Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
The community reviewed whether to reopen this question 8 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I am using coTurn as my turn server in my application.
what is the minimum configuration to do to make my Turn server work behind NAT?
what are all ports I have to open for it to work behind NAT?
As I have read coturn comes with inbuilt STUN so can I use STUN address in my application instead of default google STUN mentioned here https://github.com/coturn/coturn/wiki/CoturnConfig
if so what should be my configuration there to be modified in the javascript object in RTCPeerConnection
I'm assuming work behind NAT refers to the TURN server, and not to the application.
In this case, you can refer to the external-ip parameter in coturn configuration:
TURN Server public/private address mapping, if the server is behind NAT. In that situation, if a -X is used in form "-X " then that ip will be reported as relay IP address of all allocations.
This works for example in NAT scenarios like AWS of GCP, where there's a 1:1 mapping between a private IP address, where coturn can listen on, and an ephemeral public IP address.
Your application can just be configured to use coturn in the ice settings as if coturn was listening directly on the public IP.
e.g.:
listening-ip=172.10.1.1
external-ip=3.3.3.3/172.10.1.1
Furthermore, coturn will respond to Allocate requests with relay transport addresses with the public IP in the XOR-RELAYED-ADDRESS of the Allocate Success response.
The port will be the same as the one allocated on the private interface. So for example if the relay is allocated on 172.10.1.1:40032, the XOR-RELAYED-ADDRESS will contain 3.3.3.3:40032.
Needless to say, whatever port range is configured in coturn's configuration needs to be reachable from the applications. For example if min-port is 40000 and max-port is 50000, there must be a Security Group for that EC2 instance which allows accessing to UDP 40000-50000.
By default coturn acts also as a STUN server (even fully RFC-5780 compatible if listening on more than one IP address).
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
I created a public SSH key on my local computer and added it to my github account.
Now I want to connect to my server (online) via terminal, in order to clone my git project to the server of my provider.
In an online tutorial to connect they suggest:
ssh root#< IP-ADDRESS OF THE SERVERS>
But in my server settings I can online find the following data:
SSH-Hostname,SSH-Username,SSH-Port,SSH Fingerprint
Is it possible to connect also with Hostname and Username? Because I cannot find the ip address of my provider.
Thank you
This isn't really on topic here (stackoverflow), but I'll put in a quick answer anyway: ssh makes a network connection to an ssh server, therefore ssh needs a network address for the server. This need not be an IP address, except for one other issue, which is that the ssh protocol is defined as a TCP protocol and TCP runs over IP (v4 or v6).
That said, almost all networking systems have a mechanism for translating a host name to a set of addresses (some of which may be IP addresses; others might be XNS or IPX or some such: see What is Address Family?). So you just need user#host, and something—OS and/or library dependent—will look up the proper IP address. You can leave off the user# part in some cases.
If (this is a pretty big "if") your system can't translate the host name to an IP address, or does it incorrectly, then you can resort to a raw IP address. This bypasses the translation step. If you don't trust your translation software, you can do this intentionally.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have a server at home and another on a VPS hosting. I tried to create L2TP/IPsec tunnel between them. The tunnel works and one server can access HTTP services from the other server (VPS server is client and server at home is VPN server to which I am connecting and runs HTTP and HTTPS services that I am trying to access from VPS server). But when I try to connect via HTTPS, the connection does not work.
This is what happens when I run this command from the remote server connected to the other one via L2TP/IPsec: openssl s_client -connect SERVER:443:
CONNECTED(00000003)
And if I try wget --verbose https://SERVER/:
Resolving SERVER (SERVER)... SERVERIP
Connecting to SERVER (SERVER)|SERVERIP|:443... connected.
So the connection is started, but no data is exchanged. I have tested with nmap and the port is detected as open.
I tried to connect to this VPN via my laptop and from there, I can access both HTTP and HTTPS services, but from this server, I can only use HTTP. I have tried turning off all firewalls that are on the path of the packets but the problem persists.
I know this is a very specific case so if there is no actual answer to what the problem might be, I am at least looking for guidelines to how to debug this as wget, curl and openssl s_clinent don't provide me any details as they stay on the connection established state.
UPDATE: I have opened 443 port on NAT on the home server and tried to connect to HTTPS service directly from VPS server without VPN and it worked. So only when I access HTTPS via VPN, the connection does not work.
The problem was the MTU setting of the L2TP connection. I had to lower the MTU to 1300 as HTTPS + IPSec add so much overhead that the packet was over 1500, which is the upper limit of the Ethernet and SSL packages set DF (Do not fragment) flag on Layer 3 which disables package fragmentation.
Normally, the server would send special ICMP message to notify the VPN server about this problem but I had ICMP blocked by the firewall so there was no error, just connection was not able to establish as packages had too big size and were just dropped.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Much of the information regarding UDP NAT Traversal involves an intermediate server to communicate the public end points to both clients. Is it possible to shortcut this if the public end points are pre-configured for the clients?
Can two clients behind NATs begin sending UDP traffic to each other's public IP:Port to punch a hole? Is the intermediate required for anything other than communicating the public endpoints?
I can't speak with authority (or provide sources), but from what I've gathered in the past month working with STUN and TURN protocols:
Some background
There are many ways for NATs to assign ports (see below). A full cone NAT is a one-to-one mapping so that once the NAT maps a port, any external host can send packets to the private host using the same mapping. However, for example, if the NAT type is symmetric, packets to different external IPs will have different port mappings.
With certain NAT types (eg. full cone), one can use a STUN server to determine the NAT port mapping. This STUN server is a popular example of the intermediate server you mentioned. Some more restrictive NAT types (eg. symmetric) make it impossible to use a STUN server, and direct peer to peer connections are impossible. This is because a STUN server assumes NAT port mappings do not depend on the external IP, but a symmetric NAT assigns different port mappings for different external IPs.
Can we remove the intermediate server?
The specific address translation (how a router maps port numbers) algorithm depends on the specific router (my speculation). Some routers use random port assignments, which makes it impossible for clients to beforehand make connections without an intermediate public server to make this determination (STUN).
In general, no, it is not possible to remove the intermediate server. Unless you have some internal knowledge of how the NAT works (this might depend on the specific model of router), an intermediate server must be used.
STUN RFC
RFC 4787 Section 4.1
NAT RFC 1631
Incomplete list of NAT types
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've just (about 1 hour ago) associated an Elastic IP to my instance at Amazon EC2. If I SSH into my instance and type lynx localhost I can see that apache is responsive because I see the It works page.
However, If I browse into my instance (both via the IP itself and via the public DNS Amazon has created for me), I get Oops! Google Chrome could not connect to.. bla bla...
Should I wait some more time (in case it's due to some DNS thing) or does this indicate something is wrong?
Thanks in advance
EDIT: When I ssh into my instance, I use the full IP address and it works... (the Elastic IP I mean).
You must config the firewall to open the HTTP port.
To be more specific, for AWS this is done via Security Groups. You should create one with the ports you need opened. In most cases that's the por 80 for TCP.
You can see how to achieve this on the documentation http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
First identify the security group of the Ec2 instance.
Next click on the security groups link in the bottom left nav.
Select the security group under which this EC2 instance lies,
and add Inbound rules by specifying the port or a custom port range.
For those of you using Centos (and perhaps other linux distibutions), you need to make sure that its FW (iptables) allows for port 80 or any other port you want.
See here on how to completely disable it (for testing purposes only!).
And here for specific rules
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am running Apache/php on my localhost and would like to be able to make this publicly accessible from the internet.
I think this is achieved by port forwarding? Can someone point me in the right direction?
Well sir you should try ngrok it is free and works with everything that I throw at him (node servers, xampp etc.)
It depends on the connection you have.
If your machine has a public IP address, it's on the Internet already. Then all you need is to allow connections to port 80, both on the local firewall and the home/corporate firewall.
If your machine is behind a set-top-box, or inside a corporate network, chances are that you're not on the Internet. In some instances, a router does NAT (Network Address Translation) between a local (non-routable) network and the Internet. In this particular case, you need to set up port forwarding on the set-top-box or router.
You might want to check out Pagekite - it's an open-source software that allows you to expose your local resources to the outer internet without you needing to reconfigure your router or firewall.
There's a similar service called Show off which does much the same thing, although it seems a bit more limited.
You could try beame-insta-ssl, it's a good way to get free tunneling services and a free SSL certificate to expose your localhost. It's open source on git here: https://github.com/beameio/beame-insta-ssl/
Only port forwarding would work but you would need to connect to your server thru it's IP.
take a look at dyndns.com, there you can get a DNS ID that points to your server.
After that you set your router port 80 (HTTP) or 443(HTTPS) to point to your PC HTTP server port ( this can be any port you wish)
It depends of what do you mean localhost? Each system has its own "localhost".
If you mean that you have something like: "your system"<-->"gateway/wifi router"<-->Internet than you should configure port mapping from your router external interface to your server' IP address. Check your gateway/router documentation for more information.
Another tool for port forwarding through OpenVPN or SSH tunnel is https://portmap.io . If you're running multiple vhosts on local Apache, you can set host-header with required hostname.