I have a domain name.com that points to IP 123.123.123.123 where I have installed a apache2 server.
I also have sub domains like ftp.name.com / etc.name.com that also point to the same ip address.
I want that when a user types in browser name.com to be restricted access, like when the apache server is down (or like when you try to access a domain that does not exist) but in the same time I want the user to be able to access the sub domains. Does it make sense? Is it possible?
"Like when the apache server is down" will not be possible because if it's down, it does not accept connections. But it will have to accept the connection to receive the HTTP header which tells the server the requested (sub)domain.
A possible solution would be to change your DNS entries. Let ftp.name.com point to your server (123.123.123.123 in your example) and configure www.name.com to an unused / invalid ip address. This way your ftp.name.com server will not receive name.com queries at all.
Related
In one company there is windows server 2008 hosting firebird 2 database.
Clients are using some software to connect from local machines to this database.
Network is running on few mikrotik routers.
When i change main gateway mikrotik router dns to cleanbrowsing ip addresses (185.228.168.10 and 185.228.169.11), software can not connect fo this firebird database.
When i use 8.8.8.8 dns or 1.1.1.1 - no such problems.
Software does not relate to dns, i know this because it is written by me in c#.
How possible is that and why it happens?
Changing the main gateway router's DNS server to another upstream server means you are potentially getting different responses to DNS queries. Assuming that nothing else has changed on your network, I imagine one of the following:
Your new DNS provider does not have special config for the dns entries you are querying
Your new DNS provider is located somewhere else physically, and you are running into a situation where geolocation matters (different dns responses to differently located users)
There is another gadget on the network intercepting DNS and is unaware of the change you are making. For example a NAT rule on a router that redirects 8.8.8.8 to an internal DNS server.
I agree with your assessment that the software is probably not causing this, because you changed infrastructure, I think that this is an infrastructure problem.
With 15+ years of experience running FirebirdSQL in small networks, I always set following things to prevent such problems:
The first DNS at the router's DHCP should point to the router's IP (gateway) itself, so it resolves local pc names easier
Setting a (random?) DHCP domain name at router's setup is recommended too
Edit/replace the firebird.conf file with one of fixed default port (3050) + event port (3051).
Opening those ports on each PC's firewall is a MUST. Both incoming and outgoing. You may narrow it to local IP range to prevent outside attacks. (Create a script once, run it on each PC as Admin once.)
Usually I also add "fbserver.exe" to firewall exception too
Restart FirebirdSQL service (or the whole PC) after changing gateway or DNS or firebird.conf
I am working on a project where i need access to Cloud SQL but my Ip address is frequently changing (10 times a day or more). Is there a way to tell Cloud SQL about my new ip address using scripting to allow access from it? At the moment i have to use the cloud console, but if i could write a script.
I have just found out that on the Cloud Console in Access Control, one can use a DNS name, rather than just an IP. Google is pretty awesome.
So in Access Control simply put a Domain Name as allowed access, and use a simple no-ip service like ddns.net to keep the domain name up to date with the dynamic ip.
When accessing Cloud SQL from AppEngine, you don't have to authorize the IP address. You must authorize the AppEngine application as described here.
EDIT:
If this is your local (ISP) ip address that keeps changing, then maybe you can setup a SSH tunnel :
Create an instance on Compute engine, can be the cheapest
ssh to the instance with params -L 3306:cloudsqlip:3306
Now authorize the ip address (no need of a static ip, can be the ephemeral) of the compute instance. You should be able to connect to your local machine 127.0.0.1:3306 and your traffic will be tunneled to your cloud sql instance.
Background
I am using a SparkCore wireless arduino board to connect to a local Node.js server. The server includes a local intranet TCP server that a TCP client programmed onto the SparkCore connects to.
Problem
If I run the server on a different network, the server has a different local IP address. When I do this, I have to reprogram the SparkCore arduino to tell it the new local IP address of the server to connect its TCP client to. This is not ideal for a variety of reasons.
Question
Is there a way to have the client dynamically search for the TCP server or alternatively have the server broadcast to TCP clients in a way that would inform the client of the local IP address to use for the server without initially hardcoding it? I would love to do this in way that did not involve iterating through a bunch of IPs on a specific port to see if a connection is made. That being said, if that's the only way to do this, then so be it.
How is the arduino booting? If it's booting using DHCP, one method would be to provide a customer DHCP option that provided the address of the node.js server. ntp, for instance, can configure itself in a similar way. This has the advantage that the arduino need not be on the same local subnet as the node.js server.
An alternative (slightly disgusting) would be to use an A record within your domain (let's say nodejs.example.com. Configure the local DNS recursive server to explicitly return this value (I am presuming you might have lots of different deployments with lots of different nodejs servers).
A third possibility would be to send out some form of discovery packet, either by broadcast, or better by multicast UDP. Assuming it's on the same LAN, the nodejs server could then reply. Clearly you might need to concern yourself with a rogue server impersonating your nodejs server, and therefore might need to add some security (e.g. use a shared secret, send a random nonce plus the nonce hashed with the shared secret to the server, the server checks the hash, and replies with the answer, the nonce, plus the answer hashed with the shared secret and the nonce, each of which the client then checks).
I need to have an Access front end and SQL 2005 back end for a client. I would like to require them to have a static IP and I'll open a port for that IP. But they also want to be mobile, so their IP will change when they aren't in their office.
Is there another way to secure the connection?
Thanks.
I much don't see any problem or issue with this question. As a note, one could keep in mind with your requested setup the IP address of the mobile devices does not and should not matter.
What matters for the most part is that device can connect to the IP address of the SQL server in question (and that address is not likely to change – or at least not change often).
so their IP will change when they aren't in their office.
This question makes more sense. The internal IP address you use to connect to SQL server can be an unc path name to the server (with SQL on it). However, often just using the IP address of the server on your local network also works. So a typical address would be 192.168.1.100.
So, your Access front end can thus link to the above IP address (I assume you have some SQL re-link code on startup).
When you step outside of the office and that local network, then of course you have several choices.
You could as you suggest open up a port on the SQL serving to allow incoming connections. This is likely not such a great idea. It likely better to setup some type of VPN from that device back to your office network. Once you have that VPN connection setup, then the front end that linked to the fixed internal ip address should continue to work (and you can use the SAME internal address).
However, without a VPN, then you can certainly have the Access front end "re-link" to the external exposed IP address of your office network. This would require that you open a port and forward a port on your router to the machine running SQL server. And you would have to open the default port for sql server. The default is 1433 – but as noted, it is NOT such a great idea to open up your SQL server to the wild internet. Last time I did this, within a FEW minutes there was automated "bots" on the internet already attempting to logon (and the robot was testing all of the most common sql logons + most common passwords). So, this is high risk adventure to open up sql server ports this way.
So, the best approach here is some type of SSL tunnel, or a VPN to your office network, and the bonus part is you likely NOT have to re-link the front end to a different IP address since once that "tunnel" is setup to your office, then the result of the network setup, including the use of printers etc. from your laptop should thus work with any place you connect to the internet.
I'm doing some socket programming in C where I have one server and many clients on the local network. I want the client to find (search for) the server on the network by itself (i.e.not having to specify the server's address) and connect to it. The protocol between the clients and server should be TCP.
I've been searching the web for some time to find a good solution to this, but haven't found one yet.
Any suggestion to how I would tackle this problem would be greatly appreciated.
An IP and port number is necessary for a client to connect to the game server. However, if the IP address of the server is not available, a 'compromise' could be reached by:
Using a hostname to connect to the server, you can use gethostbyname() to resolve a hostname and obtain the IP address. This should solve the issue if the server's IP is not known or is not static.
Having a process running on a known IP which can give you a list of active servers.
Having the clients scan a particular range of IP addresses instead of trying to connect to a single IP (not a very good idea, but should be doable on a LAN).
Havinh your server broadcast packets (say UDP datagrams) at fixed intervals to all hosts on the current subnet (again not really a good idea, will lead to unnecessary network traffic).
A hybrid approach with more than one of the above could also employed, for example, try connecting via a hostname and if that fails, fallback to connecting to a known IP with list of active servers etc.
If you have control over the network layout and such, I would use a solution involving DHCP and DNS.
Basically, you want to connect your DHCP server to your DNS server so that it would automatically create entries for new computers on the network. This is a feature that most DHCP servers and DNS servers support, including BIND and named and Microsoft's solution.
Then you'll set the server hostname to some known value, and have the clients find the server using DNS. That is, gethostbyname() would work properly so you could use the first bullet point offered in Bhargav's answer.