My business network is comprised of four locations across my farm, being my house, feed shed, cold storage and vet (animal welfare), due to the size of the property, the network is fibre to the house, then broadcasting a long range wifi signal with repeaters across the property to the other locations; to reach the feed shed this goes through two repeaters.
I have an R-PI running as a LAMP server, which is accessible on metrics.local and on its IP range 192.66.66.XXX (no idea why this range, that was what the original network engineer set up). The LAMP is hosting a wordpress website which captures internal metrics people record; such as feed used, we have no issues with this in the main residence. I have allowed port 80 without any restrictions as its an internal network through apache.
The problem is, whoever configured the network originally put other locations on separate domains, being 192.168.X.XXX, where the X is a different domain, so I have three LAN networks being 192.66.66, 192.168.1 and 192.168.2.
I have raised this with the network engineering team who have advised we have no firewalls blocking access between the networks and this is not a networking issue, but a server/apache config issue.
I've added routes to my LAMP server to allow the 192 range to connect to my server and I can ping the device from the computers on these other networks, however I cannot access metrics.local, with the browsers simply saying "cannot find the site".
I have reached the end of my ability to google the solution, with most routing topics being about adding additional domains to the LAMP, not allowing network access.
You are basically trying to route packets to a different networks.
192.166.66.XXX
192.168.1.XXX
192.168.2.XXX
All of these are different networks. For same network, packets can be routed by direct switches, but your network admins need the route all of the network t talk to each other using their own network gateway.
alternatively your network/sysadmin can forward your IP so it gets expose to other network, in this way it will be accessable to everyone using any one single assigned IP which works in all three network.
This is how routing works
Related
Using a Partner Interconnect I'm trying to get the restricted.googleapis.com access to work and having some issues.
The BGP sessions needs to advertise 199.36.153.4/30 for that to work. Does it also need to advertise all the VPC networks? Just the region cloud router is in? None of them?
GCP allows you to advertise the 199.36.153.4/30 network on the cloud router, and it will apply for all the BGP sessions it has, or you can do it for specific ones. It depends on your needs. You only need to advertise this network in order to be known for your on-prem devices which need to know that network.
Consider that you need to define a static route for this same network for your VPC whose next hop is the default internet gateway in order to have that traffic forwarded to the correct destination. For your VMs you need to set firewall rules to allow egress/ingress traffic for this network.
If you require to refer to restricted.googleapis.com from the on-prem network, you can define in your on-prem DNS system A/CNAME records as needed.
You can read more about these topics here and here.
I'm not too sure of what the difference between Unicasts and Broadcasts is. I could really use an example of their use that shows the difference between the two.
Thank you!
Unicasting is sending a message to a specific computer, identified by its IP address. This is 99.9% of all normal internet traffic, be it TCP or UDP.
Examples are web surfing (HTTP), sending or receiving emails (SMTP, POP, IMAP), using Skype, filesharing (Bittorrent) orplaying games over the internet (everything from Mahjongg to Diablo III). Basically everything where exactly 2 computers communicate with each other. Often, one is considered a server and another being a client, but that's not strictly necessary (cf. peer-to-peer networking).
Broadcasting sends a packet to every computer in the local subnet, by addressing it to the "broadcast address", which is derived from the subnet IP range.
E.g. For a 192.168.0.0/24 network, the broadcast address would be 192.168.0.255.
You can only reach computers within your own subnet via broadcasting. It won't be routed out into other networks. Typical usecases are data exchange or advertising of services (such as game or media servers) between local computers.
The message will (barring network problems) reach all computers in the subnet, but not all of them need to handle the message, if they are not interested in it (e.g. a computer not running a game client won't be interested in a game servers' broadcasts).
I have service running on Google Compute Engine. I've got few instances in Europe in a target pool and few instances in US in a target pool. At the moment I have a domain name, which is hooked up to the Europe target pool IP, and can load balance between those two instances very nicely.
Now, can I configure the Compute Engine Load Balancer so that the one domain name is connected to both regions? All load balancing rules seem to be related to a single region, and I don't know how I could get all the instances involved.
Thanks!
You can point one domain name (A record) at multiple IP addresses, i.e. mydomain.com -> 196.240.7.22 204.80.5.130, but this setup will send half the users to the U.S., and the other half to Europe.
What you probably want to look for is a service that provides geo-aware or geo-located DNS. A few examples include loaddns.com, Dyn, or geoipdns.com, and it also looks like there are patches to do the same thing with BIND.
You should configure your DNS server. Google does not have a DNS service, as one part of their offering, at the moment. You can use Amazon's Route 53 to route your requests. It has a nice feature called latency based routing which allows you to route clients to different IP addresses (in your case - target pools) based on latency. You can find more information here - http://aws.amazon.com/about-aws/whats-new/2012/03/21/amazon-route-53-adds-latency-based-routing/
With Google's HTTP load balancing, you can load balance traffic over these VMs in different regions by exposing via one IP. Google eliminates the need for GEO DNS. Have a look at the doc:
https://developers.google.com/compute/docs/load-balancing/
Hope it helps.
I created an AMP web application that was originally going to be served from a traditional 3rd party host.
As we finished up, the client decided to host it internally, on a server in their office network. The application is only meant to be available to staff members, but those staff members will often be off-site. I had no involvement in setting up their network, which uses at least one server running windows server 2003. The client machines I saw were XP.
I set up Apache, MySQL and PHP on the server 2003 machine, and installed the application. The application is built on the CodeIgniter framework, so I set the base_url to the internal IP (192.168...), and we tested from within the network. Everything worked fine.
Next, we asked their network guy to open port 80 for apache. I set the base_url to the external IP, and tested from my home (using the external IP as the web address), and it works fine.
However, when attempting to access the application using the external IP from within the network, they're unable to connect. I can reset the base_url to the network IP, and they can access it using the network IP, but then it the application fails when connecting externally (since the base_url, used throughout the application, is pointing to the internal IP).
It suppose I could let CodeIgniter determine the base_url (by leaving the variable as an empty string), but would rather figure out why the external IP fails in-network, and try to correct that.
The server we're using is not dedicated to the AMP stack (in fact, it has at least one other application broadcasting to the internet that must have been using IIS, as well as an FTP server used for office scanners), so I suppose there might be some conflicts there.
I know very little about windows networking. A quick search suggested this might be because of NAT, but didn't offer a work-around.
Their network guy has no suggestions, and said that everything should be fine.
Is it possible to have users inside the network access the Apache server using the external IP, and if so, what needs to happen to enable that?
TYIA
Your client's NAT router is configured to forward packets arriving on its external interface for its external IP with port 80 to the internal machine, port 80, after re-writing the source and destination IP addresses in the packets.
From within the network, attempts to connect to the external IP address will be routed to the default route on the machines, the router's internal interface. This interface is not configured to forward packets back into the network.
Configure the application to listen on all IP addresses. Make sure that the server knows that the clients know it under several hostnames -- the internal IP address and the external IP address.
You might be able to re-write the NAT firewall rules on the router to perform the port forwarding for the internal interface as well, but off-the-shell equipment common in homes and small businesses do not make this task easy. More expensive gear (or home-built *BSD/Linux router machines) can do this without much effort, but it would needlessly add traffic to the router.
This isn't Apache related, nor is it CI related. It's often impossible to reach the external IP address from within the network.
Frankly, I don't know exactly why that is. I do know that it's related to how NAT (Network Address Translation) works or at least how it's implemented.
For a detailed overview of why this is, you should ask this question on serverfault. If you're simply a programmer who has to deal with it, accept that NAT usually works only from inside to outside and outside to inside, but not inside to inside.
You already mentioned one of the solutions in your question - don't use base_url. You could also simply run the server on an external IP address (not your company IP, but let's say a datacenter or something).
I have been reading up about IPv6 and given that the number of available addresses in in the trillions upon trillions for each household on the internet, could we get to the stage where each computer in a household would have an IP that is unique to that computer, rather than the router that is next to the internet?
With that in mind, could a webserver (that is IPv6 Compatible) be used to track a specific computer's traffic through a website without using any session cookies, such as repeat viewing or if the website is visited in something like incognito mode?
each computer in a household would have an IP that is unique to that computer, rather than the router that is next to the internet?
If you mean no more Network Address Translation, yes, that is possible. Whether or not that actually happens for the internet connection in your house is a different question.
With that in mind, could a webserver (that is IPv6 Compatible) be used to track a specific computer's traffic through a website without using any session cookies
That could happen (that could happen to some extent with IPv4 now), but as mobile devices become more and more prevalent, tracking via this method would become less useful (as devices would switch IP addresses frequently).