Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to access website through LAN and security issues?
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 8:19 am    Post subject: How to access website through LAN and security issues? Reply with quote

I have just installed web server with nginx/mysql/php/wordpress
I want to view how is it looked from other machine
Please inform how to access website from LAN or WLAN connected machine,
in order to view or to work on the site by wordpress?
How to access from android smartphone?
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”


Last edited by pmam on Sun Feb 07, 2016 11:36 am; edited 1 time in total
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Feb 02, 2016 8:39 am    Post subject: Re: How to access website through LAN? Reply with quote

pmam wrote:
I have just installed web server with nginx/mysql/php/wordpress. I want to view how is it looked from other machine. Please inform how to access website from LAN or WLAN connected machine, in order to view or to work on the site by wordpress? How to access from android smartphone?

pmam ... you can access via the 'ip address', or by configuring /etc/hosts, or DNS, to resolve that address into a hostname.

So, for example via use 'http://192.168.x.x/index.html' (or similar). Or, the connecting machine might have an /etc/hosts that contains the following:

/etc/hosts:
192.168.x.x fluffy.lan fluffy

... you would then connect to 'fluffy' via 'http://fluffy/index.html' or 'http://fluffy.lan/index.html'.

The DNS method would mean either configuring your router to 'resolve' such local addresses (assuming it offers such a thing), or setting up a DNS server to do so. Your probably better off using 'hosts' and setting your routers dhcp to hand out the same address to the machine hosting the webserver.

HTH & best ... khay
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 9:51 am    Post subject: Reply with quote

khayyam,

You have introduced 3 ways to access and I still need some advise...
First, At he moment I do not have a name for the web site - I will do it later on with no-ip -
and from the local machine I access my site like that: http://localhost/wordpress/
So now I need to figure out each parameter in your example, and what is in may case:
The local machine (where the site is installed) is called: mg_e2180 and has static IP: 192.168.1.6.
If we are talking on the first way - please inform what should be the address? I have tried some options without success...

Regarding the second way (hosts) - Please inform if 'connecting machine' means local website machine,
or the machine that want to access to website? Also what exactly (according my details) need to add to /etc/hosts,
and what init.d to restart? (I use dhcpcd network manager)

Let's leave for now the DNS way... But please inform if I need to do something regarding setting router:
'Your probably better off using 'hosts' and setting your routers dhcp to hand out the same address to the machine hosting the webserver. '

Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2660

PostPosted: Tue Feb 02, 2016 10:15 am    Post subject: Reply with quote

pmam wrote:
So now I need to figure out each parameter in your example, and what is in may case:
The local machine (where the site is installed) is called: mg_e2180 and has static IP: 192.168.1.6.

pmam, are these name and IP address identical to those shown by your router's web interface?
Then other clients should contact it using either of http://mg_e2180/wordpress and http://192.168.1.6/wordpress.
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 10:39 am    Post subject: Reply with quote

charles17,

Quote:
shown by your router's web interface?

Please tell how can I show this info?
Can not access with http://mg_e2180/wordpress and http://192.168.1.6/wordpress
According your comment looks that it is not identical...
During this process hope to better understand routing method...

Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2660

PostPosted: Tue Feb 02, 2016 10:57 am    Post subject: Reply with quote

pmam wrote:
Please tell how can I show this info?
Depends on your router. Mine simply is http://fritz.box.
pmam wrote:
Can not access with http://mg_e2180/wordpress and http://192.168.1.6/wordpress
Can you ping http://mg_e2180/ or http://192.168.1.6/?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Feb 02, 2016 11:08 am    Post subject: Reply with quote

pmam wrote:
[...] from the local machine I access my site like that: http://localhost/wordpress/ So now I need to figure out each parameter in your example, and what is in may case: The local machine (where the site is installed) is called: mg_e2180 and has static IP: 192.168.1.6. If we are talking on the first way - please inform what should be the address?

pmam ... that would be 'http://192.168.1.6/wordpress' ... though your webserver may be configured for hostname mg_e2180 (you haven't said).

pmam wrote:
Regarding the second way (hosts) - Please inform if 'connecting machine' means local website machine, or the machine that want to access to website? Also what exactly (according my details) need to add to /etc/hosts, and what init.d to restart? (I use dhcpcd network manager)

"connecting machine" means the machine, or device, doing the connecting ... so, the "machine accessing". You would add the following:

/etc/hosts:
192.168.1.6 mg_e2180 mg_e2180.lan

You would then access the webserver using 'http://mg_e2180/wordpress' ... this actually assumes your webserver is setup with 'mg_e2180' as 'hostname'.

pmam wrote:
Let's leave for now the DNS way... But please inform if I need to do something regarding setting router: 'Your probably better off using 'hosts' and setting your routers dhcp to hand out the same address to the machine hosting the webserver.'

You've stated that the webserver has a "static IP: 192.168.1.6", but if the router is handing out dhcp then you should make sure the router isn't handing out that address to another machine, generally the router should offer the capacity to associate the MAC address of an interface so that it always recieves the same ip, and so that nothing else aquires that address. Maybe you're not using dhcp, so that may not apply.

best ... khay
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 11:10 am    Post subject: Reply with quote

charles17,

Quote:
Depends on your router. Mine simply is http://fritz.box.

If you mean to get into router - I do it by IP (not name):
http://192.168.1.1 and can see only IPs of connected machines to LAN/WLAN - without host names.

Yes - I can ping both ways:
Code:
mg_6300 ~ # ping -c3 192.168.1.6
PING 192.168.1.6 (192.168.1.6) 56(84) bytes of data.
64 bytes from 192.168.1.6: icmp_seq=1 ttl=64 time=0.160 ms
64 bytes from 192.168.1.6: icmp_seq=2 ttl=64 time=0.153 ms
64 bytes from 192.168.1.6: icmp_seq=3 ttl=64 time=0.146 ms

--- 192.168.1.6 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.146/0.153/0.160/0.005 ms
mg_6300 ~ # ping -c3 mg_e2180
PING mg_e2180.lan (192.168.1.6) 56(84) bytes of data.
64 bytes from mg_e2180.lan (192.168.1.6): icmp_seq=1 ttl=64 time=0.166 ms
64 bytes from mg_e2180.lan (192.168.1.6): icmp_seq=2 ttl=64 time=0.161 ms
64 bytes from mg_e2180.lan (192.168.1.6): icmp_seq=3 ttl=64 time=0.162 ms

--- mg_e2180.lan ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.161/0.163/0.166/0.002 ms


Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 11:22 am    Post subject: Reply with quote

khay,

Here what I have in /etc/hosts of web site machine:
Code:

127.0.0.1 mg_e2180.lan mg_e2180 localhost
::1 mg_e2180.lan mg_e2180 localhost


Here what I have now in the other machine (connecting machine):
Code:
127.0.0.1 mg_6300.lan mg_6300 localhost
::1 mg_6300.lan mg_6300 localhost

192.168.1.6 mg_e2180 mg_e2180.lan


Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 12:33 pm    Post subject: Reply with quote

khay,

Quote:

You've stated that the webserver has a "static IP: 192.168.1.6", but if the router is handing out dhcp then you should make sure the router isn't handing out that address to another machine, generally the router should offer the capacity to associate the MAC address of an interface so that it always recieves the same ip, and so that nothing else aquires that address. Maybe you're not using dhcp, so that may not apply.

Though I do not think this issue is causing to any problem at the moment - router handing out lower addresses: 192.168.1.2... and static IPs are upper little bit. However, it may cause future problems. It is quite new router and I am not so familiar with,
but have checked and till now have not found MAC addressing (I saw it in previous router), but found two IP Address Distribution modes:
DHCP server (current mode) and DHCP relay - Can it be useful?
If I stay with DHCP server, maybe can do something with Start IP Address and End IP Address,
or change all static IPs to the last part of IPs range - close to 192.168.1.234.
EDIT: I found another feature: 'Static Lease Type' - Hope it allocates static IP... Also see associated MAC addresses

I also added host names in the router.
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 3:27 pm    Post subject: Reply with quote

Maybe there is any NAT rule in the router,
or any 'over security' configuration of nginx or wordpress,
that blocks LAN access??

Also - How to access local web site from android smartphone through WLAN?
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Feb 02, 2016 4:32 pm    Post subject: Reply with quote

pmam ...

please explain the problem ... if you access the websever via the machine it's running on, and via 'http://mg_e2180.lan/wordpress' what happens? Similarly with 'http://www.mg_e2180.lan/wordpress' or whatever you've configured nginx to think is its FQDN.

best ... khay
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Tue Feb 02, 2016 4:50 pm    Post subject: Reply with quote

Back to the basics. On your webserver,
Code:
# netstat -anlp | grep 80

should show at least one line like :
Code:
tcp     0   0   0.0.0.0:80        0.0.0.0:*     LISTEN     <pid>/nginx

or
Code:
tcp     0   0   192.168.1.6:80    0.0.0.0:*     LISTEN     <pid>/nginx

If not, nginx does not listen on the LAN interface. No need to look elsewhere for now, you have to modify your nginx' conf.

Then, the LAN tests. If you use a computer on the same LAN (i.e. with an IP address on the same network. Here 192.168.1.0/24, I guess) as a client, it doesn't, and it mustn't, go through your router to join your webserver (even if the boxes are physically linked to the router. On this configuration, the router should act as an ethernet switch).

There are some tools that can help you to know how the client-server interaction works (or not). Like tcpdump and telnet. On the webserver, install tcpdump and run (eventually replace "eth0" by the name of your LAN interface) :
Code:
# tcpdump -ni eth0 tcp port 80

At the same time, on the client, install telnet (net-misc/netkit-telnetd), and run :
Code:
$ telnet 192.168.1.6 80

If nothing happens on the webserver's terminal, there are some points to check :
1/ Ethernet cables. Try to change them.
2/ The switch. If you have a crossover cable (maybe you don't need one, as most of the ethernet cards are able to "auto-cross" themselves when needed, but it's better to remove any doubt when testing the connection), try to link the two computers directly.
3/ System security. Do you use a firewall (netfilter/iptables) or hardening parts (grsecurity or selinux) ?

Once the LAN tests OK, you can have a look on routing and NAT considerations, and on the application layer.

A little advice by the way : _do not_ use DHCP facilities on a server. Never. For your quietness, configure a static IP address on it (eventually reduce the DHCP range on your router to avoid IP conflicts).
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 7:26 pm    Post subject: Reply with quote

khayyam,

I can access the websever via the machine it's running on,
but can not access from other machine via 'http://mg_e2180.lan/wordpress' etc...

CneGroumF,

I get this output:
Code:
 netstat -anlp | grep 80
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      2760/nginx: master 
udp        0      0 0.0.0.0:38008           0.0.0.0:*                           -                   

First please advise if nginx conf is ok according above output?
Now I am going to check the LAN...
EDIT: Looks there is a problem here:
Code:
telnet 192.168.1.6 80
Trying 192.168.1.6...
telnet: Unable to connect to remote host: Connection refused


EDIT2:
Code:
tcpdump -ni enp2s0 tcp port 80
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes



Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”


Last edited by pmam on Tue Feb 02, 2016 8:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Feb 02, 2016 7:39 pm    Post subject: Reply with quote

pmam wrote:
I can access the websever via the machine it's running on,

pmam ... yes, you said that initally, the important part was the hostname, can you access using the above address on that same machine. I'm not familiar with nginx but with apache (httpd.conf) you provide a 'ServerName' directive and this should match the FQDN (fully qualified domain name) of the requested URL.

pmam wrote:
EDIT: Looks there is a problem here:

Code:
telnet 192.168.1.6 80
Trying 192.168.1.6...
telnet: Unable to connect to remote host: Connection refused

So, either the host isn't reachable, or port 80 isn't open (ie, blocked by a firewall, or nginx isn't listening on that port)

best ... khay
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 7:49 pm    Post subject: Reply with quote

khayyam,

OK, now I see what did you mean -
I can access on the web server's machine with this address: http://mg_e2180.lan/wordpress

Even without port 80 it is not reachable - With telnet it should be connected - right? Firewall... How to check?
Code:
telnet 192.168.1.6
Trying 192.168.1.6...
telnet: Unable to connect to remote host: Connection refused

_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”


Last edited by pmam on Tue Feb 02, 2016 8:01 pm; edited 1 time in total
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Tue Feb 02, 2016 7:56 pm    Post subject: Reply with quote

Here output after a while:
Code:
tcpdump -ni enp2s0 tcp port 80
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:38:40.931439 IP 192.168.1.7.32977 > 192.168.1.6.80: Flags [S], seq 2358450723, win 29200, options [mss 1460,sackOK,TS val 4680838 ecr 0,nop,wscale 7], length 0
21:38:40.931493 IP 192.168.1.6.80 > 192.168.1.7.32977: Flags [R.], seq 0, ack 2358450724, win 0, length 0
21:41:37.505548 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [S], seq 2382022945, win 29200, options [mss 1460,sackOK,TS val 4417767 ecr 0,nop,wscale 7], length 0
21:41:37.608018 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [S.], seq 299901729, ack 2382022946, win 65535, options [mss 1360,sackOK,TS val 3064783473 ecr 4417767,nop,wscale 9], length 0
21:41:37.608089 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 4417869 ecr 3064783473], length 0
21:41:37.797354 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [P.], seq 1:364, ack 1, win 229, options [nop,nop,TS val 4418059 ecr 3064783473], length 363: HTTP: GET /avatar/796dc902b870ce214ceb7246a3555175?s=49&d=mm&r=g HTTP/1.1
21:41:37.967977 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [.], ack 364, win 285, options [nop,nop,TS val 3064783549 ecr 4418059], length 0
21:41:37.970789 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [P.], seq 1:1673, ack 364, win 285, options [nop,nop,TS val 3064783550 ecr 4418059], length 1672: HTTP: HTTP/1.1 200 OK
21:41:37.970846 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [.], ack 1673, win 255, options [nop,nop,TS val 4418232 ecr 3064783550], length 0
21:41:47.970205 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [.], ack 1673, win 255, options [nop,nop,TS val 4428232 ecr 3064783550], length 0
21:41:48.109883 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [.], ack 364, win 285, options [nop,nop,TS val 3064786086 ecr 4418232], length 0
21:41:53.771180 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [F.], seq 1673, ack 364, win 285, options [nop,nop,TS val 3064787503 ecr 4418232], length 0
21:41:53.771350 IP 192.168.1.6.36601 > 68.232.35.121.80: Flags [F.], seq 364, ack 1674, win 255, options [nop,nop,TS val 4434033 ecr 3064787503], length 0
21:41:53.904762 IP 68.232.35.121.80 > 192.168.1.6.36601: Flags [.], ack 365, win 285, options [nop,nop,TS val 3064787534 ecr 4434033], length 0

_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Wed Feb 03, 2016 7:25 am    Post subject: Reply with quote

Some additional info for this enigma...

As said I can not connect with telnet but -
I have satellite receiver (linux) connected to same LAN and telnet is working ok with this receiver -
so it probably indicates that problem is not at the router/NAT etc...
I tried to connect with ssh and it is working ok:
Code:
ssh mg_e@192.168.1.6
Password:
mg_e@mg_e2180 ~ $

I found that net-firewall/iptables is installed but service is not started -
do not know where this package come from - maybe it is installed by default Gentoo's installation or whatever...

I have checked LAN factors: changed cables, directly connecting with cable the two computers - without any change.

Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Wed Feb 03, 2016 8:08 am    Post subject: Reply with quote

pmam ...

please provide the output of the following ... run on the machine acting as the webserver

Code:
# egrep -v '(^#|^$)' /etc/hosts
# lsof -i :80

If you don't have 'lsof' it's sys-process/lsof. I suspect the issue is that nginx isn't listening on '*:80' or the FQDN is pointing to 'localhost' rather than 192.168.1.6.

best ... khay
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Wed Feb 03, 2016 8:22 am    Post subject: Reply with quote

khay,

Code:
egrep -v '(^#|^$)' /etc/hosts
127.0.0.1 mg_e2180.lan mg_e2180 localhost
::1 mg_e2180.lan mg_e2180 localhost

Here without output:
Code:
lsof -i :80


Here part of nginx.conf:
Code:
server {
      listen 127.0.0.1;
      server_name localhost;

      access_log /var/log/nginx/localhost.access_log main;
      error_log /var/log/nginx/localhost.error_log info;

      root /var/www/localhost/htdocs;
      
      location ~ \.php$ {
                       # Test for non-existent scripts or throw a 404 error
                       # Without this line, nginx will blindly send any request ending in .php to php-fpm
                       try_files $uri =404;
                       include /etc/nginx/fastcgi.conf;
                       fastcgi_pass unix:/run/php-fpm.socket;
           }


Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43799
Location: 56N 3W

PostPosted: Wed Feb 03, 2016 6:09 pm    Post subject: Reply with quote

pmam,

First an overview of how the internet works. You need to understand this as your web server will be a part of it.

When you browse to a website, say gentoo.org, you web browser has no idea how to reach gentoo.org because it needs an IP address.
It first looks in /etc/hosts but its not there. Then it looks in /etc/resolv.conf for your name servers. Its asks your first listed nameserver for the IP address corresponding to gentoo.org.
If you have visited gentoo.org recently, it will be in the name servers cache. If not, your name server (often your router) known another name server to ask, ... and so on, until the hostname gentoo.org is resolved to an IP address and returned to your browser.

Your browser now makes up a query using the IP address. The kernel knows how to route IP address, That's the routing table you see with the route command.
The kernel matches the IP (of gentoo.org) against all the routes. It works out that it cannot reach the IP directly, so the packet is sent over the default route to four next hop towards the internet. Again, this process repeats until the message arrives. Part of the message is your IP address, so gentoo.org sends a response, using the same process as above but without the need to consult a name server.

Code:
server {
      listen 127.0.0.1;
      server_name localhost;


This bit is not correct.
Code:
listen 127.0.0.1;
says to listen on lo, not eth0, or whatever your actual network interface is called
server_name localhost; should be the hostname of the PC.

Both /etc/hosts need a line describing the server.
The server will want to resolve its own hostname when it starts
The test machine, trying to reach the server needs a way to resolve the name to the external IP of the server, or you will be able to browse by IP but not by name.

-- edit --

Other than you are practicing in the privacy of your own LAN, so the outside world cannot see your website, you are using all the real internet features, so when you forward port 80 to your webserver, the world can beat a path to your door.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Wed Feb 03, 2016 7:06 pm    Post subject: Reply with quote

Neddy,

Thanks for your nice explanation of the routing principal of internet - it was really important for me!!!
Regarding 'listen 127.0.0.1;' - I found it in default nginx.conf - all wikis have this way.
My actual network interface called: enp2s0 - So please inform what should be instead?
Also regarding 'server_name localhost;' - My hostname is: mg_e2180 -
so I need to change this line to: 'server_name mg_e2180'?
I do not find any actual examples to learn from, so please advise what is the right configuration.

However - As far as I can see, all the above is relevant for the next step -
as you can see in this topic, at the moment I am facing with local issue:
Can not connect to web server from another machine through LAN -
Even with telnet there is no connection. With ssh it is working.
Looks that something internal (LAN) has failure, and I do not know how to debug and work it out...

Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43799
Location: 56N 3W

PostPosted: Wed Feb 03, 2016 7:26 pm    Post subject: Reply with quote

pmam,

Your webserver is listening to 127.0.0.1, which is the IP address of the loop back interface.
It is not listening to your LAN on enp2s0.

To make it listen on enp2s0, you need to use the IP address of enp2s0.

sshd is special. It listens on all interfaces by default. Here is a test.
At your servers console, do
Code:
ssh 127.0.0.1
You should be able to log in.
This is of no practical value. You have just conneced to the loopback interface on the machine you are sitting at.
Log out of ssh.

Again at your server,
Code:
ssh 192.168.1.6
Is ssh 192.168.1.6 your server IP?
This time you are logging in to the machine you are sitting at using enp2s0.
Log out of ssh.

At the top of
/etc/ssh/sshd_config:
 
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

You can set the ListenAddress. The default 0.0.0.0 matches all addresses.
If you change this line to
Code:
ListenAddress 192.168.1.6
and restart sshd you will no longer be able to connect on 127.0.0.1.
Note that it is also uncommented.
Try it if you wish. sshd will only be listening on 192.168.1.6.

Your webserver only listens to where its told to listen.
Code:
listen 127.0.0.1;

That's safe and works for testing from the machine its running on only.
To be able to test from other machines, you need to use the IP address assigned to the LAN interface.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
pmam
Veteran
Veteran


Joined: 30 Dec 2013
Posts: 1145

PostPosted: Wed Feb 03, 2016 8:27 pm    Post subject: Reply with quote

Neddy,

OK - I tested your examples of ssh and it works as you described -
Now I see why I could connect with ssh - It listens on all interfaces...
However, I do not understand why I can not connect with telnet - its default is different?
It does not listen on all interfaces? How to fix it?
Code:
telnet 192.168.1.6
Trying 192.168.1.6...
telnet: Unable to connect to remote host: Connection refused


I have changed in nginx.conf the line to:
Code:
listen 0.0.0.0;

And now finally I can connect from other machine to web server!!! :)
It also works with:
Code:
listen 192.168.1.6;

Please advise, what is the right way - which of them is better (more secure) 0.0.0.0 or IP address?

Note: I can connect and see wordpress's site, however can not log in and make some changes
I want to have remote option from another machine in the LAN - connecting to web server and edit with wordpress the site...

Thanks
_________________
“You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...”
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43799
Location: 56N 3W

PostPosted: Wed Feb 03, 2016 8:46 pm    Post subject: Reply with quote

pmam,

Let me show by example.

I have a router with four internet cards.
One connects the internet.
Next to the wired network
Another to a my public facing servers
Last to my Wifi.

If I write
Code:
listen 0.0.0.0
it will listen for incoming connections on all interfaces.
So I set ssh to listen only on the wired interface. I don't want any break ins from the Internet.
WiFi is not very secure either ...

So which is most secure?

When you only have a single external interface, it doesn't matter much.
Anyone who can connect to 127.0.0.1 already has physical access to the machine.

Good practice says you listen to as little as possible t provide the service you need to provide.
To put it another way, the wider you open the window, the more the dirt blows in.

Code:
telnet 192.168.1.6
will not work because you are not running a telnet server and you did not provide a port.
By default, the telnet client tries to connect to a telnet server. That's port 23.

Code:
telnet 192.168.1.6 80
should work now as it will connect to your webserver on port 80.
There is a list of well known ports in /etc/services.

You may even be able to write
Code:
telnet 192.168.1.6 http
and /etc/services will be consulted for the port number.
However, telnet is old and primitive, so it may not work.

A telnet session with an Apache webserver looks like
Code:
NeddySeagoon_Static ~ # telnet minniebannister http
Trying 2a01:4f8:162:c::2...
Trying 5.9.82.14...
Connected to minniebannister.
Escape character is '^]'.

Next is my input, I just ran my finger along the keys ...
Code:
aoeuidfhgtc

And the servers response
Code:
HTTP/1.1 400 Bad Request
Date: Wed, 03 Feb 2016 20:56:33 GMT
Server: Apache
Content-Length: 285
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache Server at localhost Port 80</address>
</body></html>
Connection closed by foreign host.

_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum