How internet addressing really works

From The TinkerNet Wiki
Jump to navigation Jump to search

Now on Wiki.NerdMage.Ca

(This is a very rough draft...)

There're 2 ways to get to a machine.

IP address & name.

But to use name, you need to have DNS set up.

Either way, there's also the port.

The port is specific to the actual service on the machine.

i.e.: port 80 is HTTP, port 443 is HTTPS, port 22 is SSH...

When your entire network is on a single address as far as the outside world is concerned, you have a couple options to access individual machines.

Port Forwarding

You can forward specific ports to specific machines (probably with a bit of fiddling in Firewall/NAT on your pfSense box...) or you can set up proxies.

Port forwarding is pretty straightforward, but you need to remember how you've set up the ports.

A good example of how this can work is my general habit of forwarding a port outside the range of Well-Known TCP Ports to SSH on any of my internal machines that I may want to access while away from my own network.

As an example, I have a machine on my network at 192.168.0.99 (Not an address accessible to the outside world) & I'd like access to it while away. I go into Firewall/NAT on my pfSense box & forward port 52099 to this address & translate the port number to 22 (SSH). This gives me the ability to SSH into the machine pretty much anywhere I may be as long as I have internet access.

You can do the same for any service. You could port 52080 to an internal machine at port 80 (http), but you'll have to remember to add :52080 to the machine name or IP address when accessing it from outside. (i.e.: http://my.domain.net:52080/)

Proxies

Generally, when speaking of proxies, we're talking about web browser access.

(Not always tho... But that's a deeper discussion.)

Web proxies are handled by your main web server. Take a look at Proxy Server Notes for some useful details on how this works.