1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Accessing http://192.168.1.101:8080/POS from outside office

Discussion in 'General Discussion' started by lautamas, Sep 7, 2006.

  1. lautamas

    lautamas LI Guru Member

    Hello people,
    We are using web-based accounting software. Internally, everybody is accessing the software by going to: http://192.168.1.101:8080/POS. It will show the bellow screen.
    Now, I want someone outside our office can access the software by going to our server.
    [​IMG]
    Facts:
    - Server is online on the internet 24/7
    - Our WRT54GS ver 1.1 is based on DD-WRT v23 SP1.
    - I am testing this using a remote computer using DIAL UP connection trying to connect to our web-based acounting software. I always get a PAGE CANNOT BE DISPLAYED everytime I type (http://222.125.11.233/POS) or even (http://222.125.11.233:8080/POS). However, I can ping our server IP address 222.125.11.233 just OK from the remote computer using dial up.

    The question is now..how to setup the PORT forwarding and stuff on WRT54GS so someone outside our office can access the web-based accounting software?

    Thank You,

    Michael
  2. Guyfromhe

    Guyfromhe Network Guru Member

    you'd want to forward port 8080 tcp to 192.168.1.101 for that to work, however i'd recomend that you setup a VPN connection rather than using port forwarding if this is accounting software, it will add another layer of security to your internal applications, and all traffic to and from the accounting software is encrypted.
  3. lautamas

    lautamas LI Guru Member

    Thank You for the answer. I should try that to office tommorow. Can you please forward me to a guide where I can setup a VPN network? Thank you...
  4. Guyfromhe

    Guyfromhe Network Guru Member

    I believe DD-WRT has a PPTP VPN server built in to it... You'd need to look at the docs or someone that runs DD-WRT can comment on that...
    Then you just setup a new network connection in windows to the internet IP of your router as a VPN connection (it gives you the option) then enter the username and password you set on the router... at that point it will be like your computer is directly connected to the LAN and they can access it the exact same way they do at work with the 192 address.
  5. lautamas

    lautamas LI Guru Member

    Why do I keep getting THE PAGE CANNOT BE DISPLAYED?

    Bellow is the setup of my DD-WRT
    [​IMG]

    I went dial-up and test the connection by going to:
    http://222.124.53.82:8080/POS. (where 222 is the IP address at that moment).

    However, I get a page cannot be displayed. I can ping 222.124.53.82 using dial up just well. When I try to open, it seems that IE is trying to open the file, but failed to do it. It finally came out with "the page cannot be displayed".
    Can someone please help me? FYI, I have a Symantec Antivirus Corporate 10 running on the server. I have disabled it. Might that be the problem?
  6. Guyfromhe

    Guyfromhe Network Guru Member

    it could be the problem only if it's got the firewall component in it, otherwise it shouldnt' be.

    If that doesn't have a firewall, check for other software firewalls installed on that computer... that may be blocking it...
  7. lautamas

    lautamas LI Guru Member

    I found it! It seems that I have to setup my ADSL Modem wiht port forwarding as well. So, I did setup the ADSL modem to forward port 80 to 8080 in ip 10.0.0.13 (the IP of the WRT54GS which it acquires from ADSL MODEM). Then, on WRT54GS, I setup port forwarding from 8080 to 8080....walah...it works flawlessly...

    Thank you for the help.
  8. lautamas

    lautamas LI Guru Member

    one last question...how secure is this going to be? I mean...besides people trying to key in the right username and password by guessing around...what other flaws might there be for this kind of setup?
  9. pablito

    pablito LI Guru Member

    The security is going to be up to the application. The port forward won't introduce anything additional except that a *lot* more strangers will be hitting the server.
    One thing I would seriously do is to enable hostname based virtual web on your internal webserver. In other words, forget the IP based access, set it up so that the web app can only be accessed by a full URL like: http://accounting.yourdomain.com:8080/ or something like that. If they hit you with the IP or any other URL they get a default page or a redirect to somewhere else. This way the constant hits and scans from random crackers/robots never see the login screen unless they know the correct URL.
    This is easy in Apache, I don't know IIS but I'm sure it can do it too.
  10. lautamas

    lautamas LI Guru Member

  11. pablito

    pablito LI Guru Member

    Not exactly. The port number 8080 is up to you. Using a noip hostname is a good idea too. But what I mean is that the webserver itself will only show the login page if the correct hostname is used (http://accounting.no-ip.org or your choice of URL). If a user comes in with the correct IP but a different hostname or just the IP they don't see the login screen. That is a webserver config. In Apache land that is called NamedVirtualHost. This prevents crackers and the curious from seeing your site unless they know the proper hostname. You essentially setup two sites, the main application and a default page that can't access anything.

Share This Page