A lesson learned from trying to install a DVR security camera on a LAN with a private IP address, that needs to be accessed from the public Internet.  You can download RITLABS S.R.L's TinyWeb server from here, or download it here directly from Quest4 with this how-to text file included right in the archive.

-=-=-=-=-=-

Prerequisites: To test a port on a system on with a private IP address, you need access to either a system coming in from the public internet, or, from the system you are testing, the ability to either open up a Remote Desktop session on an outside system or the ability to open up an SSH session on an outside *BSD/Linux system with Lynx installed on it (i.e., a computer located outside your LAN (on the WAN), with a public IP address on it).

Programs required: tinyweb.zip and any web browser (or download tinytest.zip here).

TO START:

Create a directory, for example c:\www, on the c:\ drive of the system you want to test. In this directory, put tiny.exe and an index.htm file. If you don't have the included index.htm file, simple make a .txt document called index.htm with these contents:

<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>It Works</title>
</head>
<body>
<p><b><font size="6">It Works!</font></b></p>
</body>
</html>

-=-=-=-=-=-=-=-

Tiny.exe Quick-start CLI Examples (assuming you put tiny.exe in c:\www):

To Run TinyWeb on port 8000:
c:\www\tiny.exe c:\www\ 8000

To Run TinyWeb on port 8000 and address 212.56.194.250:
c:\www\tiny.exe c:\www\ 8000 212.56.194.250

Note: To open a CLI prompt, go to Start/Run/. In the box that pops up, type "cmd" or "command"  and press enter. This will bring up a CLI DOS prompt. Type either of the above tiny.exe CLI syntax examples, depending on your needs, in the CLI DOS prompt.

-=-=-=-=-=-=-=-=-=-=

How to use tiny web server to test a port. For this example, suppose the WAN IP address of your network is 65.201.93.45 and the LAN IP address of the test system you are on is 192.168.1.4.

1) On the system you want to test, download and put tiny.exe into c:\www (or the directory of your choice, but if you change the directory, you have to change the quick-start CLI commands above to match this change).

2) Open a CLI window and type in one of the above tiny.exe commands, edited for proper port and IP address. (By default, tiny.exe attempts to bind with all local IP addresses, but you may specify one if needed by using the second Quick-start CLI example given above. Otherwise, the first example should usually work just fine).

3) Find your test system's WAN IP address by either viewing your router/dsl/cable modem's configuration files, or going to http://www.whatismyip.com/

4)  In the CLI, run IP config and get the IP address of the system you want to test. For this example, we will pretend ipconfig returned the IP address of 192.168.1.4 (and that you plan to test port 8000).

5) Configure your router/dsl/cable modem so that requests to the test system's WAN IP address, as found in step 3, forward to the IP address of 192.168.1.4, (substituting the test system's IP address, as found in step 4). This can usually be done by modifying the firewall rules in your router, or by creating a port forward (e.g., any request to IP 65.201.93.45 port 8000, is forwarded to 192.168.1.4 port 8000. Find the documentation on your router/dsl/cable modem for specific instructions on how to do this.*

6) After configuring your WAN's public IP address to pass-through to your LAN's private IP address, use a system with an IP address outside of the LAN you are currently testing (e.g., on the WAN, with a public IP address). Note, the easiest way to do this is, on the system you have installed tiny.exe on -- or another computer on the same LAN -- use a Microsoft Remote Desktop session or putty.exe to SSH into a *BSD box with lynx installed on it, and open up a remote session on an outside system (i.e. a system with a public IP address, located outside the LAN of the system you are testing). Open up a browser on the Remote Desktop or the remote lynx session. In this browser, type in the URL of http://65.201.93.45:8000 (substituting the IP address of your actual WAN, of course)**.

7) If you can get to the system you are testing from the outside world, you should see "It works!" displayed in the browser window. If you haven't figured it out yet, seeing this means, it works!

Why would you need to do this?

Suppose that you are installing an application on a system with a LAN IP address of 192.168.250.120 and that it used port 8000. First off, this is a private IP address on the LAN side of your network. If you were attempting to get to this from the public Internet, it wouldn't work. However, if you properly setup your router/dsl/cable modem and, if applicable, your firewall, and you know your WAN's public IP address, you would get to your application by using the WAN's public IP address...which would then map/port forward to your newly installed application on said test system.

Now suppose how easy it would be to test this if you were installing, say, a POP3 server. You would test it by, on an outside system, putting the following command into a CLI prompt:

         telnet 65.201.93.45 8000

If the router/dsl/cable modem's firewall or port forwarding were configured correctly, a proper POP3 response would easily be seen by the above test. But suppose you were testing an application that would not respond to a telnet session. By installing tiny.exe and using an outside system, located on the WAN, to test your router/dsl/cable modem, and/or firewall rules, you can simply use a web browser to troubleshoot your application's setup.

For instance, if your application didn't work...is it the router/dsl/cable modem's fault, or your application? Using tiny.exe, you will easily be able to tell if you are getting through from the WAN to the LAN. And you will easily be able to tell if your firewall rules are working correctly. If your test of the router/dsl/cable modem's port forwarding/firewall rules are successful, and your application still isn't working, then you know that at least that it is the application and not the router/firewall.

 

 

* Why can't I just use the IP address found in ipconfig? The short answer is, you can use this IP address if it is a public IP address. If it is a private IP address, you have to configure your router/dsl/cable modem to map/port forward to the private IP address. Why????

Because every public IP address has to be unique. If your LAN uses a private IP address block, such as 192.168.1.0...so does about 10 million other LANS. If you type http://192.168.1.4 into a browser URL, how does it know to go to your LAN test system instead of the 9,999,999 other LANs that contain the same IP address?

The answer is, of course, that it can't, so you use your WAN's unique public IP address, to map/port forward to your LAN's private IP address block.

**To specifiy a port address on a destination system, you simply put the port at the end of the URL, separated by a colon. For example, to go to port 587 on a system with an IP address of 65.201.93.45, you would go the URL of http://65.201.93.45:587. Note, to telnet to the exact same location, you would open up a CLI prompt and type in, 'telnet 65.201.93.45 587' and hit enter.

 

 


 


This document released under the

Attribution-NonCommercial-ShareAlike 2.0

You are free:

  • to copy, distribute, display, and perform the work

  • to make derivative works

Under the following conditions:

Attribution. You must give the original author credit.
Noncommercial. You may not use this work for commercial purposes.
Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one.
  • For any reuse or distribution, you must make clear to others the license terms of this work.

  • Any of these conditions can be waived if you get permission from the copyright holder.

Your fair use and other rights are in no way affected by the above.

This is a human-readable summary of the Legal Code (the full license).