tylerbrowner Posted December 8, 2014 Posted December 8, 2014 i would like to make a website avalibale public. how safe is it to port fowared
fiveworlds Posted December 9, 2014 Posted December 9, 2014 (edited) Fairly it won't be visible from external networks though just on the intranet. Assume I have a hospital of one thousand doctors/nurses now they all want to be able to access the patient database records stored on the intranet but they don't want to be able to see files on each others computers as in a LAN network. You can port forward the patient database records on the router to make them accessible to all of them. You can also port forward things like an in-office phone call. Conventional routers seen in your home have about 5 ports usually however you can make a larger network from wiring multiple routers together with Ethernet cables. However this can slow down broadband speed so larger companies purchase big expensive routers. Now say for instance you have four routers connect each port forwarding. There will be the top-level router accessible by everybody then the lower level routers will be accessible by less and less people. Diagrammatically we have a number of websites one run by router 1 and the ones only accessible by oncology, gyne and short stay. The website for oncology can be accessible by everybody if and only if router 1 allows them access by portforwarding that website. Router 1 here is the isp or the country's top level domain name server. If you are denied permission from your isp your chances of hosting a site are zero even with windows and Ubuntu servers etc. Edited December 9, 2014 by fiveworlds
Sensei Posted December 9, 2014 Posted December 9, 2014 fiveworlds, what on Earth are you talking about? He is talking about TCP/IP port, not router physical LAN port. Port is parameter to f.e. BSD socket's connect() function passed through structure sockaddr_in.sin_port.. it's defined as u_short, so there is theoretical limit 65536 ports per machine (in practice much less). Somebody connects to server/router at IP x.y.z.v and port xxx, and server/router translates it to machine in intranet and perhaps different port. Each port= separate daemon-server (=computer application like f.e. FTP daemon, HTTP Apache daemon, Counter-Strike server etc.)
fiveworlds Posted December 9, 2014 Posted December 9, 2014 (edited) fiveworlds, what on Earth are you talking about? He is talking about TCP/IP port, not router physical LAN port. Which won't do anything unless he supplies his isp with his static ip address and they map that to his website. The isp may give you access to their nameserver and these nameserver details are inputted into the tld of your country for them to port forward onto the internet. My current isp provides this service for free. You can also set up your own isp which is what many universities do here but it is very expensive on ordinary people. Edited December 9, 2014 by fiveworlds
Sensei Posted December 9, 2014 Posted December 9, 2014 Which won't do anything unless he supplies his isp with his static ip address and they map that to his website. The isp may give you access to their nameserver and these nameserver details are inputted into the tld of your country for them to port forward onto the internet. My current isp provides this service for free. You can also set up your own isp which is what many universities do here but it is very expensive on ordinary people. There are dynamic updating IP services like f.e. NoIP. I have been using it for several years when I had ISP that was giving me dynamic IP, not static IP. User has to install app that's connecting to service. And whenever ISP is changing our IP that software is sending information to service about change and new IP address. And DNS is updated to always point to our dynamic IP address. It costs almost nothing (as much computer-server will consume energy for 24h/7d running). It's completely unrelated subject from OP question.
fiveworlds Posted December 9, 2014 Posted December 9, 2014 (edited) There are dynamic updating IP services like f.e. NoIP. I have been using it for several years when I had ISP that was giving me dynamic IP, not static IP. Which copies your files onto their servers I do the same only I use filezilla running on startup. You can also configure netbeans to upload files. http://www.wikihow.com/Become-an-Internet-Provider And DNS is updated to always point to our dynamic IP address. It costs almost nothing (as much computer-server will consume energy for 24h/7d running). No it doesn't your software is configured to always search for their static ip. Edited December 9, 2014 by fiveworlds
Sensei Posted December 9, 2014 Posted December 9, 2014 (edited) NoIP doesn't copy any single file.... Software installed to update, is using gethostbyname() function (to look up www.noip.com), which is calling DNS, like any other Internet application. Then logging in service, with login & password, IP is already in TCP/IP packet data. ps. Stop talking about things you have no idea about.. The whole point of dynamic IP updating DNS service is to have DNS record to point to right IP address (no matter if it's static or dynamic). The whole point of forwarding IP & port is to have service=daemon at private IP host. Thanks to forwarding it will be available from Internet. Edited December 10, 2014 by Sensei
fiveworlds Posted December 10, 2014 Posted December 10, 2014 (edited) NoIP doesn't copy any single file.... Software installed to update, is using gethostbyname() function (to look up www.noip.com), which is calling DNS, like any other Internet application. Then logging in service, with login & password, IP is already in TCP/IP packet data. ps. Stop talking about things you have no idea about.. The whole point of dynamic IP updating DNS service is to have DNS record to point to right IP address (no matter if it's static or dynamic). The whole point of forwarding IP & port is to have service=daemon at private IP host. Thanks to forwarding it will be available from Internet. Which is relevant how neither work from where I am. You can access my router http://89.184.32.13 Though I can't port forward on that because the router doesn't save settings. I really need to invest in a new router it is so busted it is not even funny. From me playing around with every blooming setting possible. But I also know that where i currently am there is no way to access the internet at all because the above router is my home router and I ain't at home at the moment. Edited December 10, 2014 by fiveworlds
Sensei Posted December 10, 2014 Posted December 10, 2014 (edited) Which is relevant how neither work from where I am. You can access my router http://89.184.32.13 Though I can't port forward on that because the router doesn't save settings. I really need to invest in a new router it is so busted it is not even funny. From me playing around with every blooming setting possible. But I also know that where i currently am there is no way to access the internet at all because the above router is my home router and I ain't at home at the moment. Any Windows computer (not to mention Unix/Linux) can be router. WinXP is fine for this task. It will just have to be running all the time. You will need two Ethernet cards plugged. Currently almost every machine has 1 built-in Ethernet, so you just need to buy one PCI card ($10 or so). Connect modem to 1st Ethernet card, and 2nd Ethernet card to switch to spread net to other machines. I have been using it this way for 12+ years. Do you know where in Windows set port forwarding.. ? Edited December 10, 2014 by Sensei
fiveworlds Posted December 10, 2014 Posted December 10, 2014 (edited) Any Windows computer (not to mention Unix/Linux) can be router. It will just have to be running all the time. You will need two Ethernet cards plugged. Currently almost every machine has 1 built-in Ethernet, so you just need to buy one PCI card ($10 or so). Connect modem to 1st Ethernet card, and 2nd Ethernet card to switch to spread net to other machines. Do you know where in Windows set port forwarding.. ? What I said is that it depends on your isp I am used to having terrible isps because I live in the <80% of the country broadband was rolled out in and it is completely dependent on the isp. Like I said where I am at the moment I cannot host fullstop in any fashion that I know because at http://83.245.75.122/it says unauthorised authorisation required from my isp. Do you know where in Windows set port forwarding.. ? Hosts file. See I am one of those people who lives in the middle of nowhere. Edited December 10, 2014 by fiveworlds
Sensei Posted December 10, 2014 Posted December 10, 2014 Hosts file. No. Host file is just private DNS lookup table. Port forwarding you set in Firewall advanced controls. For instance this guy is setting up port forwarding without using any router in Windows XP:
imatfaal Posted December 11, 2014 Posted December 11, 2014 Fiveworld - are you sure you want to share that info? I have hidden the post. You might want to be a bit more security conscious.
fiveworlds Posted December 11, 2014 Posted December 11, 2014 (edited) Fiveworld - are you sure you want to share that info? I have hidden the post. You might want to be a bit more security conscious. You are probably right I have switched back to my remote server. No. Host file is just private DNS lookup table. Host file allows you to assign an ip address to your php server. Then you portforward that ip address. So you assign your php server to publicip:8080 in your hosts file. You will also need to create a file in the folder alias on your php server called domain.conf and include <virtualhost *:80> DocumentRoot C:\phpserver\www ServerName servername.com </virtualhost> Edited December 11, 2014 by fiveworlds
Sensei Posted December 11, 2014 Posted December 11, 2014 By "host file" do you mean host file mentioned by wikipedia? http://en.wikipedia.org/wiki/Hosts_%28file%29
fiveworlds Posted December 11, 2014 Posted December 11, 2014 (edited) Yes some servers do this for you iis, java and python. Php will not. Usually php is set to localhost and not local ip:80 for port forward. You should also assign a static local ip address to your servers mac address. In php you also need to change the httpd.conf file and in the section # Require all granted # onlineoffline tag - don't remove Order Deny,Allow Deny from all Allow from localhost include allow from local ip:80. Then if all is set correctly running local ip:80 in your browser will access the phpserver. Edited December 11, 2014 by fiveworlds
fiveworlds Posted December 17, 2014 Posted December 17, 2014 (edited) IANA published router contents years ago it is out of date but you can look at it if you like http://www.internic.net/zones/root.zone You should familiarize yourself with all record types because you will need to change these manually if a registrar will not do so for you. Now you might think this takes an awful lot of power away from countries but actually it is nothing much more than a text file. Your browser will access this text file hosted on a certain ip and look up a particular domain name. All you would need to replace them is change the ip the browser looks for they don't control the infrastructure, Edited December 17, 2014 by fiveworlds
Sensei Posted December 18, 2014 Posted December 18, 2014 Yet another thing that has absolutely nothing to do with port forwarding.. Port forwarding happens at very low TCP/IP level. While DNS looking up happens inside of gethostbyname() function. You don't need to have any human readable DNS domain name, for port forwarding to work..
MonDie Posted December 19, 2014 Posted December 19, 2014 (edited) This is basic stuff, but anyway... Just take some backup measures. For example, sandbox the program that will be using the forwarded port, and any programs it may need to access; or alternatively, always use the "inherit profile" rule. Windows 8 can do sandboxing too now, but Ubuntu and Mac OS have been more securable historically. Oh, secure your network too, and not just your computer. This means securing all devices, including router (hub) and gateway (modem). Edited December 19, 2014 by MonDie
MonDie Posted December 19, 2014 Posted December 19, 2014 Almost forgot. Snort is a highly respected open-source intrusion detection system. I think it's more for people hosting servers, and I've never used it myself.
imatfaal Posted December 19, 2014 Posted December 19, 2014 ! Moderator Note fiveworlds - stop trolling. only continue to participate in this thread if you have something to say on port-forwarding. do not respond to this moderation. if you want to talk about network security do so in a new thread
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now