My internet connection has a dynamic IP adress which keeps changing every time the modem is restarted, so I have a hard time configuring the Authorized Networks in Access Control.
This is explained at https://cloud.google.com/sql/docs/access-control#dynamicIP .
Your options are, and I quote:
Use a proxy service so that your application appears to come from only one IP address. Add this address to the authorized networks that can connect to the instance.
Use a CIDR range that covers all of the IP addresses from which your service might connect.
Use the CIDR range 0.0.0.0/0, which allows all external IP addresses to connect.
The third and last option, despite its attractive simplicity has implications that may make it undesirable -- read the docs I'm pointing to.
Related
I am developing a custom Alexa Skill and have a requirement where I want Alexa to access REST APIs that are hosted locally on http://localhost:8080? Any idea how to do this?
Thanks!
If you really want to do this, and I’m assuming you are hosting the skill on AWS Lambda, it would involve quite a bit of work.
Your local endpoints need to be accessible from outside of your network, which requires port forwarding in your router to your machine where the endpoints are hosted. This needs to be configured in your router.
An easier way is to deploy your project containing the API to something like Heroku, which can be done easily. They give you a domain and make the endpoints accessible to Lambda. This should be possible within their free tier.
Here' a link to a pretty good article about how IP addresses work.
Allowing a device sitting on your local network (eg. a laptop computer or Raspberry Pi connected to your wifi) to be accessed from outside your local network (eg. from a service running on AWS) will involve mapping 2 separate IP addresses:
The IP address assigned to your router (your public IP)
The private IP addresses assigned by your router to your devices (laptop, iPhone, RPi, etc).
You have a couple options for allowing your router's IP (#1) to be accessible from outside your local network:
a. Pay your internet provider to provide you with a static IP address
b. Use a dynamic DNS service such as DuckDNS or No-IP.
Once you have a fixed public IP that can be used to access your router, you will then need to map a port on your router (#1) to the device IP on your local network (#2). This is usually referred to as "port forwarding". Most routers will support configuring this. In effect, your tell your router "when you get a message to : pass it to my laptop :"
Your local private IP address will typically have an IP value like 192.168.0.23 (where the 23 can be anything from 1 to 254).
An outside IP will start with something other than 192. Refer to the first link above regarding IP ranges.
You can google "port forwarding" and "public IP" for more info on how IP addresses and port forwarding work, but hopefully this will help get you started. It may seem a bit complicated at first, but if I can understand it, then anyone can :-)
So I am kind of new to networking and I'm just interested in the client/server architecture. Let's say you developed a program and the client version ran on a computer and the server version on the server(obviously). In order for the client to connect to the server, it would have to know the ip address of the server (and the port attached so it can be routed to the correct computer/program). Does that mean that the server's ip address can not change? Would you have to specifically tell your ISP to keep the ip address static? Because if both the client and server ip addresses change, then they would have no way to connect and the program wouldn't work... in other words there has to be one constant. When you sign up for a VPS do they give you a static ip address you can bind to from the client version? Thanks!
In order for the client to connect to the server, it would have to know the ip address of the server (and the port attached so it can be routed to the correct computer/program).
Correct.
Does that mean that the server's ip address can not change?
No. In fact, IPs can change at any time. Most servers that are exposed to the public Internet have a static domain name registered in the Internet's DNS system. A client asks DNS to resolve the desired domain name to its current IP address, and then the client can connect to it. But even in private LANs, most routers act as a local DNS server, allowing machines on the same network to discover each other's IP by machine name.
The OS typically handles DNS for you. A client can simply call gethostbyname() or prefferably getaddrinfo(), and the OS will perform DNS queries as needed on the client's behalf and return back the reported IP(s).
Would you have to specifically tell your ISP to keep the ip address static?
You can, but that usually costs extra. And it is not necessary if your server is registered in DNS. And there are free/cheap DNS systems that work with servers that do not have a static IP.
Because if both the client and server ip addresses change, then they would have no way to connect and the program wouldn't work...
That is where DNS comes into play.
in other words there has to be one constant.
A registered domain name that can be resolved by DNS.
When you sign up for a VPS do they give you a static ip address you can bind to from the client version?
It depends on the VPS service, but a more likely scenario would be you are assigned a static sub-domain within the VPS service's main domain. For example, myserver.thevps.com. Or, if you buy your own domain (which can be done very cheaply from any number of providers), you can usually link it to the DNS server operated by your VPS service.
Once a service is discovered through DNS-SD, how exactly does the address of that host get resolved, and does it take significantly more time/overhead?
Also, if I am using JmDNS or Bonjour there are call-backs for both serviceFound and serviceResolved. If I am just interested in the IP address of the device publishing a certain service, is there a faster/more efficient way of getting the address than going through both serviceFound and serviceResolved?
Thanks
DNS-SD uses Multicast DNS (MDNS) which works by sending DNS packets over UDP to a certain multicast address. All mdns-capable hosts in the network also listen to this address. It uses UDP so, it's quite low overhead. Also, the clients are designed in a way that the amount of chatter on the network is kept to a minimum, by using extensive caching.
Service discovery is a two step process. The first step is finding the names of all hosts providing a certain service (e.g. printing). This will not yet give you the ip address, instead it gives you the mdns name (ending with .local). This is because the ip could possibly change, whereas the name will not.
The second step in service discovery is to resolve the .local name of the host over mdns. You ask via multicast who foo.local is, foo.local will see that packet, and respond via broadcast with its ip address, port number and other information.
I'm implementing the PASV mode in a FTP server, and I send to the client the IP address and port of the data end point. This is stupid because the IP is actually where the client is already connecting, so there ire two options:
How could I get the public IP
address from a given instance? Not
the VIP, but the public one.
How could I get the original target
IP address that the user used from
a Socket object? Considering routers and load balancers in the middle :P
An answer to any of this questions would do, although there is another way that could work... may I get the public IP address doing a DNS look up of myapp.cloudapp.net?
A fourth option would be use the Azure Management API library... but, too much trouble :P.
Cheers.
Not sure if you ever figured this out, but here's my take on it. The individual role instances are all behind the Windows Azure load balancer and have no idea what the original, outward-facing IP address is. Also, there's no Management API call that returns IP address - Get Deployment returns the URL but not the IP address. I think the only option is going to be a dns lookup.
Having said that: I don't think you can host a passive ftp server in your role instance (at least not elegantly). You may open up to 25 input endpoints on your role (up from 5 - see my recent blog post about this update), but there's manual work involved in the configuration. I don't know if your ftp application lets you limit your port range to such a small number of ports. Also:
You'd have to define each port as its own input endpoint (this is the manual labor part I mentioned) - input endpoints don't allow a port range to be specified, unlike the internal endpoints.
You'd have to specify the port number that's used internally, and the port numbers would need to be sequential
One last thing on ftp: you should be able to host an sftp server with no trouble, since all traffic comes through one port.
The hack that I'm contemplating right now is to retrieve http://www.icanhazip.com/. It isn't elegant and is subject to the availability of that service, but it gets the job done. A better solution would be appreciated!
How is it possible to access an internal resource (email server / FTP server) using its external IP address but from within the network ?
The situation is that a number of users have laptops and work out of the office several days per week. I don't want them to have to change the connection details from 217.x.x.x to 10.0.0.x every time they come into the office, then back again when they leave.
I have external access working, so they can connect using the 217.x.x.x IP when on the road, but it doesn't work when they are in the office.
We have a router providing NAT access to the net and different servers for FTP, email etc.
This is what DNS is for - your external DNS provides the 217.x.x.x address for the names, while your internal DNS returns the 10.0.0.x IP address. Clients access resources by hostname, not IP address, and it's done.
Unless you have filters forbidding access to the external NAT'ed address from internal clients, I do not see why it should not work.