Jump to content

Recommended Posts

Posted (edited)

Fairly it won't be visible from external networks though just on the intranet. Assume I have a hospital of one thousand doctors/nurses now they all want to be able to access the patient database records stored on the intranet but they don't want to be able to see files on each others computers as in a LAN network. You can port forward the patient database records on the router to make them accessible to all of them. You can also port forward things like an in-office phone call. Conventional routers seen in your home have about 5 ports usually however you can make a larger network from wiring multiple routers together with Ethernet cables. However this can slow down broadband speed so larger companies purchase big expensive routers. Now say for instance you have four routers connect each port forwarding. There will be the top-level router accessible by everybody then the lower level routers will be accessible by less and less people. Diagrammatically we have a number of websites one run by router 1 and the ones only accessible by oncology, gyne and short stay. The website for oncology can be accessible by everybody if and only if router 1 allows them access by portforwarding that website. Router 1 here is the isp or the country's top level domain name server. If you are denied permission from your isp your chances of hosting a site are zero even with windows and Ubuntu servers etc.

0HWrhQs.png?1

Edited by fiveworlds
Posted

fiveworlds, what on Earth are you talking about?

 

He is talking about TCP/IP port, not router physical LAN port.

Port is parameter to f.e. BSD socket's connect() function passed through structure sockaddr_in.sin_port..

it's defined as u_short, so there is theoretical limit 65536 ports per machine (in practice much less).

 

Somebody connects to server/router at IP x.y.z.v and port xxx, and server/router translates it to machine in intranet and perhaps different port.

 

Each port= separate daemon-server (=computer application like f.e. FTP daemon, HTTP Apache daemon, Counter-Strike server etc.)

 

Posted (edited)

fiveworlds, what on Earth are you talking about?

 

He is talking about TCP/IP port, not router physical LAN port.

 

 

Which won't do anything unless he supplies his isp with his static ip address and they map that to his website. The isp may give you access to their nameserver and these nameserver details are inputted into the tld of your country for them to port forward onto the internet. My current isp provides this service for free. You can also set up your own isp which is what many universities do here but it is very expensive on ordinary people.

Edited by fiveworlds
Posted

 

Which won't do anything unless he supplies his isp with his static ip address and they map that to his website. The isp may give you access to their nameserver and these nameserver details are inputted into the tld of your country for them to port forward onto the internet. My current isp provides this service for free. You can also set up your own isp which is what many universities do here but it is very expensive on ordinary people.

 

There are dynamic updating IP services like f.e. NoIP. I have been using it for several years when I had ISP that was giving me dynamic IP, not static IP.

User has to install app that's connecting to service. And whenever ISP is changing our IP that software is sending information to service about change and new IP address.

And DNS is updated to always point to our dynamic IP address. It costs almost nothing (as much computer-server will consume energy for 24h/7d running).

 

It's completely unrelated subject from OP question.

Posted (edited)
There are dynamic updating IP services like f.e. NoIP. I have been using it for several years when I had ISP that was giving me dynamic IP, not static IP.

 

 

Which copies your files onto their servers I do the same only I use filezilla running on startup. You can also configure netbeans to upload files. http://www.wikihow.com/Become-an-Internet-Provider

 

And DNS is updated to always point to our dynamic IP address. It costs almost nothing (as much computer-server will consume energy for 24h/7d running).

 

No it doesn't your software is configured to always search for their static ip.

Edited by fiveworlds
Posted (edited)

NoIP doesn't copy any single file....

 

Software installed to update, is using gethostbyname() function (to look up www.noip.com), which is calling DNS, like any other Internet application. Then logging in service, with login & password, IP is already in TCP/IP packet data.

 

ps. Stop talking about things you have no idea about..

 

The whole point of dynamic IP updating DNS service is to have DNS record to point to right IP address (no matter if it's static or dynamic).

 

The whole point of forwarding IP & port is to have service=daemon at private IP host. Thanks to forwarding it will be available from Internet.

Edited by Sensei
Posted (edited)

NoIP doesn't copy any single file....

 

Software installed to update, is using gethostbyname() function (to look up www.noip.com), which is calling DNS, like any other Internet application. Then logging in service, with login & password, IP is already in TCP/IP packet data.

 

ps. Stop talking about things you have no idea about..

 

The whole point of dynamic IP updating DNS service is to have DNS record to point to right IP address (no matter if it's static or dynamic).

 

The whole point of forwarding IP & port is to have service=daemon at private IP host. Thanks to forwarding it will be available from Internet.

 

Which is relevant how neither work from where I am. You can access my router http://89.184.32.13

Though I can't port forward on that because the router doesn't save settings. I really need to invest in a new router it is so busted it is not even funny. From me playing around with every blooming setting possible. But I also know that where i currently am there is no way to access the internet at all because the above router is my home router and I ain't at home at the moment.

Edited by fiveworlds
Posted (edited)

Which is relevant how neither work from where I am. You can access my router http://89.184.32.13

Though I can't port forward on that because the router doesn't save settings. I really need to invest in a new router it is so busted it is not even funny. From me playing around with every blooming setting possible. But I also know that where i currently am there is no way to access the internet at all because the above router is my home router and I ain't at home at the moment.

 

Any Windows computer (not to mention Unix/Linux) can be router. WinXP is fine for this task. It will just have to be running all the time.

You will need two Ethernet cards plugged. Currently almost every machine has 1 built-in Ethernet, so you just need to buy one PCI card ($10 or so).

Connect modem to 1st Ethernet card, and 2nd Ethernet card to switch to spread net to other machines.

I have been using it this way for 12+ years.

Do you know where in Windows set port forwarding.. ?

Edited by Sensei
Posted (edited)

Any Windows computer (not to mention Unix/Linux) can be router. It will just have to be running all the time.

You will need two Ethernet cards plugged. Currently almost every machine has 1 built-in Ethernet, so you just need to buy one PCI card ($10 or so).

Connect modem to 1st Ethernet card, and 2nd Ethernet card to switch to spread net to other machines.

Do you know where in Windows set port forwarding.. ?

 

What I said is that it depends on your isp I am used to having terrible isps because I live in the <80% of the country broadband was rolled out in and it is completely dependent on the isp. Like I said where I am at the moment I cannot host fullstop in any fashion that I know because at http://83.245.75.122/it says unauthorised authorisation required from my isp.

Do you know where in Windows set port forwarding.. ?

 

Hosts file. See I am one of those people who lives in the middle of nowhere.

Edited by fiveworlds
Posted

Hosts file.

 

No. Host file is just private DNS lookup table.

 

Port forwarding you set in Firewall advanced controls.

For instance this guy is setting up port forwarding without using any router in Windows XP:

Posted

Fiveworld - are you sure you want to share that info? I have hidden the post. You might want to be a bit more security conscious.

Posted (edited)
Fiveworld - are you sure you want to share that info? I have hidden the post. You might want to be a bit more security conscious.

 

You are probably right I have switched back to my remote server.

 

No. Host file is just private DNS lookup table.

 

Host file allows you to assign an ip address to your php server. Then you portforward that ip address. So you assign your php server to publicip:8080 in your hosts file. You will also need to create a file in the folder alias on your php server called domain.conf and include

<virtualhost *:80>

DocumentRoot C:\phpserver\www

ServerName servername.com

</virtualhost>

 

Edited by fiveworlds
Posted (edited)

Yes some servers do this for you iis, java and python. Php will not. Usually php is set to localhost and not local ip:80 for port forward. You should also assign a static local ip address to your servers mac address. In php you also need to change the httpd.conf file and in the section

#    Require all granted
#   onlineoffline tag - don't remove
     Order Deny,Allow
     Deny from all
     Allow from localhost

include allow from local ip:80. Then if all is set correctly running local ip:80 in your browser will access the phpserver.

Edited by fiveworlds
Posted (edited)

IANA published router contents years ago it is out of date but you can look at it if you like http://www.internic.net/zones/root.zone

You should familiarize yourself with all record types because you will need to change these manually if a registrar will not do so for you. Now you might think this takes an awful lot of power away from countries but actually it is nothing much more than a text file. Your browser will access this text file hosted on a certain ip and look up a particular domain name. All you would need to replace them is change the ip the browser looks for they don't control the infrastructure,

Edited by fiveworlds
Posted

Yet another thing that has absolutely nothing to do with port forwarding..

Port forwarding happens at very low TCP/IP level.

While DNS looking up happens inside of gethostbyname() function.

You don't need to have any human readable DNS domain name, for port forwarding to work..

Posted (edited)

This is basic stuff, but anyway...

 

Just take some backup measures. For example, sandbox the program that will be using the forwarded port, and any programs it may need to access; or alternatively, always use the "inherit profile" rule. Windows 8 can do sandboxing too now, but Ubuntu and Mac OS have been more securable historically.

 

Oh, secure your network too, and not just your computer. This means securing all devices, including router (hub) and gateway (modem).

Edited by MonDie
Posted

Almost forgot. Snort is a highly respected open-source intrusion detection system. I think it's more for people hosting servers, and I've never used it myself.

Posted

!

Moderator Note

fiveworlds - stop trolling. only continue to participate in this thread if you have something to say on port-forwarding. do not respond to this moderation. if you want to talk about network security do so in a new thread

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.