Okay this tutorial will cover how you can get packets into you network. Not as replies or ACK packets to outbound traffic but hosting local apps which can be accessed from the outside world.
I dunno a single Indian company that is doing web hosting or any hosting of applications with success. There is a big player called Ctrl-S in Hyderabad but according to me they are not a technical outfit just like any other Indian company. Started by people who are more business focused than technically motivated the company does not seem to be making big inroads in local data centers and stuff. Even if you take God forsaken Reliance, Airtel, Tata or our own Sarkai BSNL, they all suffer from technical incompetence in equal measure. Anyway let us leave aside big boys that host websites, cloud and applications with real public IP and stuff. I have successfully run my mail server with an optic fiber static IP block and nowadays I have at least 3 machines in America which I can access publicly; so I have no trouble about running any application with full access to the Internet. In general to be able to run a website or any TCP application that works on a public IP and public port that can be accessed from anywhere you should know how to let packets into your network using your MODEM. There is no need to run a real static IP but that will surely help. You should be able to access a local machine's local port from a public machine on the Internet by changing the configuration on the MODEM. How to achieve that? This is a big complex , so I will cover this with care. I really don't understand the concept of DMZ very well but I know this much for my practical need that every MODEM out there has a DMZ setting where you can give a local IP like 192.168.1.3. And lo, all your packets showing up on the public interface of the MODEM get automatically forwarded to this local IP with the effect that you can now run any service on any port, UDP or TCP or even lower level and you can access it from the Internet. This is somewhat easy. Now if you are only interested in running a website just for the heck of it,then you can port forward 80 to a local machine running Apache. This is one idea. Another is that you can use ssh remote port forwarding. Just like you can port forward HTTP, you can port forward any TCP or UDP port, of course this will not work with FTP, but this will work with rsync, ssh and many other protocols. Okay you run broadband and don't have a static IP. Now what? Use my dynamic DNS service or create your own and use the DNS name to connect. More on this later. What has skype and bittorrent got to do with all this? Just that all these protocols allow incoming calls and connections though they run behind a NAT in a broadband connection. How is this done? There are many techniques to allow incoming connections without active intervention like what we talked above using the MODEM configuration or running ssh port forwarding. They mostly use a technique called UDP hole punching(http://linuxjournal.com/9004) or some such to notify the public port we are running on and by simulating an outgoing packet the incoming call is sent as a reply thus allowing incoming packets. All firewalls/MODEM devices allow replies to outgoing packets on the same port. They do not allow connections to machines inside the local LAN which is running on private IP addresses anyway. In a way NAT leads to a local of security eh? -Girish -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
