I'm Park Sungmin of Bizpring.
We are trying to set up a firewall to use the Google sdk (gsutil, bq) command on the internal server.
I'm trying to set up a firewall based on the domain, which port should I open for which domain?
Please check.
Thank you.
Google APIs operate on HTTPS, so you need to be able to make outbound port 443 connections.
Related
How to add TLS/SSL letsencrypt or GCP provided certificate to VM instance in GCP with an internal ip address and static external address?
When I create one via a letsencrpt certificate install script, resultant connections break because the VM doesn't have an external facing ip number --only an internal number.
The traffic passes through a firewall (or load balancer) of sorts.
I'm used to bastionhost VM servers in the wild..
Details: NaviServer web server is running on a GCP Compute Engine with a FreeBSD 11.3 image.
(Linux Shield OSes aren't letting me compile Naviserver and use it on any port).
All works for port 80 and 8000 on an internal ip address, and a static ip address pointed externally and not connected to the VM.
I can't find any proxy/firewall settings to navigate via GCP menus.
How to resolve?
Is there some special term I should use to search for docs?
Any link with instructions to follow?
Is there a way to expose a VM instance directly to an external ip address?
Any other creative way I may get SSL/TLS to work with NaviServer?
thank you
Links to some things I've tried:
Enable SSL on Tomcat on Google Compute Engine
How to setup Letsencrypt for Google Cloud Compute Engine load balancer? <-- this is for Kubernetes clusters
I'm currently trying adding a load balancer:
https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs
This appears to be the solution: Use a GCP HTTP/S load balancer: https://cloud.google.com/load-balancing/docs/https
and specifically:
https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple
Argh. Actually No.
GCP Team kindly suggested this url: https://cloud.google.com/compute/docs/instances/custom-hostname-vm#create-custom-hostname
Set the hostname to the domain name. Treat this as if there's no proxy, just a firewall.
I want to implement a restund server for WebRTC audio on my website. I wish to have one user be able to talk to all the other users on the platform (if anyone knows an easier way to do this than implementing a restund WebRTC server, please let me know, would help me out a lot).
But before I go and try to get restund working, I was wondering if it could be installed to work alongside my Apache HTTP dedicated server I use to host my website.
Well, STUN/TURN services are running on ports 3478 and 5349 by default. That should not conflict with those required for HTTP operations (e.g. 80, 443, 8080). So yes, this should be possible.
I am not able to connect to GCM. Exception: remote-server-error(502) XMPPError connecting to gcm.googleapis.com:5235. I have got firewall exemption for one IP for 'android.googleapis.com'. able to connect, supposedly only when this IP is in use by GCM. Please help me with this. Do I need to get firewall exemption for a set of IPs that google uses? if yes, what are those IPs?
android.googleapis.com is a generic url for most apis for android.
Doesn't have any IP range defined.
You should do domain whitelisting in your firewall for Android push notification to work.
I have created a web application in glassfish and I can access it on my LAN.
How can I access the web application from a remote location over internet?
I do not have static IP.
Please reply.
Thanks.
Steps :
Creating virtual DNS(Domain name server) Server on your machine.
Port Forwarding.
Reference https://cookbook.fortinet.com/port-forwarding-60/
Remote Desktop Connection enabling.
Creating Inbound Rules. Reference :
https://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
Creating account on www.noip.com and create custom host and download DUC (Dynamic Update Client) Software.
Some more steps may have it depends on your LAN Router and firewall configuration.Use http://ifconfig.me/ to get your public ip.
Access from outside your machine should be configured by default. You may check if it is so in admin console, at Configurations->server-config->Network config->Listenters. There should be one listening on the desired port (like 8080) and be bound to 0.0.0.0 address.
To easily access something behind a dynamic ip you need something like http://www.noip.com/ or http://www.dnsomatic.com/ (I took these from my router's control panel)
I did this recently,
first you need to use port forwarding on your router, access it by typing your default gateway path, mine was 192.168.0.1 then go to "advanced settings -> Port forwarding". Simply enter the details that are asked for, I set mine to HTTP using port 8080, yours might be different. Protocol is TCP. The IP address it asks for is your local address.
For quick testing you can disable the firewall on your machine and then you can search on google for your Public IP address by typing "what is my IP".
Then type your ip into the browser and the port number "ipAddress:portNumber"
You should see the glassfish welcome screen if it is successful.
After that you might want to enable your firewall again but then you have to add an inbound rules to allow the port to be used:
Setting Windows inbound rules
Then you still have one last step to perform, allowing glassfish to access the resources on your machine: Adding glassfish to allowed programs
Follow the instructions on adding java.exe only.
I am able to connect it if the two devices are in the same network but for example, if I use 4G on my android and turn of the wifi and try to connect to http://computer-ip-address then it just hangs and eventually errors out saying count not connect. The apache server is hosted in my local mac, and I've disabled my firewall temporarily. Any ideas on how to get a device using a different network to connect to my apache server on my local network?
You will need to configure your router so that it will forward port 80 from external to your mac.
Then, you can open http://your-public-Internet-ip on your mobile phone, effectively visiting your local web server.
If you don't like to remember your ip address, especially if you are on the go, the answer is dyndns or any free alternative, e.g. http://www.no-ip.com/services/managed_dns/free_dynamic_dns.html.
Using such a service, you will be able to enter http://yourname.service.com into your mobile phone. You will either have to configure your router to always tell this service your current IP (check your router for supported services) or run a tiny program on your mac which will handle this.
You need to enable port forwarding on your router to forward TCP 80 (and possibly TCP 443 if you are using SSL) to your web servers IP address.
Once done, you should be able to access your site via your routers public IP address.
Take note that of your web server is using a dynamic address provided by DHCP, your IP may change and this would stop it from working. I suggest you give your web server a static IP address to stop this.
You will probably have a dynamic IP on your router as well, so you can request a static one from your ISP or you can sign up for a dynamic DNS service.
If you post the model of your router, we may be able to give you more specific instruction on setting up port forwarding.
i hope your httpd.conf is set with port listening to
Listen 80
also, you can only access your site from your LAN otherwise, your server would need to be reachable from a public IP address, not a private one over an internet 4g connection, that means a diferent network
bonus points, if you try to reach your server from an external address, did you configure portforwarding on your router ?
If you could immediately and immediately connect to your localhost using your 4G network, then most likely anyone on the internet could do the same. It is important to understand that there are two components to the answer to your question:
Securing HTTP access (port 80 or whichever) from the internet. You probably don't want to open a wide door to your local network.
Configuring addressing from your client (in this case your phone) to your local computer (in this case your Mac). If the latter does not have a public IP address, then you will have to configure your client to hit your router instead, and to configure your router to forward accordingly.
Given that this is mostly system configuration work, I'm guessing that Serverfault would be a better place to find a satisfying answer.