Unable to Ssh on another ISP - ssh

When I ssh to my host vps I am able to connect and login easily when on different ISP's i.e.,
My Phone's internet connection
My Friends internet connection
But when I do it at my home,
I get response by ping but unable to connect to ssh using either of,
dns name
ip address

First, make sure that the IP you tried to connect to is a public IP.
Second, if you are using a router, make sure that port forwarding from the router to the destination PC is properly configured. You can usually set it on the router's settings page.
If the ping is entered correctly but the connection is denied, it is likely to be a configuration problem on the router. Or, your ISP may have blocked that port, so use the port scan site to make sure that the port is blocked. If you search for port scanner online on Google, you will see many sites.

Related

Use sshuttle to route traffic to company's VPN server

I need to access company's internal network without using their OPENVPN server directly (My ISP blocks it). So I used an instance with a public IP, where my company is located, and have configured a OPENVPN client then used it to connect to the company's OPENVPN server.
(public IP instance) ===OPENVPN===> (Company)
Now, I need to achieve a further thing, which is working from my local machine by using VPN over SSH tunnel using sshuttle, such that the topology becomes:
(local) ===SSHUTTLE===> (public IP instance) ===OPENVPN===> (Company)
Note that public IP instance has two network adapters; eth0 (it has public IP) and tun0 (which belongs to OPENVPN)
I installed sshuttle, and tested the next command:
sshuttle --dns -r <user>#<public IP instance address> 0.0.0.0/0
It says connected after then but I still cant access anything. I tested dig and it returned results showing addresses of company's internal services. However, I still can't ping them. I tested using traceroute and it stops at some point after displaying some hops.
One important point is that I can't ping the tun0 address (on public ip instance) from my local machine.
I suspect that I need to add some routes on the intermediate public IP instance, but I am not sure.
I would appreciate any help
Thanks in advance
your setup is right but your assumptions are wrong.
Initially, check that your vpn is working fine on the jump box , if linux just check
route -n
Wrong assumptions:
sshuttle will route your dig commands , sshutle only route TCP and DNS queries are UDP
using --dns in your sshuttle meanless as you wont gain dns of vpn but of the jump box and that wont work
you should add the DNS of local vpn in your /etc/resolv.conf with target domain for local discovery
like : < call tech support to provide you with right DNS , you can find it in vpn log on jump box
search companydomain.internal
nameserver 10.x.y.z
its better to split the traffic and only target your company CIDR over sshuttle , most of them use parts of 10.0.0.0/8 instead of all traffic 0.0.0.0/0
important note: that may be your company block egress traffic to the internet over VPN access

How do I find the IP address to use in an HTTP request?

I want to make an http request via the fetch() method in React Native, and I need the IP address of the machine I'm sending the request to. I have access to the machine, and googled "what's my IP" on it. It said my public IP was 162.250.198.98, but when I googled it on another computer nearby, it gave the same address. Is this the right IP to use in a fetch request like this? If not, how do I find the right one to use?
If you have multiple machines connected to the internet via a NAT-enabled router, they will all share the same public IP address. You need to forward a specific port to the machine you want to connect to in the router's configuration e.g. to send your request on port 5000, add a rule to the router to forward port 5000 to your desired machine, then send the request to 162.250.198.98:5000
For your application to work you need a "server" with a public ip address. Later you assign a domain name to that server/ip address ex. api.domain.com
Since you don't have a server and you are using your computer to test your development, you can do this 2 options:
Use your computer IP address usually 192.168.x.x , 10.x.x.x or 172.16.x.x This will allow you to test it if your phone is connected wireless to the same network.
Since you are behind a NAT you can do a port forward to send the traffic to X port to your desired host(ip/port) behind the nat. Usually we create API's that run on port 80 or 443 do a port forward in your router to pass the traffic from this port to your computer ip/port.

Can't connect despite port forwarding

I have a Ubuntu Server 16.04 running on a machine in my local network.
The machine has static assigned IP and running apache2. There is no problem in connecting to it from my local network.
I have port-forwarding for ports 22 and 80 setup on my router to the IP address of the machine.
When I check the ports with my public IP address on sites like http://www.canyouseeme.org/ the result is that the ports are open. When I try to connect using my public IP address and using those ports the connections are refused.
I tried disabling firewall in the router and also on the machine, no result.
What else should I try? It seems that the server is getting no incoming connection when I check with netstat.
Just for troubleshooting purposes:
Setup port forwarding on port 22 and try to ssh into your server using the public IP? If it works, it means apache is refusing the connections and not your router or ISP
On your router, setup the server on the DMZ temporarily and check if it works
Add another port forwarding rule on your router to redirect all http requests on port 8000,for example, to port 80 internally, then try to access your server with http://[public_ip]:8000
Have you changed anything on the apache2.conf file? Also, explain how you are testing the connection, internally using the public IP or from the Internet?

Static IP, PI. raspbian jessie

Okay, here's the situation I am in. I have a raspberry Pi 2 model B. I have Raspbain Jessie installed as the OS. I have Apache installed as well. I have a web server running and i am able to edit it and access the site from different devices on different internet connections. I want to be able to connect to my RaspPi through SSH on my MacBook Pro. I am able to do this while on the same network. My Pi is plugged into the router via an Ethernet. What i have tried is, logging into my router and reserving an IP for my Pi, i also entered my MAC address here. I have gone into the port forwarding options in my router and have it set up as: HTTP, TCP, Server address(the one i reserved) my Ipv6, and Start port 80, end port 80. Ontop of that i have gone into my /etc/dhcpcd.conf file. There at the end of the file i added
interface eth0
static ip_address=10.0.0.100
static routers=10.0.0.1
static domain_name_servers=68.44.180.118 2001:558:feed::1 2001:558:feed::2
The guide I followed is attached here and follows other guides i have seen.
http://www.circuitbasics.com/how-to-set-up-a-static-ip-on-the-raspberry-pi/
Yet when i try to SSH remotely i cannot get a connection, and when i connect on the same internet i can connect as normal. Please if anybody sees what could help .
Your router's firewall is probably blocking the ports for SSH, which does not use port 80 (in raspbian, I think its default is port 22). If you are going to take the risk of leaving your SSH open to the public, you should probably switch it to a different port other than the default before opening up a port on your firewall. The Raspbian Community has a thread on how to properly change SSH's default server port. You'll also need to make sure your SSH client is using the same port. You will need to leave 80 open for web, and also forward the SSH port, which ever you choose that to be (22 is the default).

Raspberry PI Web server - Local connection good - outside local no connection

I don't have a ton of experience with routers or port forwarding, but I do have a new Raspberry Pi and I wanted to see if I could set up a simple Hello World page just for educational purposes. I have quite a bit set up with apache2 already installed and the web page works great on my local area network, however I can't connect to it using my LTE from my phone, telling me this thing does not connect to the internet.
I am currently using Rasbian under all the default settings from the pi.
My router is an all in one modem and router, from xfinity. After sifting through countless sites trying to solve this issue, the following 2 were the closest thing to my particular issue. My reputation is not high enough to put more than 2 links, so I will put the most important ones..
So to the best of my knowledge this is the way to do it ...
1) Set the web server up to work locally
2) Then go into the router with the IPv4 or IPv6 (shouldn't matter which) and forward all Port 80 traffic to, say, Port 8080 where my PI 'should' be listening, then send back my web page down through Port 80 to the client calling the web page.
Under 10.0.0.1 I find this...
Then I go to 'Advanced'
I have tried from Start port 80 to End port 8080, which my 2 PI files I edited to listen for that port.
Those files are under
sudo nano /ect/apache2/sites-enabled-000-default.conf
and
sudo nano /ect/apache2/ports.conf
I changed
Listen 80
to
Listen 8080
and all other combinations alongside changing my router Start and End ports... none of which worked so I am lead to believe there is either a knowledge gap or I am doing something terribly wrong.
I just want to put a simply Raspberry pi web server online from my Local connection at home using a Comcast xfinity router. If anyone has any experience doing, I would seriously appreciate it, I've spent far too many hours trying to walk through this alone, so now I am reaching out to the faithful stackoverflow community.
It sounds like you are almost there.
For you to be able to access your raspberry pi server from the internet, you need to find your external ip address. Your router has one external ip address that you can reach from the internet. While on your wifi, search google for "what is my ip" Google may display it as the top result, or you might have to click into a site like ipchicken. Write this IP address down.
Next, setup your router to forward all port 80 (default http port). Try setting Apache to listen on port 80, and have your router set with start port and end port to be port 80 (this makes it so you don't have to put :port-number in the address, i.e. you will do http://your-ip-address rather than http://your-ip-address:8080). The start port is the port on the external network, the end is the port that your Apache server is running on the raspi.
It looks like your raspi has the ip address of 10.0.0.17 on your local network based on your screen shot. If it doesn't, change the IP address in the port forwarding section of the router configuration to be the IP address of your pi. You can figure out what the assigned IP address of your pi is through the router interface, or by typing ifconfig -a and looking for the ip address of the adapter that you're using to connect to the network. Your router may have the ability to assign a static ip address to your raspberry pi while it's connected to your network. It would say something like DHCP reservation. You'd need to find the MAC address of your pi. You can do that with ifconfig -a as well. Then configure your modem to always assign your pi the same ip address that you've configured in the port forwarding.
Now that everything is setup, switch to your cellular connection and then try to go to the ipaddress that Google gave you.
type your-ip in browser address bar -> port 80 request to your modem's IP -> you've set external port 80 requests to be forwarded to port 80 on your internal network for the device 10.0.0.17 -> your raspberry pi will serve the HTML
Note: The external ip address of your modem is most likely not static unless you specifically pay for a static address. This address usually will stay the same for at least a day though, so if you're just testing, it's not a big problem. In the future, if you want to ensure that you'll be able to reach your pi, look into dynamic dns.