I have a django application hosted on webfaction which now has a static/private ip.
Our network in the office is obviously behind a firewall and the AD server is running behind this firewall. From inside the network i can authenticate using python-ldap with the AD's internal IP address and the port 389 and all works well.
When i move this to the hosted webserver i change the ip address and port that has been openend up on our firewall. For simplicity the port we opened up is 389 however the requests to authenticate always timeout. When logged into webfaction and running python from the shell and querying the ipaddress i get webfactional's general ip address rather than my static ip.
Is this whats happening when i try and auth in django? the request comes from the underlying ip address that python is running on rather than the static ip that my firewall is expecting?
Im fairly clueless to all this networking and port mapping so any help would be much appreciated!
Hope that makes sense?
I would recommend against opening the port on the firewall directly to LDAP. Instead I would suggest making an SSH tunnel. This will put the necessary encryptionn around the LDAP traffic. Here is an example.
ssh -N -p 22 username#ldapserver -L 2222/localhost/389
This assumes that the ssh server is running on port 22 of your ldap server, and is accessible from your web host. It will create a tunnel from port 389 on the ldap server to port 2222 on the web host. Then, you configure your django application on the web host to think that the LDAP server is running on localhost port 2222.
There are quite a few components between your hosted django application and your internal AD. You will need to test each to see if everything in the pathways between them is correct.
So your AD server is sitting behind your firewall. Your firewall has ip "a.b.c.d" and all traffic to the firewall ip on port 389 is forwarded to the AD server. I would recommend that you change this to a higher more random port on your firewall, btw. Less scans there.
With the shell access you can test to see if you can reach your network. Have your firewall admin check the firewall logs while you try one of the following (or something similar with python) :
check the route to your firewall (this might not work if webfaction blocks this, otherwise you will see a list of hosts along which your traffic will pass - if there is a firewall on the route somewhere you will see that your connection is lost there as this is dropped by default on most firewalls):
tracert a.b.c.d
do a telnet to your firewall ip on port 389 (the telnet test will allow your firewall admin to see the connection attempts coming in on port 389 in his log. If those do arrive, that means that external comm should work fine):
telnet a.b.c.d 389
Similarly, you need to check that your AD server receives these requests (check your logs) and as well can respond to them. Perhaps your AD server is not set up to talk to the firewall ?
Related
I'm trying out the command python http.server from the command line, and am trying to access the server. I can access easily from localhost, but whenever I try to use a remote connection, I am unable to connect.
I've tried different ports, and it doesn't look like my firewall is blocking any connections.
From the command line, I run
python3 -m http.server 8000
which returns
Serving HTTP on 0.0.0.0 port 8000 ...
However, I can only connect to the server from localhost.
sudo iptables -S
returns the following:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
I expect to be able to connect from a remote host with the url http://10.247.30.125:8000 (my ip address), but I am unable to do so. The same url works fine on localhost.
I figured out what was going on. Did some reading about IP and NAT, and noticed that any ip address beginning with a 10 is reserved for private ip addresses. So, trying to connect to 10.247.30.125:8000 from anywhere other than my own network (so while not connected to my wifi) doesn't work. To be able to connect from an external network, I would need to set up port forwarding (like Reedinationer suggested), and I would need to use my router's public IP address rather than my computer's private IP address. I would set up a port forward from my router to direct external traffic to my computer, which would allow me to connect to my personal computer from an external network.
Thanks to everyone who responded!
port is missing from the url try this url it should work "http://10.247.30.125:8000"
I have developed a Django application which I wish to deploy on apache2.4 server. I have configured mod_wsgi and stuff on a system, which is going to be my server and localhost:8081 (apache's port) is working properly on the server system. I am in a corporate environment. When I wish to access the application from another system, I am unable to access the page.(The server and client are in the same network, both using LAN)
Observations:
8081 port is listening on my server system
(Proto: TCP, Local Address: 0.0.0.0:8081, Foreign Address: Computername:0, State: LISTENING)
I am unable to telnet to server ip on port 8081
(Connecting To 10.176.241.35...Could not open connection to the host, on port 8081: Connect failed)
Able to ping server IP (EDIT)
I have JDeveloper installed in my server system and I am able to access
the homepage of WebLogic server from another system though.
Site can't be reached, took too long to respond error while trying to
access the page from client system
What all I have done so far:
Followed the exact steps mentioned in here for configuring apache with django
Turned off firewall in both client and server systems
Add inbound and outbound exception rules in Advcanced firewall
settings in both client and server systems
I am unable to know the root cause of this problem and I have been working on this for a week and a half. I do not have much knowledge in networking and I am badly in need of some help. Sorry if the question is too naive.
I am SSHing to a server, where Flask is set up. When I execute the flask application, the terminal says Running on http://0.0.0.0:80/, as is written in the file.
Is there any way to view this site on my local machine? Going to the domain above on my local machine just gives a Site Not Found error.
Do I need to just change the IP, or is this not possible?
In the Internet Protocol Version 4, the address 0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown or non-applicable target...
In the context of servers, 0.0.0.0 means "all IPv4 addresses on the local machine"
-- Wikipedia: 0.0.0.0
Key words being "on the local machine". Which means http://0.0.0.0:80/ is not the actual address of the server, just the address it is "listening on".
You need to use the public IP address of the server that you are accessing. If you SSH'd into this machine, you should be able to use the same IP address or hostname to access the now running webserver.
I'm trying to deploy a python TCP listener on Openshift but I'm failing to understand how to manage external ports.
Googling and searching on Openshift's own KB, this article is mentioned lots of times but is no longer available. My TCP server app listens on port 8080 (as per $OPENSHIFT_PYTHON_PORT) and I'm trying to connect to it from the Internet on port 8000. Nevertheless, doing this means that a client app can establish a connection even if the server app is not started.
Does anyone have specific information on how to do this?
You can not make raw tcp connections to your OpenShift gears, you can only make http (80/443) and ws (8000/8443) connections. Both types of connections go through a proxy on the node, http goes through an apache proxy, and ws goes through a node proxy. If you want to make raw tcp connections you would have to use port forwarding from your location machine, and make sure that you are publishing the port information through a custom cartridge.
An Internet Archive grab of the removed KB article you mentioned says you could bind to internal ports 15000 to 35530. But this has now changed: my test OpenShift box didn't let me bind to any localhost port. Its $OPENSHIFT_PYTHON_PORT is accessible from the outside via normal Web ports (80 and 443; SSL decryption is done for you on 443). If you need other ports you probably need something other than Openshift.
this this probably a very simple question, but I haven't been able to find an answer anywhere. On the online articles about it, they didn't show the exact process to share a directory using SimpleHTTPServer. I've run the command successfully and have the server running, but I can only access it on the machine that started it.
192.168.1.2:8000
I've tried it on a Windows machine and iPad (although that doesn't really make a difference) on the local network. To access it, I've been using my local IP address, which I found by running ifconfig | grep inet, which returns (among other matches):
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
And after searching a bit online, I found: https://github.com/shbhrsaha/instant-sharing/blob/master/share.py.
There's function which supposedly gives you a handy url to share with your friends, but I tried running locally, and all I got was "localhost.localdomain", which obviously returns 127.0.0.1
How can I make this work?
When you start SimpleHTTPServer it tells which IP addresses it is listening to:
python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
Address 0.0.0.0 means it listening to all available IP addresses. Thus in this case you should simply reach the server by going http://192.168.1.two:8000
If it doesn't work then it is most likely a network issue. You can test this out with telnet command (both Windows and UNIX available): telnet will open a TCP/IP connection on a certain IP and certain port.
E.g. on UNIX you can do:
telnet 192.168.1.2 8000
If you get:
telnet 192.162.1.2 8000
Trying 192.162.1.2...
telnet: connect to address 192.162.1.2: Connection refused
telnet: Unable to connect to remote host
... it means SimpleHTTPServer is running.
If it waits for very long time it means your router/firewall is blocking the connection.
If you get a reply:
telnet localhost 8000
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
... browser should work as well. You can quit telnet by just keep hitting the enter (the SimpleHTTPServer will close the connection).
In Ubuntu
I had the same problem, then I narrowed it down to be a firewall problem.
First, check if your firewall is active.
sudo ufw status
If it is active by default it blocks all incoming connections from anywhere.
You can check whether you have granted access to your running port. The following command will list down all the available rules. if your port is not there with access given to other ports then you need to grant access.
sudo ufw status numbered
[This is what the issue] Now grant access on the port for desired ip addresses/ all. I allowed all incoming connections to the port 8000 on all ip adress by following command.
sudo ufw allow from any to any port 8000 proto udp
Initially, I thought this should be tcp instead of udp but worked with udp only. Something to dig up later.
The server was running, and we could access it, but only on the server's machine.
There was something blocking the connection, and that was The Firewall.
We configured The Firewall and it worked fine, my other device could get access.