Community discussions

MikroTik App
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1282
Joined: Sun Sep 18, 2011 7:00 pm

give access to local network from the internet?

Tue Mar 24, 2020 1:24 pm

Hello ,
maybe someone here can help me understand what I need to do...

I have a web-server that show data from 4 remote servers\computers,
the web-server is accessible from all over the world (have a static public IP)
I want to give access to the remote computers from the web-server ,
so when someone enter the my website ,he can enter the computer
how can I do this?
My-Config.png
I have try to config using node-js proxy-server but I can't reach to the remote computers from the website (unless I'm in my own netwrok 10.0.0.0/24)
can some one guide \ help me to find a solution?
Thanks ,
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24496
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: give access to local network from the internet?

Tue Mar 24, 2020 1:26 pm

No answer to your question? How to write posts
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1282
Joined: Sun Sep 18, 2011 7:00 pm

Re: give access to local network from the internet?

Tue Mar 24, 2020 2:10 pm

I don't think it's the solution
all the computers use the same port
and how do I do it using the web-server ?

This is a tomcat web-server and not mikrotik router , if it was mikrotik router (or any router ) - I agree this is the solution.
 
anav
Forum Guru
Forum Guru
Posts: 3659
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: give access to local network from the internet?

Tue Mar 24, 2020 3:13 pm

I do not quite understand your setup. Your diagram is misleading Ithink.

Do you mean that you ahve a server behind your network.
No problem for anybody on the internet to reach your server (proper source nat rule and destination nat rule for server).

Then the complication is that the SERVER also talks to four other computers/servers?
These servers are remote meaning, on the internet???
So the Server has connections to other servers/PCs ON the internet???

This is where I get lost..........
If the user can get to you SERVER, any new traffic from the server outbound to external internet sites, is already covered by your sourcenat rule........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1282
Joined: Sun Sep 18, 2011 7:00 pm

Re: give access to local network from the internet?

Tue Mar 24, 2020 3:30 pm

I will try to expalin again:

I have a webserver running Tomcat on linux with public IP(82.159.x.x)
so everyone can enter it (if they have the right user\pass)
this webserver is connected to the project network (10.0.0.0/24)
I want to give access to the user to enter the local devices\servers (10.0.0.1,10.0.0.2...)
when I just use html link - it doesn't work , becasue the client computer can't reach 10.0.0.1

my question is how can I give access to the client to the project local network?
I know this is not a pure Mikrotik-router-network question , but the people here understand network very good (better then me)in order to help.

Hope now my quesion is more understandable...

Thanks ,
 
anav
Forum Guru
Forum Guru
Posts: 3659
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: give access to local network from the internet?

Tue Mar 24, 2020 4:29 pm

Getting there, I am less than educated on network, infrastructure,,,,,,, really good at sarcasm though! :-)

So your tomcat server is getting the internet from your router.
Your ISP gives you a number of WANIPs, and one of them is for your tomcat.
ANother is for the router itself and its NATTed networks.

One of the natted networks is a project network.

Thus it seems that you want external users to come into the tomcat server but access Devices on the natted LAN???

Close??
(I think the OP who suggested dstnat from tomcat server to project networks is probably correct, its either that or some funky routing rules)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Sob
Forum Guru
Forum Guru
Posts: 5416
Joined: Mon Apr 20, 2009 9:11 pm

Re: give access to local network from the internet?

Tue Mar 24, 2020 6:47 pm

You can't access internal servers directly, because no 10.x.x.x address is reachable from internet. If you have reverse proxy, you need distinct hostname for each internal server and clients must use these hostnames. They will all point to same 82.156.x.x, but proxy will see what hostname client wanted and will be able to send data to correct server based on that.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1282
Joined: Sun Sep 18, 2011 7:00 pm

Re: give access to local network from the internet?

Wed Mar 25, 2020 12:23 pm

yes
this is what I thought I need
I have try to this but without any success
do you a guide to how to do it?
I have search something in nginx
but I can't seem to understand what to do

this is the setup they suggest :
server {
    listen 80;
    server_name www.example.com example.com;

    location /app {
       proxy_pass http://127.0.0.1:8080;
    }
}
in the deafult html I made a link to 10.0.0.1
from the server I have ping and I can connect to the device
but when when I enter from the nginx server - it doesn't work
he transfer me to 10.0.0.1 - then it get stuck , like it should be

what am I missing ?
maybe you know a good nginx forum that can help me ?

Thanks ,
 
Sob
Forum Guru
Forum Guru
Posts: 5416
Joined: Mon Apr 20, 2009 9:11 pm

Re: give access to local network from the internet?

Wed Mar 25, 2020 10:20 pm

If you have proxy_pass with 127.0.0.1, it means the proxy would connect to same machine it's running on. Use the address of internal server (e.g. proxy_pass http://10.0.0.1, or with included port if it's not 80). I don't use proxy with subdirectory like you, it should work, but I'm not sure about exact behaviour. I normally forward whole sites like this:
server {
    listen 80;
    server_name app1.example.com;

    location / {
       proxy_pass http://10.0.0.1;
    }
}
server {
    listen 80;
    server_name app2.example.com;

    location / {
       proxy_pass http://10.0.0.2;
    }
}
...
I don't have any favourite tutorial or forum, just official documentation and Google.

When you test things, don't just look whether it works in browser or not. Or if you do, use developer tools to see exact requests and responses. Otherwise there are tools like curl. Because it's possible that even if you have correct proxy config, the backend server can handle requests incorrectly, return wrong redirects, etc.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: andriys, Bing [Bot], dzecevic, jamrobe, Lifz, nick7, solomon777 and 93 guests