Assume that there is a web-page called whatisyourip.com and that I have a web-page called changeip.com. A user wants to enter the site whatisyourip.com through changeip.com. Normally, changeip.com would be a proxy server so the user can hide his ip address. That's how users reach forbidden web-pages in their countries. But I want to ask, is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
Short answer: Yes. Make changeip.com a VPN server and assign different IP addresses to those VPN clients. Ensure they send all traffic through the VPN. This usually involves modification of the local routing table on the VPN client workstations for everything to work correctly.
Longer answer... There are several reliable ways to hide IP addresses of TCP sessions...
HTTP Proxy - you already described this situation
Network address Translation - this doesn't sound likely in your scenario
VPN Tunneling - Possible solution instead of HTTP proxy, even if it's something as simple as an SSL VPN. Depending on your constraints, this could also be a viable option.
You can't. TCP connections require a 3-way handshake. You can certainly send a SYN packet to the server to start the process, then change your IP address. but when the site responds with the 2nd-stage of the handshake (SYN+ACK), that packet is now going to your old IP address and your system will drop it - it has no idea that the server is responding to something that was started on the old IP.
You could try something like the Tor network, which offers end-to-end encryption of traffic and cloaking of origins, but it's not something I'd consider "reliable".
Not unless you spoof your IP, in which case the response will go to the forged IP. So no.
Related
I purchased a domain from namecheap, and I'm gonna to use cloudflare to DNS my domain, but it says Error 521.
I created an free instance on Oracle.
Cloudflare suggest me to add their ips to oracle, but I have no idea where to add these ips.
We're from the Solutions Architecture team over at Oracle Cloud Infrastructure and wanted to give you a few pointers to help you out.
What this error indicates, is Cloudflare is having problems accessing your website. Most likely this is because you have not yet configured your website to be accessible from the internet. While we didn't write this, it appears the community has a set of instructions here on how to expose your site to the internet:
https://dev.to/yoursunny/how-to-host-a-website-in-oracle-cloud-free-tier-5hca
Here's another online class for doing the same with wordpress: https://www.udemy.com/course/wordpress-website-built-on-oracle-cloud-always-free-tier/
Once done, you'll want to test your website by IP address in a web browser to make sure you can at least load your web page.
What Cloudflare is suggesting is you should actually only open access to your website from the specific IP addresses of the Cloudflare network. This increases the security of your website by preventing people from bypassing Cloudflare if they know your site's IP address. To do so, instead of adding 0.0.0.0/0 as the allowed CIDR you add an individual entry for each CIDR listed here: https://www.cloudflare.com/ips/
For testing though, just use 0.0.0.0/0 until you have it working. Then you can change it.
Finally, don't forget to check host firewall rules (see iptables --list). Not having a entry for port 80/443 is a common error.
Let us know if it works for you.
I have a similar setup where cloudflare is fronting my app. However, in my case I am just using a public load balancer in OCI. Bought a domainname pointing to the public IP of load balancer. This way first I tested my site without the domain name and just hitting load balancer IP. If that works fine, then in the Cloudflare you just need to proxy the domain to the public IP of LoadBalancer.
I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html
I have a MySQL database running on my raspberry pi.
To access it I use dynamic DNS (duckdns) when I am outside of my network, but I would like to access it with same dynamic domain name when I am inside my network. However it is not working and I always get connection refused.
I would like somehow enable it so I do not have to change in app.config MySQL server address from my dynamic domain to localhost when I am inside my local network.
You'll need a gateway router that supports NAT hairpinning. Many consumer-grade units (and some supposedly commercial-grade equipment) doesn't support this. Either yours doesn't, or you need to find an option to enable it.
When you try to connect to the public IP address from inside the network, the router probably assumes that you want to connect to the router itself.
My cable modem's built-in router at home understands how to do this. When I access my server from the laptop, and connect to the public IP from inside, the router (inside the cable modem) does a transformation on the packets so that my server sees my connection coming from the router's IP address, not my laptop's IP address.
This is what has to happen, because when the server responds, it will respond to the machine that connected to it. If it responded to the laptop's address, the laptop would reject the traffic, since it would be coming from ther server's internal IP, which is not the IP address I connected to. So, it responds to the router, which does a second transform on the packet address, replacing the server's internal IP with the external IP. Remembering the session from previous traffic, the router then sends the packet back to the laptop.
Ultimately this setup can't possibly work for you without the complicity of your router, which may not have that capability.
Some routers, however, have a DNS proxy that will allow you to create static entries. My former DSL modem could not hairpin NAT connections, but it had a way to create DNS entries that would be used to respond to internal DNS queries for a specific host... with a different IP than the one that DNS otherwise provided. That's an alternative workaround if the router supports it.
We have developed a client app and a server app. The client communicates with the server using the http protocol and sends some data to be processed by the server.
Our structure allow us to have the server installed anywhere. I can be on the same client network or even on the cloud.
When the server is hosted on the cloud, it makes sense asking the user for the server address (since it can change if the user wishes to) but it does not make sense when the server is on the same network that the client. Besides that, we are currently asking users to configure the server ip/name in order to connect to the server.
To avoid this (asking users for the address) I have developed a discovery service based on UDP. The client broadcasts a message that the server answer with its address. It does work on some cases, but it does not when the user has some kind of firewall, proxy or even an anti virus.
I have read a lot about discovery services, and the one that a like most is Bonjour.
So, the question is: what is the best way of discovering a server's IP when the server is on the same network that the client without being blocked by firewalls, proxies, etc?
You can keep your service purely local (in the intranet) and build on top of what you are using now by implementing hole punching. You can get past firewalls, but Im really not sure about AV software policies.
Or you can establish a well-known http-based discovery service in the internet.
A server comes alive, sends its (local) ip address to the discovery service (keeps sending keep-alives)
On startup, the client queries that discovery service, identifies the local subnet he is in, and gets back the local ip address of the server.
That of course creates a single point of failure in your system in that if the discovery service kicks the bucket, your clients cannot find servers. You can remedy that by replicating the service and/or introducing fallback mechanisms (like the purely local discovery you have), which you probably want to do anyway. The only problem you might have is the subnet identification, if computers in local subnets dont share external IP addresses (then it depends on what a local subnet is for you).
Is there a performance difference between TCP connections to:
localhost / 127.0.0.1
a domain which resolves to the local machine
Or more specifically, do the latter connections go through the loopback device, or over the actual network?
The reason I'm asking is I'm thinking about changing database settings in many PHP apps so they use a full domain instead of localhost. That way we could more easily move the database to a different server, if the need arises.
This is implementation and operating system dependent. On Windows, anything connecting to a local IP address, even if it is an outside-facing IP, will go over loopback. This is a documented problem for applications such as packet sniffers, because you can't sniff the loopback. (Windows doesn't treat loopback as a "device" -- it is handled at the network level.) However, in this case it would work in your favor.
Linux, in contrast, will follow whatever you have in your routing table, so packets that are destined to your local machine will go to your local machine over the network if the routing table isn't properly configured. However, in 99% of the cases the routing will be configured properly. Your packets won't go over the loopback device, but the TCP/IP stack will know that you are contacting a local IP and it will virtually go out and back in the proper ethernet device.
In a properly configured environment, the only bottleneck for using a domain name would be DNS resolution time. Contacting an outside DNS can add additional latency into your configuration. However, if you add in the domain name into your /etc/hosts file (C:\Windows\System32\drivers\etc\hosts on Windows), your system will skip the DNS resolution phase and obtain an IP directly, making this time cost moot.
That depends on how the names are resolved. The procedure is typically /etc/hosts first and then DNS if that fails. If localhost is in your /etc/hosts, putting whatever.wherever in the file as well will make it resolve with the same speed.