this post was submitted on 17 Jan 2025
9 points (73.7% liked)

networking

2856 readers
19 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
manifex@sh.itjust.works
9
How do I listen for HTTP requests from the internet? (lemmy.ca)
submitted 1 day ago by john89@lemmy.ca to c/networking@sh.itjust.works
38 comments fedilink hide all child comments
 

I've been able to set up sending and listening to http requests locally using 127.0.0.1:8000. I want to try doing it using the internet now.

I have a VPN with port forwarding enabled, but sending requests to that IP address and port does not yield a response like it did when doing it locally.

Can anyone clarify which address I should be listening on in order to receive http requests from the internet? I tried 0.0.0.0 and a few inet addresses from ip add, but none of them work.

you are viewing a single comment's thread
view the rest of the comments
[–] remotelove@lemmy.ca 5 points 1 day ago (2 children)

Ok, you are putting the cart a few steps before the horse here and put simply, you can't just tap the entire Internet from behind your own Internet connection and "through" a VPN. (A VPN "tunnel" is a bit misleading on how traffic is seen in the wire, but that is still many more steps ahead.)

Watching pcap is cool, but you need a fundamental understanding of networks and network protocols before you can actually see more than characters of the Matrix and understand what you are tapping into from the start.

To kick off your own research path, start reading into the OSI Model, TCP vs UDP, traffic routing and subnetting. You need to understand where you need to be to see the traffic you want to see first.

Unfortunately, I can't begin to answer your question without some foundation in place first.

[–] FooBarrington@lemmy.world 2 points 1 day ago

There are good points, but I'd disagree on the OSI Model, just read up on the 4-layer model instead. OSI goes into more detail, but is honestly more of a theoretical model and harder to understand without any payoff right now.

[–] john89@lemmy.ca -4 points 1 day ago (2 children)

So, you don't know how to listen for an HTTP request that's sent over the internet to a VPN IP address with port-forwarding enabled?

[–] remotelove@lemmy.ca 2 points 1 day ago* (last edited 23 hours ago) (1 children)

Of course I do, but its very conditional in your case. For the record, I did miss that you had port forwarding enabled already and read your post as if you were just trying to connect to the open internet and see any traffic going to some rando servers. That would be a very different situation.

How is the traffic proxied locally? Does the VPN client even allow inbound connections? Is a virtual interface configured for the VPN and is there an inbound port open?

What makes this situation conditional is that there are several ways your VPN client could be configured and it is my guess that it is the bottleneck in this case. If you tried every address that you could find and saw nothing, chances are, there is no traffic to be seen. Any stateful firewall will drop an inbound SYN or traffic not related to an established connection.

Your routing table may give some good clues as to where traffic is going as well. For example, the VPN client could be creating a local default gateway IP. Unless there is a split path configured, all traffic should be traversing that IP, regardless of what it is.

So, can you elaborate more on the route your traffic is taking? Listening on 0.0.0.0 can sometimes work, but usually a specific interface needs to be defined as well. In some cases, tcpdump setting the interface to promiscuous mode can break things.

Also, it's a VPN. How traffic is getting routed in through the tunnel could be problematic. I have just been assuming that everything is fine up to the client you use and the computer sending traffic to inside your network is part of the VPN.

[–] possiblylinux127@lemmy.zip 2 points 1 day ago (1 children)

They are telling you that you need to learn some more networking before you do anything.

There is no reason to expose a http server on the internet

[–] john89@lemmy.ca 1 points 1 day ago (1 children)

There is no reason to expose a http server on the internet

Lolwut.

[–] possiblylinux127@lemmy.zip 1 points 1 day ago (1 children)

What are you trying to do?

[–] scrubbles@poptalk.scrubbles.tech 2 points 17 hours ago (2 children)

From what I've gathered, either this guy is honestly trying to learn how to set up an http server that he built, which great but good luck finding a von that will NAT requests to you.... Or ..

He thinks internet traffic is blasted to every computer out there and wants to "listen" for it. Honestly I can't tell and they can't describe the problem in a way where we can help them

[–] gedhrel@lemmy.world 1 points 7 hours ago

Seems like lots of vpn providers offer port forwarding after a fashion. It surprised me too but there were summary comparisons just a search away.

[–] possiblylinux127@lemmy.zip 2 points 15 hours ago (1 children)

The person above probably should not be exposing something to the internet.

Chances are they just want a simple environment to play in which is easily provided by either a virtual lab or a local network.

[–] scrubbles@poptalk.scrubbles.tech 0 points 14 hours ago

Agreed. I've been self hosting for well over a decade now and I can count how many services I expose on one hand, and they are very curated. He's trying to convince people he knows what he's doing, but I'm not convinced he's not trying to be a leet haxxor