use a full domain instead of localhost. That way we could more easily move the database to a different server, if the need arises.
This is implementation and operating system dependent. On Windows, anything connecting to a local IP address, even if it is an outside-facing IP, will go over loopback. This is a documented problem for applications such as packet sniffers, because you can't sniff the loopback. (Windows doesn't treat loopback as a "device" -- it is handled at the network level.) However, in this case it would work in your favor.
Linux, in contrast, will follow whatever you have in your routing table, so packets that are destined to your local machine will go to your local machine over the network if the routing table isn't properly configured. However, in 99% of the cases the routing will be configured properly. Your packets won't go over the loopback device, but the TCP/IP stack will know that you are contacting a local IP and it will virtually go out and back in the proper ethernet device.
In a properly configured environment, the only bottleneck for using a domain name would be DNS resolution time. Contacting an outside DNS can add additional latency into your configuration. However, if you add in the domain name into your /etc/hosts file (C:\Windows\System32\drivers\etc\hosts on Windows), your system will skip the DNS resolution phase and obtain an IP directly, making this time cost moot.
That depends on how the names are resolved. The procedure is typically /etc/hosts first and then DNS if that fails. If localhost is in your /etc/hosts, putting whatever.wherever in the file as well will make it resolve with the same speed.