DevHeads.net

Expose my server to internet

Hello,

Out of curiosity, I just want to access my server over internet.
I have forwarded port 80.
I have got a free domain in NoIP.
In my router I've also configured the settings and successfully logged in.
But when I test whether my port 80 is accessible, it's not opened.
This is my home system, using Ubuntu 18.04. I've not enabled any firewall
by myself.

So just wanted to know whether should I configure anything in Apache httpd
to make port 80 accessible?

Thank you.

Comments

Re: Expose my server to internet

By rexkogitans@gmx.at at 07/12/2019 - 16:01

Could it be that you have a Provider Grade NAT?

This means that your host is within your home LAN, and this home LAN is
within a LAN of the Internet provider. If you ask for your IP address on
sites like whatismyipaddress.com, you see the IP address that your
provider's gateway has in the Internet. Thousands of other hosts which
are also customers of your provider could have the same IP address then.

If so, there is no way to access your host from outside (from the
Internet zone). There is also no way to access your host from within
another host of your ISP's network, because the intrazone traffic is
usally blocked.

kr,

rexkogitans

Am 04.07.19 um 06:16 schrieb Padmahas Bn:

Re: Expose my server to internet

By Walter H. at 07/13/2019 - 02:48

On 12.07.2019 22:01, <a href="mailto: ... at gmx dot at"> ... at gmx dot at</a> wrote:

Re: Expose my server to internet

By rexkogitans@gmx.at at 07/13/2019 - 08:42

This bails down to the same thing: Either your host establishes the
tunnel, or there is no way to reach it. In fact, this is a gateway
exclusively for your host - exactly something your ISP does not have.

Am 13.07.19 um 08:48 schrieb Walter H.:

Re: Expose my server to internet

By Mark J Bradakis at 07/04/2019 - 08:46

Some of the tools here might assist in tracking down what is visible to
the world and what is not.

<a href="https://tools.dnsstuff.com/#" title="https://tools.dnsstuff.com/#">https://tools.dnsstuff.com/#</a>

mjb.

Re: Expose my server to internet

By Padmahas Bn at 07/04/2019 - 13:45

Hello Bob, Richar and Mark,
Thank you for your response.

*@**Bob Cochran*,
Yeah, I can access port 80 form my local but not from internet. I'm trying
to access my IP from mobile network (Not wifi, from data pack) Please find
my comments below.

Your router will need to support NAT to translate your local IP address
sudo tcpdump -i enp2s0 -vvvSXn port 80
*@Richard szajkowski*,
It's my home network, and have dynamic IP address. But I've updated the IP
address which I got from google search "what is my ip", while forwarding
the port.

*@Mark J Bradakis,*
Thank you for the reference. I'll take a look.

Thank you.

Re: Expose my server to internet

By Bob Cochran at 07/04/2019 - 14:11

On 7/4/19 1:45 PM, Padmahas Bn wrote:
It sounds like you need to open a port on your router to forward port 80
to your apache server.  Be careful about which ports you open and
realize that once you do, others will discover it.  On the outside, you
don't have to open 80.  It might be helpful to pick a high, obscure port
number to avoid bots that scan ports searching for ways to gain entry
into private networks.

enp2s0 is the name of my Ethernet  network interface.  I can discover it
by running ifconfig.

It seems that you're somewhat new to networking.  I recommend that you
install Wireshark on your Ubuntu machine and read some tutorials about it.

Re: Expose my server to internet

By Richard szajkowski at 07/04/2019 - 13:57

It’s your inside address that needs to be static , yes the router will just be fine

Your box will need to be on something like 192.168.1( or 0) .50 let’s say and in the router that ip and port should point to that ip and port

I have all my static ip’s under 100 and dhcp is above 100

Hope this helps

Richard Szajkowski

Re: Expose my server to internet

By Padmahas Bn at 07/04/2019 - 14:12

Hello VA3RZS,

Yes, my internal IP address is static. It's 192.168.0.106. But DHCP is set
to "Automatic". Does that affect?

Thank you.

Re: Expose my server to internet

By Richard szajkowski at 07/04/2019 - 14:51

Yes , has to be set to static make sure your IP is out side the DCHP pool , that way it won’t be given to any one else by mistake .

That’s why I start my DHCP pool at .100

Richard Szajkowski

Re: Expose my server to internet

By Flaviu Radulescu at 07/04/2019 - 16:04

You need to do port forwarding on your router from the public ip port 80 to the internal (server) ip port 80. Also, configure your router to always give the same ip (static ip) to your server.

This way all the requests coming from outside on port 80 are forwarded to internal server ip on port 80, the server response are going to normally be routed to the source request, but you just need the outside traffic to be routed the the server ip. So, search on your router configuration for port forwarding. That’s all you need to do, nothing on the apache, just standard configuration.

Apologies for brevity and/or typos. An iPhone was involved in writing this message.

Yes , has to be set to static make sure your IP is out side the DCHP pool , that way it won’t be given to any one else by mistake .

That’s why I start my DHCP pool at .100

Richard Szajkowski

Hello VA3RZS,

Yes, my internal IP address is static. It's 192.168.0.106. But DHCP is set to "Automatic". Does that affect?

Thank you.

On Thu, Jul 4, 2019 at 11:27 PM VA3RZS < ... at gmail dot com<mailto: ... at gmail dot com>> wrote:
It’s your inside address that needs to be static , yes the router will just be fine

Your box will need to be on something like 192.168.1( or 0) .50 let’s say and in the router that ip and port should point to that ip and port

I have all my static ip’s under 100 and dhcp is above 100

Hope this helps

Richard Szajkowski

Hello Bob, Richar and Mark,
Thank you for your response.

@Bob Cochran,
Yeah, I can access port 80 form my local but not from internet. I'm trying to access my IP from mobile network (Not wifi, from data pack) Please find my comments below.
I'm not sure what you mean by "successfully logged in" into your router.
As I said, I've registered a free domain name on NoIP.com<http://NoIP.com>, I had to configure dynamic DNS in my router to synchronize my external/public IP (since it is dynamic in nature) with my registered domain name automatically. So i meant that configuration was successful.

Your router will need to support NAT to translate your local IP address
to the one on the Internet.
I'm using TP-Link 300M Wireless N Router, Model No. TL-WR841N / TL-WR841ND.
I hope this supports NAT.

sudo tcpdump -i enp2s0 -vvvSXn port 80
I'm not sure which parameters I need to change here according to my system. I just ran the same command and got output as
tcpdump: enp2s0: No such device exists
(SIOCGIFHWADDR: No such device)

@Richard szajkowski,
It's my home network, and have dynamic IP address. But I've updated the IP address which I got from google search "what is my ip", while forwarding the port.

@Mark J Bradakis,
Thank you for the reference. I'll take a look.

Thank you.

On Thu, Jul 4, 2019 at 6:16 PM Mark J Bradakis < ... at bradakis dot com<mailto: ... at bradakis dot com>> wrote:
Some of the tools here might assist in tracking down what is visible to
the world and what is not.

<a href="https://tools.dnsstuff.com/#" title="https://tools.dnsstuff.com/#">https://tools.dnsstuff.com/#</a>

mjb.

RE: Expose my server to internet

By Flaviu Radulescu at 07/04/2019 - 17:34

Here is a link to your router configuration with all the details of how to do the port forwarding: <a href="https://www.tp-link.com/us/user-guides/tl-wr841n_v14/chapter-4-configure-the-router-in-wireless-router-mode#ug-sub-title-7" title="https://www.tp-link.com/us/user-guides/tl-wr841n_v14/chapter-4-configure-the-router-in-wireless-router-mode#ug-sub-title-7">https://www.tp-link.com/us/user-guides/tl-wr841n_v14/chapter-4-configure...</a>

You need to do port forwarding on your router from the public ip port 80 to the internal (server) ip port 80. Also, configure your router to always give the same ip (static ip) to your server.

This way all the requests coming from outside on port 80 are forwarded to internal server ip on port 80, the server response are going to normally be routed to the source request, but you just need the outside traffic to be routed the the server ip. So, search on your router configuration for port forwarding. That’s all you need to do, nothing on the apache, just standard configuration.
Apologies for brevity and/or typos. An iPhone was involved in writing this message.

On 4 Jul 2019, at 21:52, Richard szajkowski < ... at gmail dot com<mailto: ... at gmail dot com>> wrote:
Yes , has to be set to static make sure your IP is out side the DCHP pool , that way it won’t be given to any one else by mistake .

That’s why I start my DHCP pool at .100
Richard Szajkowski

On Jul 4, 2019, at 2:12 PM, Padmahas Bn < ... at gmail dot com<mailto: ... at gmail dot com>> wrote:
Hello VA3RZS,

Yes, my internal IP address is static. It's 192.168.0.106. But DHCP is set to "Automatic". Does that affect?

Thank you.

On Thu, Jul 4, 2019 at 11:27 PM VA3RZS < ... at gmail dot com<mailto: ... at gmail dot com>> wrote:
It’s your inside address that needs to be static , yes the router will just be fine

Your box will need to be on something like 192.168.1( or 0) .50 let’s say and in the router that ip and port should point to that ip and port

I have all my static ip’s under 100 and dhcp is above 100

Hope this helps
Richard Szajkowski

On Jul 4, 2019, at 1:45 PM, Padmahas Bn < ... at gmail dot com<mailto: ... at gmail dot com>> wrote:
Hello Bob, Richar and Mark,
Thank you for your response.

@Bob Cochran,
Yeah, I can access port 80 form my local but not from internet. I'm trying to access my IP from mobile network (Not wifi, from data pack) Please find my comments below.
I'm not sure what you mean by "successfully logged in" into your router.
As I said, I've registered a free domain name on NoIP.com<http://NoIP.com>, I had to configure dynamic DNS in my router to synchronize my external/public IP (since it is dynamic in nature) with my registered domain name automatically. So i meant that configuration was successful.

Your router will need to support NAT to translate your local IP address
to the one on the Internet.
I'm using TP-Link 300M Wireless N Router, Model No. TL-WR841N / TL-WR841ND.
I hope this supports NAT.

sudo tcpdump -i enp2s0 -vvvSXn port 80
I'm not sure which parameters I need to change here according to my system. I just ran the same command and got output as
tcpdump: enp2s0: No such device exists
(SIOCGIFHWADDR: No such device)

@Richard szajkowski,
It's my home network, and have dynamic IP address. But I've updated the IP address which I got from google search "what is my ip", while forwarding the port.

@Mark J Bradakis,
Thank you for the reference. I'll take a look.

Thank you.

On Thu, Jul 4, 2019 at 6:16 PM Mark J Bradakis < ... at bradakis dot com<mailto: ... at bradakis dot com>> wrote:
Some of the tools here might assist in tracking down what is visible to
the world and what is not.

https://tools.dnsstuff.com/#<https://tools.dnsstuff.com/>

mjb.

Re: Expose my server to internet

By Richard szajkowski at 07/04/2019 - 08:42

Is this a home network or a business network ?

Some isp block ports , I would do a port scan to make sure it’s open , and then make sure the box that is hosting your sever has a static IP and you have the correct ip in your router for forwarding that static ip

Richard Szajkowski

Re: Expose my server to internet

By Bob Cochran at 07/04/2019 - 01:01

On 7/4/19 12:16 AM, Padmahas Bn wrote:
I think you're saying that you can access port 80 on your local network
but not from the Internet and are wondering what's blocking it.   It's
another matter if you can't access your website on your own local
network.  If that's the case, yes, you need to configure your conf file
properly.  Read the tutorial on the apache site for a walk through.

I'm not sure what you mean by "successfully logged in" into your router.

Your router will need to support NAT to translate your local IP address
to the one on the Internet.

If I was you, the first thing I would do is run tcpdump or wireshark on
your machine running apache and make sure you see an HTTP request coming
in and a response going back out.   You can do the same thing while
testing your local network, too.

Something like:

$ sudo tcpdump -i enp2s0 -vvvSXn port 80

This should give you the clues as to what's happening on your network. 
Of course, you can also see a request in your apache log.   I think the
default on Ubuntu for the log is /var/log/apache2/access.log

This page on our site might help you with tcpdump:
<a href="https://mindchasers.com/dev/tools-tcpdump" title="https://mindchasers.com/dev/tools-tcpdump">https://mindchasers.com/dev/tools-tcpdump</a>

Good luck,

Bob