PDA

View Full Version : Nobody can connect to my public IP address!




armoguy94
Jul 20, 2009, 03:33 PM
I'm running regular Leopard (not server), and I connect to the internet wirelessly through a Linksys WRT54GS (v2.1) router, which is hooked up to a Comcast cable modem. There are about 3-4 computers on our network.

When I enable "Web Sharing" in System Preferences, it says people can connect to my computer through my local IP address. It doesn't display my public IP address, so anyone outside of my network can connect. Of course, though, people connected to my house's wireless have access to my computer because of web sharing.

Whenever I type in my public IP address, it takes me to my router configuration page (which I can also get to by typing in 192.168.1.1...).

What am I doing wrong? In my 4+ years of owning a Macintosh, I've never been able to figure this out.

BTW, there are absolutely no firewalls or restrictions on my computer, or router.

http://img403.imageshack.us/img403/3902/picture2trb.th.png (http://img403.imageshack.us/img403/3902/picture2trb.png)



yippy
Jul 20, 2009, 03:35 PM
This has nothing to do with your Mac and everything to do with your router. By default, all routers block incoming connection from the external port (public IP). You need to read your routers manual and set up port forwarding on port 80 to your Macintosh.

geoffreak
Jul 20, 2009, 04:06 PM
If you can really get to your router's configuration page from outside your network with your public IP address, that is a SERIOUS security flaw. You need to go into your router and disable access from outside the network.

In order to access your webserver from outside your local network, you will need to tell your router to forward port 80 (and 443 for https) to your internal IP. Make sure that the computer with the web server on it has a static IP so that the forwarding will always function properly.

Don't forget that many ISPs block port 80 and don't permit web servers to be used in a home account. You will need a static IP address from your ISP if you plan on connecting a domain name to your web server.

Phil A.
Jul 20, 2009, 04:15 PM
Your router shares it's external connection with your computers using Network Address Translation (http://en.wikipedia.org/wiki/Network_address_translation). Basically, what this means is that you have to tell the router where to send incoming traffic to (normally using an option called port forwarding): Effectively you tell the router to send traffic on a specified port to a particular computer on your local network. Without this, all unsolicited traffic will go to your router and stop (I say unsolicited because if you've started a connection to a website and it's sending data back to you the router handles that automatically: It would be a bit useless otherwise as you wouldn't be able to connect to any websites!).
There are a few complications with things such as Universal Plug and Play (UPnP) but that's the basics of NAT
Also, if you don't have a static IP address you'll need a Dynamic DNS provider such as www.dyndns.org so that people can find you when your IP address changes

belvdr
Jul 20, 2009, 05:58 PM
If you can really get to your router's configuration page from outside your network with your public IP address, that is a SERIOUS security flaw. You need to go into your router and disable access from outside the network.

In order to access your webserver from outside your local network, you will need to tell your router to forward port 80 (and 443 for https) to your internal IP. Make sure that the computer with the web server on it has a static IP so that the forwarding will always function properly.

Don't forget that many ISPs block port 80 and don't permit web servers to be used in a home account. You will need a static IP address from your ISP if you plan on connecting a domain name to your web server.

Spot on. You can also use a dynamic DNS service, such as DynDNS.org, to attach a domain name. Personally I use this just so I can connect back to the home network while away. Web hosts are too cheap these days to be saturating my home bandwidth with that.

armoguy94
Jul 21, 2009, 03:52 PM
Thanks for all the replies!

The problem was that I was port forwarding incorrectly after all. I have ports 80 and 8000 port forwarded now, 80 for web and 8000 for radio broadcasting via Nicecast :)

I also have set up a DynDNS, it works good as well. I would love to set up a proper domain name to my computer without paying for any service (excluding the domain name itself obviously), it's a shame DynDNS won't allow me to without a subscription. However I don't really have the dire need for that right now.

One annoyance is sometimes the LAN IP of my iMac changes, so I have to always check for that and if it does change, I have to change the port forwarding settings in my Linksys configuration page.
http://img188.imageshack.us/img188/3787/picture2mpo.png

Is there any way to make my LAN IP static?

neil1980
Jul 21, 2009, 04:38 PM
yeah,

Under system settings, network, advanced (or somewhere like that) should be able to manually configure your TCP/IP settings and assign a static IP.

Alternatively you may be able to reserve an IP for your macs mac address with your router

armoguy94
Jul 21, 2009, 04:45 PM
yeah,

Under system settings, network, advanced (or somewhere like that) should be able to manually configure your TCP/IP settings and assign a static IP.

Alternatively you may be able to reserve an IP for your macs mac address with your router

Great, thanks! :)

milk242
Jul 22, 2009, 06:00 AM
I would recommend zoneedit for free dns services that allow own domain names.