I’ve been able to set up sending and listening to http requests locally using 127.0.0.1:8000. I want to try doing it using the internet now.
I have a VPN with port forwarding enabled, but sending requests to that IP address and port does not yield a response like it did when doing it locally.
Can anyone clarify which address I should be listening on in order to receive http requests from the internet? I tried 0.0.0.0 and a few inet addresses from ip add, but none of them work.
You must log in or # to comment.
Assuming your vpn provides a stable remote IP, your client connection needs to use that. Try “whatsmyip” or similar over the vpn. The remote address almost certainly won’t appear in the local output of
ip a.Locally, listen on the “this host”, 0.0.0.0.
You may need to check your firewall locally.
You don’t need to run your http service to troubleshoot - simple tools like netcat can listen for incoming requests -
nc -l 0.0.0.0 8000or what-have-you.Finally: you might want to look at using a shell host as the client rather than targeting your vpn ip from your local host, just to take hairpin connections out of consideration when troubleshooting.
I disagree with all the “Wat r u doing?? No, study for a year before you try anything!!” Yes, it’s a bad idea to have an http server able to receive requests from anyone on the net if you don’t know what you’re doing, because there are people scanning public services looking for things to hack all the time, and you could have everything on your computer compromised. But if you’re trying to just understand how it works, I think it helps the knowledge to click to make a thing do what you want. Eventually you can get your opnsense router and set up a separate vlan for your new homelab server and all that jazz, and then actually leave your http service running for the world to try to hack.
If a port checking tool says your port is open for soulseek, then the port forwarding of your vpn is working for that port. Idk what vpn provider you have, but all the ones that I’ve used with a port forward have only allowed me to have one random high-numbered port at a time. I’m assuming you have a way to find out what that port is and then configure soulseek to listen on it. You should be able to have your http service bind to 0.0.0.0:(that port), and it will work just like soulseek does. You can’t do this while ss is listening on that port, because only one thing can listen on a port at a time.
Btw, I’m new to lemmy. How tf do you reply to a comment in the web app on mobile? I accidentally downvoted you trying to figure it out lol
Change the listening part to 0.0.0.0:8000 - that means listen on all interfaces and from all origins.
I assume others have given you enough on the security aspect of thatShould I only listen on my external IP? I’m not sure the OP wants to get into local server firewall rules here…
…what are you trying to do? There is no “listening” for http from the internet unless someone is explicitly sending something to/through you.
It is listening but it needs stuff to come to it.
Right, so are you sending anything, or how have you redirected traffic to it?
In unicast traffic is sent to the network interface when it matches the IP. In a layer 2 lan this is done by using ARP to query the Mac associated with the IP. When traffic gets routed in layer 3 it is done by subnet.
When a new packet is received the OS then will put the data into a buffer accessible by the application. When an application “listens” it is simply telling the OS that it wants to be the one to process incoming data on a particular IP and port.
With multicast, a client requests a particular IP be sent to it via IGMP packets.
There is no multicast over the open Internet. At least not at a layer you would ever see. The only HTTP requests you will ever see are the ones that are specifically requested to your server. What you’re doing would work internally inside a private network if you’re trying to do that, but it sounds like you confirmed that already.
There is multicast on the public internet. Obviously you can’t do http since it is UDP but it is routable.
Sure, you can, but nobody does it and most consumer networks actively block it. Not to mention that multicast is UDP, http is over TCP, so it’s irrelevant to your question anyway. There is no “listening” to http traffic unless you are looking to listen for traffic sent explicitly to you, which is why everyone is asking you - what are you trying to do?
Are you trying to set up an http server that listens through a VPN, to serve a webpage or API or something?
Do you just want to listen to random UDP multicast traffic? That has nothing to do with http, and idk why you would want to since no one does, but I suppose you could.
Or are you misunderstanding networking and thinking you can somehow listen to someone else’s Internet traffic? Which you can’t, unless you meet a specific set of criteria - which I’m not going to go into at this point.
You’re unwilling or unable to explain your actual problem, which is why I’m getting frustrated with you. I’m not asking about protocols you’re listening on, or questioning your Wikipedia skills, all I want to know is what are you trying to do?
I’m not the author of this post.
I just was trying to make sense of what they were asking about.
This is one of those bad questions.
Try to rephrase In a way what the outcome you are trying to achieve is.
Beyond the other suggestions, your OS might have incoming network rules that are blocking the requests (a firewall).
Ok, you are putting the cart a few steps before the horse here and put simply, you can’t just tap the entire Internet from behind your own Internet connection and “through” a VPN. (A VPN “tunnel” is a bit misleading on how traffic is seen in the wire, but that is still many more steps ahead.)
Watching pcap is cool, but you need a fundamental understanding of networks and network protocols before you can actually see more than characters of the Matrix and understand what you are tapping into from the start.
To kick off your own research path, start reading into the OSI Model, TCP vs UDP, traffic routing and subnetting. You need to understand where you need to be to see the traffic you want to see first.
Unfortunately, I can’t begin to answer your question without some foundation in place first.
There are good points, but I’d disagree on the OSI Model, just read up on the 4-layer model instead. OSI goes into more detail, but is honestly more of a theoretical model and harder to understand without any payoff right now.
So, you don’t know how to listen for an HTTP request that’s sent over the internet to a VPN IP address with port-forwarding enabled?
Of course I do, but its very conditional in your case. For the record, I did miss that you had port forwarding enabled already and read your post as if you were just trying to connect to the open internet and see any traffic going to some rando servers. That would be a very different situation.
How is the traffic proxied locally? Does the VPN client even allow inbound connections? Is a virtual interface configured for the VPN and is there an inbound port open?
What makes this situation conditional is that there are several ways your VPN client could be configured and it is my guess that it is the bottleneck in this case. If you tried every address that you could find and saw nothing, chances are, there is no traffic to be seen. Any stateful firewall will drop an inbound SYN or traffic not related to an established connection.
Your routing table may give some good clues as to where traffic is going as well. For example, the VPN client could be creating a local default gateway IP. Unless there is a split path configured, all traffic should be traversing that IP, regardless of what it is.
So, can you elaborate more on the route your traffic is taking? Listening on 0.0.0.0 can sometimes work, but usually a specific interface needs to be defined as well. In some cases, tcpdump setting the interface to promiscuous mode can break things.
Also, it’s a VPN. How traffic is getting routed in through the tunnel could be problematic. I have just been assuming that everything is fine up to the client you use and the computer sending traffic to inside your network is part of the VPN.
deleted by creator
They are telling you that you need to learn some more networking before you do anything.
There is no reason to expose a http server on the internet
There is no reason to expose a http server on the internet
Lolwut.
What are you trying to do?
From what I’ve gathered, either this guy is honestly trying to learn how to set up an http server that he built, which great but good luck finding a von that will NAT requests to you… Or …
He thinks internet traffic is blasted to every computer out there and wants to “listen” for it. Honestly I can’t tell and they can’t describe the problem in a way where we can help them
Seems like lots of vpn providers offer port forwarding after a fashion. It surprised me too but there were summary comparisons just a search away.
The person above probably should not be exposing something to the internet.
Chances are they just want a simple environment to play in which is easily provided by either a virtual lab or a local network.
Agreed. I’ve been self hosting for well over a decade now and I can count how many services I expose on one hand, and they are very curated. He’s trying to convince people he knows what he’s doing, but I’m not convinced he’s not trying to be a leet haxxor
Bind your listener to whichever interface is Internet-facing. That’s literally all you need to do. Then, from the client, send an HTTP request to that address (and port).
I think you need to explain in more detail how your “listening” is set up. You don’t normally “listen” on an IP address, if it gets as far as the program you’re listening with then it’s already arrived at the correct network address before your program knows about it.
You don’t normally “listen” on an IP address
You can bind to an IP when you open a port, it lets you limit your listening to a particular device if there are more than one interfaces. 0.0.0.0 means to listen on “all available” devices.
Yeah I guess that fits their explanation, but I still don’t get what they are trying to do.
your VPN probably has you on a nat.
Port forwarding works properly with soulseek. Is there some way to get around a nat, or could it be some other issue?
Soulseek can work behind NAT, you just can’t connect to everyone. It can appear working, but not actually be.
If you want to be sure, check if your soulseek port is actually open from the outside using something like this https://portchecker.co/
I know soulseek is working. It’s port-checking tool says my port is open and I can see my files being downloaded by other users.
Don’t do this as it is a very bad idea
What is the end goal?
How do you know it’s a bad idea without knowing what the goal is?
Exposing anything to the internet is a bad idea
