Routing port 80

Dashrender

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

Exactly - if the traffic on a given port makes it to you from the ISP, they can't prevent you forwarding that through your router to an internal device (discounting any arguments where the firewall is controlled by the ISP).

scottalanmiller

@Dashrender said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

Exactly - if the traffic on a given port makes it to you from the ISP, they can't prevent you forwarding that through your router to an internal device (discounting any arguments where the firewall is controlled by the ISP).

Even when they control the firewall, you just add another one

marcinozga

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

scottalanmiller

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

Or just don't use common ports. They can't block very many ports before nothing works.

Dashrender

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

They typically block all the common hosting ports, 25, 80, 443, 465 and 587 to prevent typical business type hosting.

As Scott said - they can't block to much more without causing other issues - but I have seen some block SMB ports as well.

JaredBusch

@scottalanmiller said in Routing port 80:

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

Or just don't use common ports. They can't block very many ports before nothing works.

That makes no sense. I can 100% block all new inbound connections on every port, yet not stop anything inside from working normally.

Dashrender

@JaredBusch said in Routing port 80:

@scottalanmiller said in Routing port 80:

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

Or just don't use common ports. They can't block very many ports before nothing works.

That makes no sense. I can 100% block all new inbound connections on every port, yet not stop anything inside from working normally.

There are many services that don't use proxies to get things working, so if you can't host, you can't use that service...

That said, because of ISP shinanagins... Proxies have been put in place for many services to get around these problems...

JaredBusch

@Dashrender said in Routing port 80:

@JaredBusch said in Routing port 80:

@scottalanmiller said in Routing port 80:

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

Or just don't use common ports. They can't block very many ports before nothing works.

That makes no sense. I can 100% block all new inbound connections on every port, yet not stop anything inside from working normally.

There are many services that don't use proxies to get things working, so if you can't host, you can't use that service...

That said, because of ISP shinanagins... Proxies have been put in place for many services to get around these problems...

That has nothing to do which what @scottalanmiller said it I said.

scottalanmiller

@JaredBusch said in Routing port 80:

@scottalanmiller said in Routing port 80:

@marcinozga said in Routing port 80:

@scottalanmiller said in Routing port 80:

@Emad-R said in Routing port 80:

Also usually your not allowed to PF on residential stuff, even you set it up it wont work.

Port 80 is usually blocked. But forwarding is not blockable.

I haven't run into that yet, but I've heard some do block ports. And it's usually 25. If ISP blocks port 80, setup website on 443, or change ISP.

Or just don't use common ports. They can't block very many ports before nothing works.

That makes no sense. I can 100% block all new inbound connections on every port, yet not stop anything inside from working normally.

True, you can block inbound only for new.

1337

OPTION 1
Easiest is to just port forward on different ports.

Router settings:
WAN:8080 -> testserver1:80
WAN:8081 -> testserver2:80
WAN:8082 -> testserver3:80
etc

Use http://wan:8081 to get to testserver2.

---

OPTION 2

You need to set up a name based reverse proxy (for instance using apache) on your LAN.

Dynamic DNS:
domain1 -> WAN address
domain2 -> WAN address
domain3 -> WAN address
etc

Router settings:
WAN:80 or whatever -> reverse_proxy:80

Reverse Proxy Rules:
domain1 -> testserver1
domain2 -> testserver2
domain3 -> testserver3

When you access http://domain1 it will lead to the WAN address.
When the request hits the reverse proxy it will use the domain name to determine which server to forward the request to.

IRJ

This whole idea doesn't make much sense to me. If really "test" why isnt testing internally sufficient? Like seriously what are you testing are you doing that wont work with attaching the instance to a public IP?

It sounds like you are trying to skirt having to pay for additonal IPs or a hosting solution. Hey, I get it. I appreciate a guy trying t o save a buck, but you are creating alot more headache for very little gain. Hosting anything production on your home network woud be pretty silly to save a few pennies. I mean hosted solutions are dirt cheap.

So lets start with this. What are you really trying to accomplish?

IRJ

You can run like 5 websites on a t2.small which is Free Tier as long as you dont have crazy traffic.

scottalanmiller

@IRJ said in Routing port 80:

This whole idea doesn't make much sense to me. If really "test" why isnt testing internally sufficient? Like seriously what are you testing are you doing that wont work with attaching the instance to a public IP?

It sounds like you are trying to skirt having to pay for additonal IPs or a hosting solution. Hey, I get it. I appreciate a guy trying t o save a buck, but you are creating alot more headache for very little gain. Hosting anything production on your home network woud be pretty silly to save a few pennies. I mean hosted solutions are dirt cheap.

So lets start with this. What are you really trying to accomplish?

Another approach would be to use a VPN of some sort.

wirestyle22

@mroth911 said in Routing port 80:

I have residential comcast, and a dynamic ip. I would like to port forward several test servers that run on port 80. using this single ip./ How can I do thats. I know I can port forward 1 to whatever internal IP address./ But how do I do more then one.

Reverse proxy. Ports 80/443 are forwarded to the reverse proxy server and it reads server blocks to determine where traffic goes. I do this at home for my lab as I have like 8 web servers running there. there are multiple guides here on how to achieve this:

https://mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27/106
https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy/47

mroth911

Really ok cool. Yeah this is a test on my dynamic IP address I don't want to order static ip's I need to test some stuff and make it public however where this equipment is located it just not worth it to purchase static ip's.

scottalanmiller

@mroth911 said in Routing port 80:

Really ok cool. Yeah this is a test on my dynamic IP address I don't want to order static ip's I need to test some stuff and make it public however where this equipment is located it just not worth it to purchase static ip's.

ZeroTier is often a great solution for this.

JaredBusch

@scottalanmiller said in Routing port 80:

@mroth911 said in Routing port 80:

Really ok cool. Yeah this is a test on my dynamic IP address I don't want to order static ip's I need to test some stuff and make it public however where this equipment is located it just not worth it to purchase static ip's.

ZeroTier is often a great solution for this.

I have put ZeroTier on a FreePBX system and then made a public a record on cloudflare for ztpbx.domain.com and entered the ZT network IP address. Worked perfectly for me to access from wherever by domain name.

mroth911

@coliver said in Routing port 80:

HAProxy

So this is what I am trying to accomplish, Prior to this setup I had 5 static ip's. Now I have only 1 ip. I have 2-3 web servers that are vm's. One is an odoo, and 2 different screen connect servers. I want to be able to use port 80 on each server, router them to there local ip. 10.0.0.x but still use there example.com name

coliver

@mroth911 said in Routing port 80:

@coliver said in Routing port 80:

HAProxy

So this is what I am trying to accomplish, Prior to this setup I had 5 static ip's. Now I have only 1 ip. I have 2-3 web servers that are vm's. One is an odoo, and 2 different screen connect servers. I want to be able to use port 80 on each server, router them to there local ip. 10.0.0.x but still use there example.com name

Yeah, you're looking for a reverse proxy.

scottalanmiller

@coliver said in Routing port 80:

@mroth911 said in Routing port 80:

@coliver said in Routing port 80:

HAProxy

So this is what I am trying to accomplish, Prior to this setup I had 5 static ip's. Now I have only 1 ip. I have 2-3 web servers that are vm's. One is an odoo, and 2 different screen connect servers. I want to be able to use port 80 on each server, router them to there local ip. 10.0.0.x but still use there example.com name

Yeah, you're looking for a reverse proxy.

Yup, a proxy is a "router" for layer 7. Only layer 7 has URLs.