So this is the situation: I have a bunch of Arduinos and Raspberry Pis along with an ubuntu server on a local network. The arduinos and pis communicate with that local server routinely using PHP GET & POST requests.
Now this local server sometimes "fetches" something from a remote server in the cloud (also using PHP GETs) to respond to local requests from Arduinos and Pis.
Now here's the problem: The local server has no issues communicating with the remote server by GETs, but what if I want the server in the cloud to send a GET to the local server?
This part is kind of confusing to me as the local server is on a regular LAN and connects to the internet via a router through a local commercial ISP that issues dynamic IPs.
How can I send PHP GETs from an "online" server to a local server?
Please note that both servers are running Apache/PHP/MySQL on Ubuntu 14.04.
Thanks a ton in advance!
You will need two steps to accomplish that.
step 1 - make router forward external requests to LAN server
step 2 - make external server know the current dynamic WAN ip
step 1:
The router has to be configured to forward WAN requests to your LAN server. Assuming you use a normal home router, you typically point your browser towards the router ip and login on the router. Now you have to find where to configure forwarding (unfortunately naming of this feature varies from router to router).
While you typically can define an "exposed host" where just all external requests go to, you are better of in terms of security if you just forward specific ports to your server. As you are going to use HTTP protocol, the standard ports here would be 80 (http) and 443 (https). So assuming you use HTTPS with default port, a typical forwarding would be:
router WAN ip, port 443 --> server LAN ip, port 443
This forwards any external request to the router on port 443 to your internal server on port 443.
Now your server should be able to receive those requests, but you still would need to know your router's current dynamic WAN ip.
step 2:
As your router's WAN ip changes from time to time, you need to somehow announce that ip to your external server.
One easy way of doing is by using an external service which will provide you with a URL, which will resolve to your current ip. This is often referred to as DDNS or dynamic DNS. One quite well known DDNS provider is https://dyn.com/dns/ - but there are plenty others, and you will even find free ones. After registering with such a provider you will be given a URL which your external server can use instead of the ip.
Now you still would have to let know the DDNS provider you current dynamic WAN ip. Most easy way to do this again involves your router. Check its config for DDNS settings, typically routers do support this feature, often there are even some specific providers pre-configured. Setup your router with the credentials you got from the DDNS provider.
Now everything is set. You should be able to send requests to your internal server by using the URL you got from your DDNS provider, while your router both forwards such requests and notifies the DDNS provider about any ip changes.
A word of warning - you just exposed your local server to the internet. So you will have to treat it like any server on the internet to keep it safe, including careful configuration, installing security updates and so on.
You have to open a port on your router, and specify where the router should lead the request to. Lets assume your external ip is: 80.82.71.24, going to this ip address (fx: http://80.82.71.24) will lead to your router. Then the router decides what to do with this request, normally the request would timeoutted / refused. But on the router, if you specify that this certain request (could be: tcp/udp) (to a specified port) should point to a certain internal ip (the local server ip), then it's possible to do what you want.
But to do this, you need to read up on your router - first of all, see if you can login into it. Could you specify what router you use and if your internet connection is yours or shared (fx. campus, school, etc)?
By the way, it would not be a good idea to open up the port for the whole world, so maybe you should consider to only allow your cloud server ip to gain access to that specific port.
Related
I want a certain person to access my PHP program (connected to a MySQL database) but we live in different places. Is it possible for her to access my Wamp Server if we are connected to different internet connections? I got it to work with someone but we were connected to the same WiFi.
You need at least one connection between both LAN network either LAN or WAN.
You need to edit apache config file vhost access permission to "Allow from All".
Once you do that go to server's network router and forward all port 80,443 and 3306 traffic to wamp server's IP address it.
Now you can access wamp server directly by using WAN IP of server's network.
You'd basically have two options to make it visible to her:
Make your web server visible from the Internet which has lots of
security implications and might require you to use a custom port
since most ISPs block incoming requests on port 80. You would have to set up port forwarding in your router to point to your web server.
Set up a VPN server that she could connect to, which would also need to be port forwarded in your router. This also has security implications but would likely result in much fewer attacks.
I want to make a php application and it must host in a computer and open from many branches of my schools using web.
I installed XAMPP on my pc server, and if i try to open the application in the same LAN network it works, but if i change the network it is not working.
The browser say that ip 192.168.1.22 take large time to load and not open.
how can i config that problem please
You need to set up a static IP on your machine, then set your router to forward ports so that all requests that come to your router on a particular port would be forwarded to your machine. This should do for testing purposes, but if you want to host a website for example you will need to get a permanent static IP for your router, this usually costs money from your ISP(internet service provider).
192.168.1.22 is your local IP address, you cannot access it from a different network. You can get your external IP address for example using whatismyip.com. Also, if you are behind a router, you have to open and forward the port which is used by your web server to your machine.
I have forwarded the ports from my modem and while checking from "canyouseeme.org" it says,
Success: I can see your service on 1.186.*.* on port (8510) `Your ISP is not blocking port 8510.
But when I access my files the browser responds as,
This webpage is not available
ERR_CONNECTION_REFUSED
Hide details
Google Chrome's connection attempt to 1.186.*.* was rejected. The website may be down, or your network may not be properly configured.
I have put my wamp server online,changed port to 8510,set "Allow from all" in the httpd.conf but everything in vain.Can anyone help me out.
Thanks in advance.
You might either face a configuration problem with all your forwards, or - the most common reason for this behaviour - your router does not support Loopback-Connections.
Meaning: Even IF your external ip would be 1.1.1.1 - calling 1.1.1.1 from within your local network does not work, because your router is unable to determine that 1.1.1.1 refers to itself on the WAN-side. (or it forwards all connections on the external ip to its internal ip, therefore failing for machines behind the router which rely on port-forwarding to be executed, which does not happen for requrests arriving on the internal ip adress.)
don't be afraid, only very little routers are supporting this. Even if you use an external dynamic dns, you usually can't connect from withing your local network. To verify whether this is the case or not - you need to move physicaly outside to check connectivity (or use a thethered connection with internet-Sharing on your mobile and connect through your smartphone, tablet or notebook using the internet sharing feature)
If canyouseeme.org can see you - but you can't from your local network I'll bet, you are running in exactly this issue.
Edit: I'm having the exact same Problem. (well not a problem, if you know about):
CanYouSeeMee
Local Network:
Smartphone (Wifi Disconnected)
Sidenode: To have everything like owncloud working internally as well, I just configured my DNS-Server to serve a fake Forward-Lookup, so that http://externaldomain.com is resolved as an local ip from inside my network.
So, from outside: http://externaldomain.com resoles to whatever my external ip is (91.48.*.*) but from the inside, it resolves to the internal ip of the very same server (192.168.5.5).
So, I could use all DNS-Names without limitation, only can't use my external ip.
Change laptop firewall to allow inbound connections to port 8510.
Open a Port in Windows Firewall
This can be very broad, as firewall layers can including many components, such as those from Norton, etc.
I have some software running on port 50885 on a computer behind a NAT
How can I access this port from the internet?
I can initiate something from the computer as I have to launch the app.
If I get it correctly : with my local address:port, lets say : 192.168.0.10:50885
If something goes trough the NAT initiated by the computer, Then there should be some sort of port forwarding created automatically and there should be some sort of publicly IP:PORT that should knock on the 50885 port on the computer behind the NAT. Am I right?
If so, wouldn't it be possible to ask a server-side script like in php, Hey, tell me what this publicly IP & Port are?
I'm a bit confused about Port Forwarding.
Per my understanding, assuming you use socket local_ip:local_port to connect remote1_ip:remote1_port. After NAPT device local_ip:local_port becomes translated_ip:translated_port. remote1 can get translated_ip:translated_port but I have not found such service. Next time you establish a new connection with remote2_ip:remote2_port with the same client local_ip:local_port, will translated_ip:translated_port be kept unchanged? Normally NAPT sever will reserve it for some time, say 5 minutes. So if someone from remote3:remote3_port to connect translated_ip:translated_port within 5 minutes (since the last packet sent to translated_ip:translated_port), NAPT server will direct traffic to local_ip:local_port. If remote3_port=remote1_port, though remote1_ip!=remote1_ip, the connection will be accepted by the local socket. If the information expired, NAPT sever will allocate a new translated_ip2:translated_port2.
Yes, you would have to query an external script to retrieve the public info from the other side of the router. There are plenty of websites to get the IP (http://whatismyip.com, http://iplookup.flashfxp.com, etc) but I have never seen one that reports both the IP and Port, they usually only report the IP. Most NATs use a 1-to-1 relationship on ports, though they CAN use different ports. If you have your own website (or have a friend that does), it would not be very difficult to write your own script to retrieve the public port.
If you make an OUTBOUND TCP connection from your LAN PC through the router to the outside, then the router generates and keeps track of the necessary NAT lookup info automatically so it can then forward traffic back and forth for that connection.
If you make an INBOUND TCP connection from the outside through the router to your LAN PC, there is no NAT lookup info established automatically. The router needs to be told ahead of time, via a Port Forwarding rule, which private LAN IP:Port to direct an incoming connection to when it receives a new client connection on a specific public IP:Port. If your router supports uPNP (and if it is enabled) then your app can use a uPNP API/library to programmably create a Port Forwarding rule in the router when the app opens a listening socket. Otherwise, if uPNP is not available then you have to configure the router manually instead.
I'm asking myself if it is possible to send the ip address from my router to a php script on a web hosting package (not an own server), safe it (like http://www.axelteichmann.de/DynamicDNS/index-DynDNS-mit-Fritzbox.php) and relay all incoming traffic on port 80 http and 443 https (via socket_create_listen) to the safed ip address, where my local owncloud instance (on a more powerful machine) is waiting for incoming request. I'm not quite sure if this would work. Does anyone knows that?
I found an interesting post on: http://www.phpgangsta.de/client-ip-problem-bei-reverse-proxy-betrieb
But it's also requiring changes on the underlying server.