Difference between revisions of "How internet addressing really works"
(Created page with "(This is a very rough draft...) There're 2 ways to get to a machine. IP address & name. But to use name, you need to have DNS set up. Either way, there's also the port. T...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | <span style="background-color: rgb(153, 204, 0); color: rgb(0, 0, 255);" data-mce-style="background-color: #99cc00; color: #0000ff;">'''<big>Now on Wiki.NerdMage.Ca</big>'''</span> | ||
| + | |||
(This is a very rough draft...) | (This is a very rough draft...) | ||
| Line 14: | Line 16: | ||
When your entire network is on a single address as far as the outside world is concerned, you have a couple options to access individual machines. | When your entire network is on a single address as far as the outside world is concerned, you have a couple options to access individual machines. | ||
| + | |||
| + | == Port Forwarding == | ||
You can forward specific ports to specific machines (probably with a bit of fiddling in Firewall/NAT on your pfSense box...) or you can set up proxies. | You can forward specific ports to specific machines (probably with a bit of fiddling in Firewall/NAT on your pfSense box...) or you can set up proxies. | ||
Port forwarding is pretty straightforward, but you need to remember how you've set up the ports. | Port forwarding is pretty straightforward, but you need to remember how you've set up the ports. | ||
| + | |||
| + | A good example of how this can work is my general habit of forwarding a port outside the range of [https://www.webopedia.com/quick_ref/portnumbers.asp Well-Known TCP Ports] to SSH on any of my internal machines that I may want to access while away from my own network. | ||
| + | |||
| + | As an example, I have a machine on my network at 192.168.0.99 (Not an address accessible to the outside world) & I'd like access to it while away. I go into Firewall/NAT on my pfSense box & forward port 52099 to this address & translate the port number to 22 (SSH). This gives me the ability to SSH into the machine pretty much anywhere I may be as long as I have internet access. | ||
| + | |||
| + | You can do the same for any service. You could port 52080 to an internal machine at port 80 (http), but you'll have to remember to add <code>:52080</code> to the machine name or IP address when accessing it from outside. (i.e.: <code>http://my.domain.net:52080/</code>) | ||
| + | |||
| + | == Proxies == | ||
| + | |||
| + | Generally, when speaking of proxies, we're talking about web browser access. | ||
| + | |||
| + | (Not always tho... But that's a deeper discussion.) | ||
| + | |||
| + | Web proxies are handled by your main web server. Take a look at [[SBN - Proxy Server Notes|Proxy Server Notes]] for some useful details on how this works. | ||
Latest revision as of 01:21, 27 December 2021
Now on Wiki.NerdMage.Ca
(This is a very rough draft...)
There're 2 ways to get to a machine.
IP address & name.
But to use name, you need to have DNS set up.
Either way, there's also the port.
The port is specific to the actual service on the machine.
i.e.: port 80 is HTTP, port 443 is HTTPS, port 22 is SSH...
When your entire network is on a single address as far as the outside world is concerned, you have a couple options to access individual machines.
Port Forwarding
You can forward specific ports to specific machines (probably with a bit of fiddling in Firewall/NAT on your pfSense box...) or you can set up proxies.
Port forwarding is pretty straightforward, but you need to remember how you've set up the ports.
A good example of how this can work is my general habit of forwarding a port outside the range of Well-Known TCP Ports to SSH on any of my internal machines that I may want to access while away from my own network.
As an example, I have a machine on my network at 192.168.0.99 (Not an address accessible to the outside world) & I'd like access to it while away. I go into Firewall/NAT on my pfSense box & forward port 52099 to this address & translate the port number to 22 (SSH). This gives me the ability to SSH into the machine pretty much anywhere I may be as long as I have internet access.
You can do the same for any service. You could port 52080 to an internal machine at port 80 (http), but you'll have to remember to add :52080 to the machine name or IP address when accessing it from outside. (i.e.: http://my.domain.net:52080/)
Proxies
Generally, when speaking of proxies, we're talking about web browser access.
(Not always tho... But that's a deeper discussion.)
Web proxies are handled by your main web server. Take a look at Proxy Server Notes for some useful details on how this works.
