Web server behind WRT AC1900
I just upgraded to the WRT AC1900 router, I have a website using Dynamic DNS (dns2go.com) which is attached to the router, I have setup port forwarding for port 80 to go to the server IP address. When I try to go a website from the internal network I am being routed to the AC1900 login page. But from external I am getting to the sites on that server. Let me know what information you need from the configs and I will gladly give it.
I'm surprised any other consumer routers with firewalls would allow it. Consumer, because rarely are you going to find home users running web servers... If they do run web servers then they aren't going to try to hit the webserver by using the outside dns entry. Heck, in enterprise work environement, we don't hit the web servers using external names unless we have internal dns servers that bind the inside address to that name. So, here are the options to fix the problem. 1. Run a internal DNS server to bind private IP address.2. Edit the /etc/hosts or C:\Windows\System32\drivers\etc\hosts and put a entry in there manually.3. Just use the inside address manually.
Similar Messages
-
To host an web server behind an firewall which is behind an router
Dear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
BalamuruganDear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
Balamurugan -
Installing Iplanet web server and directory server behind a firewall
When installing iplanet web server and directory server behind a firewall - should the interal ip address be used or the external ip address?
Hello,
When you are installing iplanet web server behind a firewall,you should use the internal ip address in the firewall.
1. The external ip address connection to the Internet. The type of IP address used?dynamic (commonly used for standard
modems) or static (commonly used for cable modems) is dictated by the ISP to which you connect and the type of service it provides.
2. The internal ip adress connection. This connection must be a static IP assignment, and it must be assigned by you.
obviously it depends on the type of firewall setup you have.
Thanks
Selva -
External Web Server links to internal web server on LAN - how to configure?
I'm hoping someone can give me a bit of assistance with some routing configurations:
Currently, I have a Cisco PIX 515E that's handling my VPN and routing/DNS, etc. I'm dumping the PIX (it's overkill for my organization and it's costing too much money for Cisco-certified techs to come in and still not configure it correctly for my needs - long story).
Furthermore, an external website hosted with our ISP links to a public IP (let's say 192.x.x.1) that points through the current PIX firewall, through a DMZ, and then to a webserver hosted locally behind our firewall.
I'd like our Xserve to take over for the PIX, providing VPN access, DNS, etc. and to properly route calls from the web to 198.x.x.1 to the correct server behind out network.
The Xserve has two NIC cards, one on a public IP 192.x.x.2 (for the sake of this discussion) and one with it's internal address of 10.1.0.2 for file sharing, etc.
The internal web server also has 2 NIC cards, one that listens for the links to 192.x.x.1, and one that listens locally on 10.1.0.80 for LAN application services.
How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Any help is appreciated. If more info is needed, I'm happy to provide.
Thanks in advance!I've read your post several times and I'm pretty sure I understand what you're saying, until the line:
>How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Assuming that the 192.x.x.1 address is a real-world, public IP address that the web server is using, you want all requests from the outside world to go to this address, correct? but requests from the inside world want to go to the 10.1.0.80 address on that server?
That part I get - you want split DNS, which is not trivial to setup, but is manageable. The part I don't get is where the firewall comes in - you're removing the pix and replacing it with an XServe, but the web server has a public IP address in the same range as the XServe's public IP address and on that basis no traffic is going to flow through the firewall.
So I'm not sure if this is a firewall or a DNS question.
Split DNS will handle the internal vs. external traffic going to the different IP addresses of your server. You can't use Server Admin to do this (it can't handle multiple views of the DNS), but it is possible to do by hand.
The firewall element stumps me, though - but if the XServe is going to run as the firewall you might just find it easier to put the web server behind the firewall and forget the whole DMZ concept.
Then again, you could get the PIX operating correctly - it's a viable firewall appliance and I'd be surprised if it couldn't do what you want here. -
Web server and Exchange behind an ADSL router
Hi all:
I finally was able to go through the basic configuration of my new cisco ASA 5515 X (i'm completely new to cisco devices).
I also managed to create VPN's to my two Amazon VPC sites. This was particularly hard because my ADSL Router which this Cisco firewall is behind was making trouble.
Finally, all I had to do is reboot the ADSL Router and it all started working, but I had a hard time to find out the source of the problem (the guys at Amazon did the job, to be honest)
Now I face the next step, opening my web server and exchange server to the world. How is this done? Do I need to do something special because of the ADSL router?
Thank you.On the ASA you'd do this with an ACL
object-group service EXCHANGE_SERVICES tcp
port-object ew www
port-object eq imap
...etc etc
access-list outside_in extended permit tcp any host 192.168.203.24 eq www
access-list outside_in extended permit tcp and host 192.168.203.11 object-group EXCHANGE_SERVICES
access-group outside_in in interface outside
You'd also have to allow access in from your ADSL router. -
Has anyone setup a Ubuntu Web server running Ebox behind a AirportExtreme?
I'm setting up a Ubuntu Server, as a web server on a LAN that has access to the Internet via an AirportExtreme (cable modem on the WAN port). The Server is running Ebox (a web based maintenance tool) which can be accessed via the WAN on HTTPS port 443.
Are there any setup considerations on the Airport I need to consider to allow access from the Internet?
ThanksYou will most likely need to configure the 802.11n AirPort Extreme Base Station (AEBSn) for port mapping to allow inbound traffic from the Internet to access your web server. Note: You will need a Windows PC or Mac to run the AirPort Utility to configure the AEBSn.
-
Access websites hosted on local web server
Hi there,
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error:
6
May 05 2013
11:52:27
192.168.55.61
50420
Failed to locate egress interface for TCP from inside:192.168.55.61/50420 to 86.*.*.*/80
ASA runs version 9. Here is the config bit:
object network denon-server
host 192.168.55.200
access-list outside_access_in extended permit tcp any object denon-server eq www
object network denon-server
nat (any,outside) static interface service tcp www www
Any suggestions?Hi,
I assume that you are trying to reach the LAN server with the public IP address that the ASA holds and also uses for the above Port Forward / Static PAT configuration?
If this is the situation then I am afraid that with the current configuration that is not possible. The NAT configuration towards Internet is done between probably "inside" and "outside". So "outside" interface holds the public IP address. ASA doesnt let you connect to that "outside" IP address from behind the "inside" IP address. (Or any other interface for that matter)
What you could try to do is configure a NAT that would enable you to use the public IP address of the server even when connecting from the "inside" of ASA.
Try this
object network SERVER-LOCAL
host 192.168.55.200
object network SERVER-PUBLIC
host 86.x.x.x
object network LAN
subnet 192.168.55.0 255.255.255.0
nat (inside,inside) source dynamic LAN interface destination static SERVER-PUBLIC SERVER-LOCAL
Where
SERVER-LOCAL = Is the "object" that defines the real IP address of the server
SERVER-PUBLIC = Is the "object" that defines the public IP address of the server (that ASA holds on its "outside")
LAN = Is the "object" that defines the subnet from where LAN users connect to the server public IP address
Check that the network mask is correct for the LAN and fill in the public IP address.
The actual NAT configuration tells the ASA this
When a connection from LAN is coming towards SERVER-PUBLIC then UN-NAT SERVER-PUBLIC to SERVER-LOCAL and NAT LAN to "inside" interface IP address (as defined by the parameter "interface" in the configuration)
This should enable the LAN hosts to use the public IP address to connect to the server. The server though will see the connections coming from the ASA "inside" interface IP address.
Hope this helps
Please remember to mark a correct reply as the correct answer if it did answer. And/or rate helpfull answers
Ask more if needed.
- Jouni -
Can't connect via Screen Share or Web Server, but can ping and ssh
Bit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercresBit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercres -
Setting up a publically-visible home web server w/ DSL residential?
Is there a how-to guide for setting up a small publically-visible home web server, basically for testing purposes?
I have a DSL modem, Westell.
The web server software is running and I can see the site on my home network, but everyone else on the Internet gets a timeout. The server is not reachable.
When I run traceroutes, the Modem's IP address does not show a timeout, but the Computer's IP address does show a timeout. This is with all firewall software disabled.
Can anyone help?Before I try to help you, I am just wondering.
Since you are using this server for testing, why does it have to be publically-visible?
In the meantime as I wait for that reply to my question, pre-check list for allowing user from the net to connect you:
#1 The Default Gateway on your computer is the same IP Address as the Westell A90-750015-07?
For example, if on Windows XP
a) Go to Start -> Run.
b) Type in cmd and press enter.
c) In the new window, called the command prompt, type in ipconfig /all and press enter.
#2 In the router go to Advanced -> Private LAN
#3 What is the Starting and Ending IP Address?
#4 In the router go to Advanced -> Universal Plug and Play
#5 If you do not have at least two game consoles behind this two router, turn off UPnP in the router.
By game console, a special type of computer with no keyboard or mouse (and it/they are usually connected to a TV).
#6 In the router go to System Monitoring -> Gateway Status
#7 With another web browser Window OR Tab, go to https://www.grc.com/x/ne.dll?bh0bkyd2
#8 Below the text that says The text below might uniquely identify you on the Internet is an IP Address.
#9 In the web browser window or tab, that is still looking in the router, you should see that same IP Address.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button. -
Question about writing a web server
I was asked to write a simple Web server that responds to HTTP requests received on port 808
It has the following features:
1.a request for an HTML document or image file should generate a response with the appropriate MIME type
2.a request for a directory name with a trailing / should return the contents of the index.html file in that directory (if it exists) or else a suitably formatted HTML listing of the directory contents, including information about each file
3.a request for a directory name without a trailing / should generate an appropriate Redirect response
4.a request for a non-existent file or directory should generate an appropriate error response
5/the Web server should be multi-threaded so that it can cope with multiple
how to do it?
may anyone help me please?As a startert for ten, try this that I had lying around form a previous
forum response.
java -cp <whatever> Httpd 808
and connect to http://localhost:808 to get an eye-full.
If you should use this for anything approacing a commercial
purpose, I will, of course, expect sizable sums of money to be
deposited in my Swiss bank account on a regular basis.
Darn it! I'm serious!
import java.io.*;
import java.net.*;
import java.util.*;
public class Httpd
implements Runnable
private static String HTTP_400=
"<HTML><BODY><H2>400 Bad Request</H2></BODY></HTML>";
private static String HTTP_403=
"<HTML><BODY><H2>403 Forbidden</H2></BODY></HEAD>";
private static String HTTP_404=
"HTML><BODY><H2>404 Not Found</H2></BODY></HTML>";
public static void main(String[] argv)
throws Exception
new Thread(new Httpd(Integer.parseInt(argv[0]))).start();
private int mPort;
public Httpd(int port) { mPort= port; }
public void run()
try {
ServerSocket listenSocket= new ServerSocket(mPort);
System.err.println("HTTPD listening on port " +mPort);
System.setSecurityManager(new SecurityManager() {
public void checkConnect(String host, int p) {};
public void checkCreateClassLoader() {};
public void checkAccess(Thread g) {};
public void checkListen(int p) {};
public void checkLink(String lib) {};
public void checkPropertyAccess(String key) {};
public void checkAccept(String host, int p) {};
public void checkAccess(ThreadGroup g) {};
public void checkRead(FileDescriptor fd) {};
public void checkWrite(String f) {};
public void checkWrite(FileDescriptor fd) {};
// Make sure the client is not attempting to get behind
// the root directory of the server
public void checkRead(String filename) {
if ((filename.indexOf("..") != -1) || (filename.startsWith("/")))
throw new SecurityException("Back off, dude!");
while (true) {
final Socket client= listenSocket.accept();
new Thread(new Runnable() {
public void run() {
try {
handleClientConnect(client);
catch (Exception e) {
e.printStackTrace();
}).start();
catch (Exception e) {
e.printStackTrace();
private void handleClientConnect(Socket client)
throws Exception
BufferedReader is= new BufferedReader(
new InputStreamReader(client.getInputStream()));
DataOutputStream os= new DataOutputStream(client.getOutputStream());
// get a request and parse it.
String request= is.readLine();
StringTokenizer st= new StringTokenizer(request);
if (st.countTokens() >= 2) {
String szCmd= st.nextToken();
String szPath= st.nextToken();
if (szCmd.equals("GET")) {
try {
handleHttpGet(os, szPath);
catch (SecurityException se) {
os.writeBytes(HTTP_403);
else
os.writeBytes(HTTP_400);
else
os.writeBytes(HTTP_400);
os.close();
private void handleHttpGet(DataOutputStream os, String request)
throws Exception
if (request.startsWith("/"))
request= request.substring(1);
String path= request;
File f;
if (request.endsWith("/") || request.equals("")) {
path= request +"index.html";
f= new File(path);
if (!f.exists()) {
if (request.endsWith("/"))
path= request.substring(0, request.length()-1);
else if (request.equals(""))
path= ".";
f= new File(path);
else
f= new File(path);
if (!f.exists())
os.writeBytes(HTTP_404);
else if (f.isFile())
getFile(os, f);
else if (f.isDirectory())
getDirectory(os, f);
private void getDirectory(DataOutputStream os, File f)
throws Exception
getDirectory(os, f, "");
private void getDirectory(DataOutputStream os, File f, String prefix)
throws Exception
StringBuffer szBuf= new StringBuffer();
String szTitle= "Index of /";
if (!f.getPath().equals("."))
szTitle= "Index of " +f.getPath().substring(prefix.length());
szBuf.append("<HTML><HEAD><TITLE>");
szBuf.append(szTitle);
szBuf.append("</TITLE></HEAD><BODY><H1>");
szBuf.append(szTitle);
szBuf.append("</H1><BR><PRE>");
szBuf.append(
"Name Last Modified Size<HR>");
String dir= "";
if (!f.getPath().equals(".")) {
dir= f.getPath() +"/";
szBuf.append("<A HREF=\"..\">Parent Directory</A><BR>");
java.text.SimpleDateFormat fmt=
new java.text.SimpleDateFormat("EEE MMM d yyyy hh:m:ss");
String[] list= f.list();
for (int i= 0; i< list.length; i++) {
String path= list;
File d= new File(dir + path);
if (d.isDirectory())
path += "/";
szBuf.append("<A HREF=\"");
szBuf.append(path);
szBuf.append("\">");
szBuf.append(path);
szBuf.append("</A>");
for (int j= path.length(); j< 34; j++)
szBuf.append(" ");
if (d.isDirectory())
szBuf.append("[DIR]");
else {
szBuf.append(fmt.format(new java.util.Date(f.lastModified())));
szBuf.append(" ");
szBuf.append(formatFileSize(d.length()));
szBuf.append("<BR>");
szBuf.append("</PRE></BODY></HTML>");
byte[] buf= szBuf.toString().getBytes();
os.write(buf,0,buf.length);
private String formatFileSize(long size)
if (size < 1024)
return "" +size;
if (size < (1024*1024))
return (new Float(size/1024).intValue()) +"K";
if (size < (1024*1024*1024))
return (new Float(size/(1024*1024)).intValue()) +"M";
if (size < (1024*1024*1024*1024))
return (new Float(size/(1024*1024*1024)).intValue()) +"G";
return "Massive!";
private void getFile(DataOutputStream os, File f)
throws Exception
DataInputStream in= new DataInputStream(new FileInputStream(f));
int len= (int) f.length();
byte[] buf= new byte[len];
in.readFully(buf);
os.write(buf,0,len);
in.close(); -
Problem in setting up NAS200 as web server
Hi, I have no idea why i unable to make my NAS200 up as my web server
1st. i set up an account and domain name with tzo.
2nd, i port forward nas200 for port 80 and 21 in my router, which the 2 port is the dfault port that i use in my router setting.
3rd, to double check whether the port is open correctly, i go to www.canyouseeme.org to test the port see if the port is open. Both port showed successfully with my own WAN ip.
Then i type in my WAN ip into browser and nothing is pop out. If this is fail, no need to talk about the TZO stuff right since TZO domain is just a shielf to protect my WAN IP.
Any idea? I doubt whether this NAS200 got problem....Depending on your router, you may not be able to reach a device on your LAN by using the WAN address. It may be possible to change your router settings to fix this. As soon as your router will route requests to port 80 of your public address to your NAS, regardless of whether the request comes from the LAN or the WAN, you should be good to go on the web interface.
The FTP connection is a whole different story though. The FTP protocol is old and a little weird, because after the client opens a connection to the server (for commands), the server has to open a secondary connection to the client for data. This is largely incompatible with the NAT translation that your router does. Most routers are smart enough nowadays to translate the commands when the FTP client is on the LAN and the server is on the WAN but not the other way around (there are some exceptions).
Apart from all this, the FTP protocol is insecure, and any neighbor can listen in on your FTP traffic and catch all your passwords and files.
Instead of FTP, I recommend using my firmware (see link in signature) which will let you use the SCP protocol over SSH; you will need to open port 22 instead of 21 (and 20) and you will be able to connect to the NAS via a secure connection to download as well as upload files (the HTTP interface will only let you download files from the NAS200).
For more information, see the links in my signature.
===Jac
Frequent NAS200 Answers:
1. DISABLE the "convert failed logins to guest logins" option to fix permission problems.
2. NEVER insert or remove hard disks while the power is on. NAS200 doesn't support hot swapping.
3. ALWAYS use the power button to turn the NAS200 off, don't just unplug it.
4. Don't trust RAID. Make BACKUPS!
5. To ACCESS the disks directly, you will need ext2 and/or XFS file systems. I recommend using SystemRescueCD.
6. Disks will get HOT with standard fan, use "green" disks or consider replacing the fan.
7. FTP server is insecure and doesn't work behind a NAT router. Use my firmware and SCP instead.
8. MY FIRMWARE supports SSH shell prompt and SCP for secure file access, and allows running other software. -
Web Server 6.0sp9 - Reliable shutdown and restart
We have set the internal cron to rotate the logs nightly at 11:30pm. When tries to restart, there is a stray process left behind and we get this in the errors log. This happens 85% of the time:
[11/Oct/2005:23:30:21] info ( 7689): successful server startup
[11/Oct/2005:23:30:21] info ( 7689): iPlanet-WebServer-Enterprise/6.0SP9 B11/04/2004 05:57
[11/Oct/2005:23:30:21] info ( 7691): Installing a new configuration
[11/Oct/2005:23:30:21] failure ( 7691): [LS ls1] [0.0.0.0:80] Error receiving FD from watchdog (Address already in use)
[11/Oct/2005:23:30:21] failure ( 7691): 1 listen sockets could not be created
[11/Oct/2005:23:30:21] failure ( 7691): The new configuration was rejected, rolling back
[11/Oct/2005:23:30:21] info ( 7691): Rolled back to the previous configuration
[11/Oct/2005:23:30:21] failure ( 7691): Failed to set configuration
We can manually kill -9 the stray process and then start the web server.
The OS is HP-UX 11i. The only thing running on the server are a few web pages and a Servlet that queries a database. We didn't have this problem with the 4.1 web server that was used before.
I've tried replacing the existing restart script with one that simply calls the stop script and then the start, but we're still seeing the issue.
Thanks
BillCan you provide more details? What section of script are you suspecting? What OS? As Chris indicated earlier, 'kill -9' should always work unless there's an underlying OS problem.
Thanks
Manish -
Need Help Streaming Video From Web Server Built Into Application - Linksys WRT54g Router
Very much appreciate any help getting streaming video feed from web server built into video application to work properly using port forwarding on my Linksys WRT54g wireless router.
Here is the situation:
My PC is connected to the internet via a Linksys WRT54g wireless router.
The Windows XP Pro SP2 firewall is enabled, with a firewall exception established for the video camera application.
On the router, forwarding of port 80 is enabled for the LAN IP address of the PC running the video application with an embedded web server, and the web server in the video camera application is also set to use port 80.
I have a free DYNDNS account and also run the DYNDNS updater program on the PC running the video application with embedded web server. According to the DYNDNS web site and the DYNDNS updater program, the IP address assigned to the machine running the video application with embedded web server is set correctly in my dyndns account.
When I open a browser (Explorer or Firefox) on the PC running the video camera application with embedded web server, I am able to connect to the video application's web server by going to the dyndns address linked to the machine running the video application. The video application's web server is set to use the dyndns address. That's the good news. The bad news is that I can't connect to the video application's web server from any machine that connects to the internet that uses a router other than the router used by the PC running the video application. I am only able to connect to the streaming video from the application's web server only on machines that connect to the internet using the same (home) router used by the PC that is running the video application.
Since I am able to connect to the video app's embedded web server successfully on the machine running the video application, it seems that at least something about the current port forwarding settings is correct. For example, if I uncheck 'enable' for forwarding of port 80 on the router settings page, I am no longer able to connect to the video app's web server when I try to do so in a browser running on the machine running the video app. When I re-enable port 80 forwarding on the router, I am again able to connect to the web server of the video application on the machine running the video app. I thought that by enabling forwarding of port 80 on the router and associating that port with the LAN IP of the machine running the video application, it would be possible to connect to the streaming video of the video app's embedded web server from ANY machine connected to the internet, but that is not the case. There must be some other router settings to update/change in order to get the port forwarding working to enable a successful connection to the video web server, but I am stumped. Very grateful for any suggestions as to how to get this working properly.
Thanks in advance...The firewall log can be configured on the third tab in the window for the firewall settings, where you can turn the firewall on and off completely.
From your tests, though, it does not seem to be the firewall. However, to be sure, it would be good to check the log. It will help to eliminate the firewall as the culprit and you may find it handy in the future, too. ;-) Just don't forget to turn the log off again after you are done because it may cause some performance penalty on your system while on.
From what you write, it seems as if I should give a little networking background on the ip addresses you'll see. Your setup is (or should be) a modem connected to the WAN/Internet port of the WRT. The computer is connected into a LAN port of the WRT.
Your router has two IP addresses (that's what makes it a router): a WAN address and a LAN address. The WAN address is the address assigned by the ISP. It is a normal internet IP address. Everyone is able to send packets to this IP address. The WAN address is the one reported by whatismyipaddress.com, it should be listed in the dyndns record and it is the address that your router shows on the Status page. It's the public IP address of your router. Dyndns maps your dyndns.org name to that IP address.
Your router also has an IP address on the LAN side. You can configure it to be whatever you want. The default is 192.168.1.1 with netmask 255.255.255.0 and it is better to leave it like that or at least inside the network 192.168.*.*. 192.168 is a special, reserved IP address range for private networks. Basically, routers in the internet are not supposed to forward addresses in this range. That makes them suitable for private LANs as the packets never can get anywhere. Most people using Linksys routers have there LAN in 192.168.1.*.
The router acts as gateway, which means it forwards packets from PCs in the LAN to the internet and back. As all your PCs in your LAN share a single WAN IP address, the gateway does address translation (NAT). This works only in one direction: from the inside to the outside. The router remembers when a PC in your LAN sends something out and accepts the responses in and sending them back to the PC. If something comes in from the internet which cannot be associated with a ongoing communication the packet is dropped unless you use port forwarding.
All computers in your LAN either have a static IP address assigned or use DHCP to get it automatically. The router has a DHCP server as well which gives out IP address from 192.168.1.100-149 if not changed. With a router with default settings static IP addresses can be in the range of 192.168.1.2-99 and 150-254.
ipconfig /all reports your IP address in your LAN, i.e. an address 192.168.1.*. The gateway in this output should be 192.168.1.1 which is your router. And packet no in the LAN address range 192.168.1.* is send to the router which forwards the packets into the internet.
An address 192.168.1.* should not appear as internet address in the Status page of the router nor should it appear at dyndns.
Port forwarding is used to operate a server in the LAN. By default, a server in the LAN cannot be reached from the internet. You have to configure port forwarding for this. You configure that traffic bound for a specific port (e.g. TCP port 80 for http) on your WAN IP address is forwarded to the same port on a specific LAN IP address. If your server runs on 192.168.1.50 than traffic to your WAN IP address port 80 is forwarded to 192.168.1.50 port 80. That way your HTTP server can be reached from the internet. As you can only configure a fixed IP address in port forwarding it is recommended that the server uses a static IP address and not DHCP as in the latter case the IP address may change over time...
O.K. so much for networking. I hope that makes things a little clearer and you can verify that your setup is how it is intended to be.
I suggest the following: on the router's security page there is an option to block WAN requests. Remove the check if it is set (meaning: do not block). After you did that change you should be able to ping your WAN address (e.g. ping xxxx.dyndns.org) from the internet. That way we know that it is on the correct address.
Also on the Administration page make sure that remote management is disabled (should be like that per default) or that the management port is NOT 80 but for example 8080. What is your your UPnP settings on the same page?
O.K. that should be enough for the moment... -
Disabling Weblogic's http server port - Using an external web server
Hi,
We are using Weblogic 8.1 as application server and IWS as web server. We have
siteminder web agent configured on the web server for implementing authentication
and authorization.
All our requests first go to the web server which redirects them to the application
server.
Since Weblogic itself has a http listen port, user can still send requests directly
to the application server(which does not have any siteminder configuration on
it). Is it possible to ensure that all http requests made directly to the application
server are not processed so that the user is forced to hit the web server first.
Thanks,
AkashWhen you say redirect, do you mean you use an HTTP redirect to send it to your
WLS servers URL? Or do you mean you proxy the requests from the webserver to
the WLS instance? In the former case, you must expose WLS's HTTP server to the
clients in order to redirect them to the address and you will not be able to
stop them from going directly there. In the case of the latter, you can put
your WLS instance behind the firewall so external users can't get to it. If you
also need to protect it from internal users you should probably not use
siteminder as your authentication mechanism. You may be able to configure
siteminder so that it has to authenticate itself to send requests to weblogic
and then protect all weblogic resources with that role requirement.
Sam
[email protected] wrote:
Hi,
We are using Weblogic 8.1 as application server and IWS as web server. We have
siteminder web agent configured on the web server for implementing authentication
and authorization.
All our requests first go to the web server which redirects them to the application
server.
Since Weblogic itself has a http listen port, user can still send requests directly
to the application server(which does not have any siteminder configuration on
it). Is it possible to ensure that all http requests made directly to the application
server are not processed so that the user is forced to hit the web server first.
Thanks,
Akash -
Annoucing a few complimentary copies of Sun Web Server: Essentials Guide
Dear Sun Web Server user,
As you may have heard, found it on amazon.com or stumbled on it in the local book store like Borders or Barnes & Noble, there is a new book on Sun Web Server technology. If you haven't, no worries. Please refer to [t-5406033] or visit the [Essential Guide's web site|http://www.sunwebserver.com/].
We are now pleased to announce availability of a few complimentary copies of the Essential Guide. We'll be raffling away the copies in the next few months. If you are interested in a free copy of the book, please read further to enter the raffle.
It's easy to enter the raffle and get started:
Step 1: If you haven't already done so, download, install and register.
Step 2: Write a review of Sun Web Server product on Web Server's official page [1], and
Step 3: Send us an email webserver at sun dot com, confirming your Step 1 along with a link to your review (Step 2).
What happens next?
We'll raffle at least a copy once in a month and the winner(s) will be notified. With may share the raffle results on with a permission from the lucky winners. If you are interested, get started today!
[1] [Sun Web Server's official page|http://www.sun.com/webserver/].
Disclaimer: Please note that the raffle is organized by the author(s), and that Sun Microsystems or Pearson Media - the publishers of The Essential Guide - are not responsible for the raffle.Hi mv,
I probably mis-spoke. It is not so much the features that are missing in Sun Web Server, as it is the availability of additional user plugins. However, that being said, I chose Sun Web Server over Apache because of security and performance. I realize additional plugins could adversely affect both of those. I have emailed Sun marketing about a specific feature for Web Dav I would like to see. This would make things much easier for people who would like to do mass hosting virtual hosting. Most of the real valuable features that gave Apache an edge, the web server team has added in version 7. I have pasted a portion of the letter I emailed to Sun marketing below about Web Dav, and my logic behind it. This as well as being able to hook the user system into standard open source databases makes for a broader solution appeal. I realize I only have one view of the market, and these are just my two cents. :-) Thanks!
TonyZ
**** Letter ******
I was introduced to Sun Web Server several years ago when we began looking at moving servers away from Microsoft technology and also bringing them into our facility. As a network and sys admin, I evaluated using different web servers out there as we had a few years to work on this project to ensure uptime and reliability. Initially, I found Sun Web Server quite confusing and looked at Apache. However, after the web interface was retooled, I found Sun Web Server quite simple and refreshing to use. Since we have to be CISP compliant for the credit card industry, security was very important to us. Not only from a code standpoint, but also from an accidental misconfiguration standpoint. In my opinion, Sun Web Server out shines Apache and other alternatives by a long shot.
As far as the WebDav feature, what I have been looking at is how to expand and offer hosting and web services. I currently work for a small company which retails products on the web, and I also contribute to a few open source projects. Currently, I am working with http://www.mynajs.org/. We have been discussing how we could offer hosting for people wanting to try out the project. Hosting companies using Linux typically have deep hooks into the Linux operating system for managing users. For hosting, you have a whole specialized Linux stack with specialized disk quotas, users, ftp server with users based on Linux users, and mail. From my standpoint, while this works, it can become a nightmare as far as updates, system administration, patching, etc. For a business ROI, and technology footprint, this doesn't make sense. There are control panels out there that take care of some of this, but now you have another whole layer of technology to troubleshoot. If I do not want to use the Linux/Apache stack, and if I am using Java, and do not want to add Tomcat as well, what do I use? With Sun Web Server, I get the best of both worlds, one install, one piece of software, operating system separation, blazingly fast speed, out of the box clustering, one interface for management, standard serving as well as Java, and WebDav so that now I can eliminate an ftp server and reduce my footprint for security and maintenance headaches. One neat package. However, now I still have to manage and restrict users. How to do this using Sun Web Server? Right now, I have to either run an ftp server with quotas built in, or go back to the Linux operating system and work with specialized scripts an maintenance. In theory, if Sun Web Server had quotas, I have my user system with the controls I need. At the very least, if there were hooks to the WebDav system to perform custom processing on certain events, it would leave the door open for greater control of the user and system. Now if we want to offer a hosting solution, whether it be online storage, web hosting, or Java hosting, or social site, all we need is one product, Sun Web Server! With all of its features for enhancing performance, security, and much more. I might also add, that for a small companies, Sun Web Server has been a pretty much set it and forget it solution. It has been my experience for our servers to run pretty much without intervention once they are setup. With the watch dog process, if there is a problem, it is rarely noticed except for the admin watching the logs. Technically, I am not sure why anyone would choose something different than Sun Web Server. Apache is the hosting standard, but it is really Apache plus Linux. With a few more user features, I think Sun Web Server could replace the whole Apache/Linux stack, the Apache/Linux/Tomcat stack, outshine those solutions on heavy loads and high end features, and offer better ROI.
Maybe you are looking for
-
Memory Problems - Advice on quality memory for 865PE Neo2
I have 2 x 512 MB DDR400 in Dual Channel configuration in my 865PE Neo2 mobo. It's a noname brand (the only mention on it are the letters "VM"). A friend recently warned me about the problems that my arise with cheap memory, so I ran memtest-86 and W
-
Is there a way for InDesign & Photoshop to run on my website?
I have a small personal business that publishes sports programs for high schools. However, since there are only so many hours in a day, all I can manage to do with the help of another artist is about 5-6 school's programs per season. I was wondering
-
Why is my att/yahoo email no longer working properly?
[this is my second attempt to post; first effort not allowed as I did not have authorization-??] I can open any one email, as normal. Links within an email seem to work, when I try them. However: Once I open an email, I can not delete it or close it.
-
"Waiting for printer to become available" message
Each time I try to print to my Laserjet 1300, I see a message in the print queue stating, "Waiting for printer to become available." It never processes. I delete the job, try again but the same result. Result is same for short plain text, PDF or .
-
Hi I have a problem when trying to download music or videos purchased on Itunes on my mini Ipad. When reaching about ninty per cent of download it says error end try later. What can I do to solve this? App store and book store work fine and I have no