How to configure ubuntu host as private but virtual machine as public? - apache

i trying to setup an apache proxy on VM. I have no issue that create the VM, i have setup the network for the connection between the host and VM through bridge connection. Now both host and VM can be access by the public.
But with client requirement, we are not allow to have the host as public. Hence i need go setup the host as internal network. Which means only the apache VM is allow to be ssh or ftp from outside, the host is not allow to be access from outside. All request will be proxy through apache VM.
Would like to know any export know how to do this ? Attached with the basic request diagram. Looking for the advice and answer. Thanks.
Info
Ubuntu 14.04 , Apache2 , KVM
The basic diagram

I really have stuck at this, what i have succesful setup is host and VM is accessible by public, via bridge connection.
When i try to set it as NAT conenection, the VM will be not accessible.
I have think an alternative way is block all the access port in the host, but host allowed to outbound , but not allowed inbound, but allow inbound from VM.
I hope have an expert help on this. Thanks.

Related

Connect host ldap server to local VM

I have a server installed on VM and a LDAP(opendj) server created using Apache Directory Studio on my host computer. Now, I would like to connect that LDAP server to local VM so that the VM server can pull user's information from LDAP server. is it possible to do that? I could not understand how to establish a communication between these two server.
Thanks.
Remote Port Forwarding actually does work here.
my ldap server port was 10389.
I have created a tunnel from host to vm:
ssh -R 10389:localhost:10389 root#172.16.130.132(vm-ip)
after then, vm can reach to the host through this port (10389).
Sorry, I don't have that much knowledge on ssh. But this one worked for me.

How to SSH with Pycharm a GCP VM without using the ephemeral external IP?

I have a GCE instance running on GCP. I can use my local Pycharm (Professional edition) to edit my code on the remote VM. The issue is that for the SSH connection (done inside Pycharm) it uses the external IP of the VM which is ephemeral. When stopping and restarting the VM I can get another external IP.
What is the best solution to not have to change the config of Pycharm everytime we have a new external IP ? (bastion ? static IP ? port forwarding ? hostname ?)
I need a solution that works without using gcloud cli directly (since it need to be setup inside Pycharm):
https://cloud.google.com/compute/docs/instances/connecting-advanced
The best option here is to reserve and assign the static IP to your VM.
Bastion Host will not work as you have to ssh into Bastion Host and then to your VM.

Forward server HTTP traffic to handle in another device via SSH Tunnel

I'm developing some webhook required direct access public domain to internal machine, thinking use SSH tunnel to forward data, or got alternative solution?
Hosting server & development machine are in same network
192.168.1.2/24 (Hosting server)
2nd machine is virtual mapping using forticlient firewall without static or dynamic IP in visible in hosting server, so is 1 way initial communication right now.
In this case possible to setup SSH tunnel forward all traffic from 192.168.1.2:80 to handle in development machine port 8080?
How to ssh syntax look like?
Thanks.
This could be done by setting up an SSH tunnel to the remote machine:
ssh -L localhost:80:localhost:8080 development-system
Every request to port 80 on the hosting-server is now forwarded to port 8080 on the development-system.
Please note, that the port 80 on the hosting-server could only be used, when you start the SSH command as root. Also note that the port 80 is only accessible from the hosting-server. To access the port 80 on the hosting-server from everywhere use the following:
ssh -L 80:localhost:8080 development-system
Be sure that you want that.
A good introduction to the topic could be found at
https://www.ssh.com/ssh/tunneling/example
https://unix.stackexchange.com/questions/115897/whats-ssh-port-forwarding-and-whats-the-difference-between-ssh-local-and-remot

How can I ssh into my EC2 instance from my local computer which has only ports 80 and 443 allowed?

I have recently starred out with EC2. Currently I am using the Free Tier to test and learn about it. However as I am behind a proxy that allows only connections at port 80 and 443, I am unable to connect the EC2 instance. Is there a way to get past this ?
So far I've guess that running sslh on the EC2 instance, as described here might help. But I am not sure if this behavior should remain persistent once the instance is terminated and re-started (as I am using Free Tier). Is there a way I can achieve persistence in terms of settings and installed resources like sslh (and many others) while using the Free Tier ?
Thanks in advance.
Once when behind a firewall that only allowed outgoing communication on ports such as 80, I just ran an sshd on the server on a different port. You won't be able to set this up while behind the firewall, you'll have to go somewhere else, ssh in, and reconfigure ssh.
Instead of running sshd on a non-standard port, you could also just have something redirect traffic from some other port to port 22.
If your ec2 instance isn't running a web server, you can use port 80 or 443 for the sshd. If you're not using https, then use 443.
You say they only allow outgoing traffic to remote ports 80 and 443, but often times ports above 1024 are also unblocked.
Make sure you've also correctly configured your security groups on the ec2 instance, since it has a firewall as well. You'll have to make sure it's configured to allow incoming traffic on the port supplying the sshd from your IP address. This can be done through the aws management console.
Here there's is a neat solution. I haven't tried it. The idea is to pass a script to boot the instance with ssh bind to port 80.
Goto instances
at the top of the list of your running instances you should see "instance action"
In that menu you should see "connect"
Select "connect from your browser using Java ssh client"
note, you need Java to be installed.

How do I connect to a localhost service from a hyper-v VM?

I have a WCF service running on "http://localhost:12345/ServiceName". I also have a VM running under hyper-v in Windows 8 public beta. Is there any way that I can connect to this service from the VM? I cant seem to set up a bridged network connection in the hyper-v manager. An alternative would be for the WCF service to bind to the Win8 machine name or IP, but I don't know how I would find out what that endpoint is from the VM side. The WCF service can be changed in any way needed...
Any help would be much appreciated!
Many thanks,
Jon
Not sure this will work with a Windows VM, but I managed to open host's URL from inside an Ubuntu VM:
On Host disable the Firewall or add a rule to allow connections to the respective port (12345 in your case).
On VM edit /etc/hosts, replace 127.0.0.1 localhost with IP_OF_HOST localhost.
Now http://localhost:12345/ServiceName should open from inside the VM.
you can create Virtual Switch in Hyper-V(Virtual Switch Manager) Then you can connect it to your VM(right click on VM ->setting -> create Legaci network adapter -> connect abouve virtual switch to it). after that you should install intigration to Hyper-V for your OS in VM. then you can connect to your virtual switch in your VM. after that you can access internet as well. you your host machine has it. type your host machine's IP address in web browser and you can access any service in host machine
You also need to run as admin on the host machine command shell netsh http add urlacl url=http://*:12345/ user=Everyone where 12345 is the port number of your service.