Access WP on home LAN from outside via port substitution

mirzar
(@mirzar)

7 years, 9 months ago

I searched many related posts, but could not find one that matches my case.
I’m running WP on a Raspbian (jessie) inside the home LAN and would like to access it from the internet.

WP installation is in the www root folder and I access my WP locally via:
http://192.160.100.105.

The phpMyAdmin is running on http://192.168.100.105/phpmyadmin

I configured my router to do port substitution from 6666 on the router to port 80 on my raspberry pi.
When I enter http://142.252.127.124:6666/phpmyadmin, all is fine, I can access it.
But when I enter just http://142.252.127.124:6666 (trying to acceess the WP) it times out.

Viewing 8 replies - 1 through 8 (of 8 total)

Dion
(@diondesigns)

7 years, 9 months ago

Home systems are not properly hardened for use as servers. Chances are pretty good that, if you continue to keep your home system open to the outside world, it will eventually get hacked and be turned into a zombie machine.

Also be aware that most ISPs require business accounts to run websites. If your ISP is in this category, and they find out what you’re doing, they may terminate your residential account since you will have violated their terms of service.

Thread Starter mirzar
(@mirzar)

7 years, 9 months ago

Thanks for the piece of advice, although a bit off-topic 🙂

This will not be a website for the public to visit.
I’m rather experimenting around. I’m trying to figure out what prevents me from accessing WordPress, but not for example phpmyadmin, or any plain html for that matter.

To remind you: I forward <my public IP>:6666 to <my local apache IP>:80 and wordpress does not like it. Did anybody tried similar scenario?

Dion
(@diondesigns)

7 years, 9 months ago

I’m running WP on a Raspbian (jessie) inside the home LAN and would like to access it from the internet.

I’d say my advice is dead on topic. 🙂

The people accessing your site won’t be there to visit. They will be trying to break into your system and take it over. And since virtually all home systems lack the hardware and software to prevent such network attacks, the intruders have a good chance of succeeding.

Hosting is cheap these days, and short-term hosting is available at hourly rates from many cloud providers. Give it some thought…or give some thought to changing Apache to only listen to ::1 and/or 127.0.0.1.

Clayton James
(@claytonjames)

7 years, 9 months ago

http://142.252.127.124:6666/phpmyadmin

That’s both odd, and interesting at the same time, because that ip address is in a netblock associated with “ceylon proxy” and hosts at lease two sites that appear to possibly be (they are Chinese sites tha seem to be offering gambling with Filipino operators) casino and -or- possible phishing related content. – Just my opinion, of course, and I could just plain be completely wrong.

How did you come by that WAN address for your Pi (more accurately, your router)?

Thread Starter mirzar
(@mirzar)

7 years, 9 months ago

The people accessing your site won’t be there to visit. They will be trying to break into your system and take it over. And since virtually all home systems lack the hardware and software to prevent such network attacks, the intruders have a good chance of succeeding.

Hosting is cheap these days, and short-term hosting is available at hourly rates from many cloud providers. Give it some thought…or give some thought to changing Apache to only listen to ::1 and/or 127.0.0.1.

You missed my point (and post). The site was never intended to be accessed by anyone but me. Probably I’ll even tear it down entirely in next few days.
My Apache server is actually down all the time while I’m not playing with it.

Having resolved that, can we focus on the actual problem at hand 🙂

Thread Starter mirzar
(@mirzar)

7 years, 9 months ago

http://142.252.127.124:6666/phpmyadmin

That’s both odd, and interesting at the same time, because that ip address is in a netblock associated with “ceylon proxy” and hosts at lease two sites that appear to possibly be (they are Chinese sites tha seem to be offering gambling with Filipino operators) casino and -or- possible phishing related content. – Just my opinion, of course, and I could just plain be completely wrong.

How did you come by that WAN address for your Pi (more accurately, your router)?

Sorry for not mentioning explicitly, that the above IP and port number are not my actual IP:port, but some random combination I put in for illustrative purpose. My IP does not matter here, it’s dynamically assigned to me by my ISP.
Having that off the table, is it possible to access WordPress in a situation described in my first post?

Clayton James
(@claytonjames)

7 years, 9 months ago

Having that off the table, is it possible to access WordPress in a situation described in my first post?

Sure.

Scenario 1

A) assign a static private ip address to the Pi

B) install WordPress on the Pi using that static address in the URLs – now you can open WordPress from anywhere on your own LAN.

Scenario 2

A) assign a static private ip address to the Pi

B) open your router and setup port forwarding for ports 80, 8080, and 443 to the private internal ip of the Pi.

C) retrieve your actual WAN address and configure the default Apache virtual host container using your WAN address (without a domain, you need to use the ip address) then run the install routine using the WAN ip in your WordPress URL’s. Now you can probably see WordPress from the WAN.

The problem(s).

1)Your WAN ip is dynamic. The first time your ISP renews the lease, the site stops working.

2) Your router needs to support NAT loopback. If you have a combo modem/router arrangement supplied to you by your ISP, it may or may not support that. If you have a separate router and it’s reasonably new, you’re probably okay.

3) Your ISP may or may not allow residential account web servers (port 80, 8080) which brings us to the port issues.

By default, I’m sure you know that web servers usually run and listen for traffic on ports 80, 8080, 443. You can reconfigure Apache and your virtual hosts to listen on alternative ports if you want to, but that’s beyond the scope of the WordPress forums – and unless you’re running more than one web server on the same machine (think IIS and Apache on the same server for some reason) there’s no real reason to hide http traffic.

Using a service like DynDNS would solve a lot of your issues if you want to experiment with real web traffic in and out of the Pi from the WAN. And it gets real very quickly in this type of situation, as @diondesigns has already mentioned.

If you just want the site accessible from your own LAN, then none of what you’re asking about is required. Just the setup in Scenario 1.

Good luck to you!

gummansgubbe
(@gummansgubbe)

7 years, 2 months ago

I’m usually using ssh to do things like this, had to search the internet for how/why in this case though, due to the fact that wordpress rewrites your adress(?).

From putty create a port forward under the SSH/Tunnels tab. Set source port (your remote pc) ’80’, and destination (your raspberry) to ‘localhost:80’ . (not the ”’…).

Make sure your router forwards port 22 (ssh) to your raspberry and it should work. I guess all your web traffic would go through your raspberry with this setup, which is why I would normally use port 8080 for the source, but wordpress rewrites that to 80 anyways.

As for your WAN ip, just setup a script on your raspberry to email the WAN everytime it changes. Not so often it does though, after the worlds government decided to track everything ISPs try to keep adresses as static as possible. Here is a link to such a script (my own). http://dephiox.blogspot.se/2016/01/obtaining-external-wan-ip-address-from.html

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Access WP on home LAN from outside via port substitution’ is closed to new replies.

Access WP on home LAN from outside via port substitution

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics