forwarding – Is it possible to reveal URLs in a masked, server-side 301 redirect?

I work for a search monitoring company and I’m currently investigating some advertisements which are hiding malicious URLs in masked, server-side redirects. When users click these ads, they’re redirected through a domain located on a server with some malicious code on it, but that domain is being masked by URL forwarding services, like Porkbun, so all we see is the mask domain, but not the one behind the scenes. I’m wondering, is there is any possible way at all to obtain that hidden, server-side URL? Or is there a way to get any additional information about the hidden URL?

networking – pfSense port forwarding error

I recently set up a pfSense router on my network, but I cant get any forward with port forwarding.

I have a homelab server, and I’m trying to forward ports 443 (HTTPS), 80 (HTTP) and 9987 (TeamSpeak).

I’ve set up the NAT rules according to the pfSense documentation: nat forwarding setup.

Also, here is the configuration of my firewall rules on the WAN interface: firewall rules. (I did not modified the auto-generated firewall rule.)

And here is an image of the port forwarding details: detailed nat forwarding. The other rules are similar to this one, except the port (and the protocol on the TeamSpeak forward).

My problem is, with this configuration, the forwarding does not work. I can access my websites from a local IP, but when I want to try accessing them from outside (on 4G) the access seems to be blocked.

I’ve already tried to troubleshoot my problem with the help of the official troubleshooting guide, but it does not worked for me.

Please note, I am using Cloudflare as my DNS provider with the proxy option enabled.

dns – Service/Method for forwarding A record

You cant do this with an A record, and arguably the DNS spec is remiss in not having something that works exactly as you propose.

Setting up an A record for a subdomain you control and replacing the clients A record with a CNAME is as close as you can get. this only works correctly for the clients subdomain – ie www.clientdomain.example is OK but clientdomain.example will not work as intended

Some domain providers have come up with an artificial construct called an Alias record. This attempts to emulate the behaviour you are after by appearing like an A record when quiried, with the DNS service flattening the alias to an A record. This implementation is provider specific and somewhat implementation specific and requires your clients to use their systems to flatten the domain – so whole useful its not a generic answer.

forwarding – Forward and A record a subdomain?

I want to move my subdomain(my.subdomain.com) into a new server. I am using A record for this purpose. But I have some information to be sent to this page (my.subdomain.com/data.php) from another sources. Because of that on the new server, I created the same name (my.subdomain.com). But I am checking (my.subdomain.com/data.php)after A record, this error appears.

Gone
The requested resource is no longer available on this server and there is no forwarding address. Please remove all references to this resource.

Addin to that I have another subdomain (test.subdomain.com) that is looking to the same content but another directory. After A record to the new IP address, when I try this (my.subdomain.com/data.php) to automatically redirect my (test.subdomain.com/data.php) without any setting.

My question is how can I A record a subdomain with its HTTP requests and updates?!

Thanks

network – Port Forwarding for Bitcoin Core in order to allow incoming connections?

There is a rather good explainer on https://bitcoin.org/en/full-node#port-forwarding on how to do port forwarding for bitcoin core in order to allow incoming connections so as to support the network.

I have followed the instructions, set a fixed local IP for the Mac running bitcoin core and am now trying to configure the router for port forwarding.

Here I am facing the issue that I do not know what to write in the External host field. Please see attached screenshot. I am trying * since I do not know the IP of external host, but this does not seem to be allowed. The instruction on the above link does not include the detailed configuration that my router requires.

Could anyone please identify what I am filling in wrong in the attached screenshot and suggest how I can change this so that my full node can start allowing incoming transactions?

Many thanks for your time and support!

configuration of my router

publishing – Localhost website not accessible from Public IP despite port forwarding

My tiny office has 1 router, which is connected to ADSL line on one end and my laptop on other end. My local IP is 192.168.1.2.

I have setup Port 22 forwarding for ssh access. I have DuckDNS script that allows me to ssh -v -t -L 5900:localhost:5900 myname.duckdns.org into my office laptop whenever I want.

I followed the same port-forwarding procedure to configure my router to forward Port 8082. And ran a python/nodejs http server listening on 0.0.0.0:8082.

If I try to access my newly spun server from public IP I get timeout. This is the problem.

Steps tried:

Using the 5900 port, I used x11 forwarding and find that firefox can open localhost:8082, 127.0.0.1:8082 and 192.168.1.2:8082 properly.

I tried shutting down gogs and default nginx (which was listening on port 80 even though I didn’t tell it to) via systemctl but still no luck.

Why can’t I access my website but my SSH works?

New info:

Strangely curl https://PUBLIC_IP:8082 gives different outputs:

  1. At home, in my Cmder I get curl: (7) Failed to connect to PUBLIC_IP port 8082: Timed out
  2. However, in SSH terminal (i.e. of remote machine), in fish terminal, I get curl: (7) Failed to connect to PUBLIC_IP port 8082: Connection refused

Why is connection refused?

More info:

I tried

$ sudo tcpdump -vv -i enp7s0 | grep 8082
tcpdump: listening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes

If I curl localhost:8082 or 192.168.1.2:8082 I don’t see any output in the above command. But if I curl PUBLIC_IP:8082 from inside SSH session I get

    duckDNSsubDomain.40626 > abts-north-dynamic-031.P3.P2.P1.airtelbroadband.in.8082: Flags (S), cksum 0x469a (incorrect -> 0x84f5), seq 18095393, win 64240, options (mss 1460,sackOK,TS val 2474578357 ecr 0,nop,wscale 7), length 0
    abts-north-dynamic-031.P3.P2.P1.airtelbroadband.in.8082 > duckDNSsubDomain.40626: Flags (R.), cksum 0x8cea (correct), seq 0, ack 18095394, win 0, length 0

and a quick connection refused complain by curl (BTW my public IPv4 looks like P1.P2.P3.31.

And if I do the same curl from my home computer I see

    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags (S), cksum 0x299d (correct), seq 132055921, win 64240, options (mss 1370,nop,wscale 8,nop,nop,sackOK), length 0
    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags (S), cksum 0x299d (correct), seq 132055921, win 64240, options (mss 1370,nop,wscale 8,nop,nop,sackOK), length 0
    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags (S), cksum 0x299d (correct), seq 132055921, win 64240, options (mss 1370,nop,wscale 8,nop,nop,sackOK), length 0
    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags (S), cksum 0x299d (correct), seq 132055921, win 64240, options (mss 1370,nop,wscale 8,nop,nop,sackOK), length 0
    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags (S), cksum 0x299d (correct), seq 132055921, win 64240, options (mss 1370,nop,wscale 8,nop,nop,sackOK), length 0

and curl fails with timeout.

wireless networking – Wifi repeater not forwarding DHCP offers for certain devices

I recently bought an aigital wifi repeater. I plugged it it in and set it up to extend my current wifi network, which is provided by a low power linux box running hostapd and dnsmasq. My macbook pro, my android phone, and my wife’s tablet work just fine using the main wifi SSID (when close enough to the main router) and also via the extended SSID. My wife’s windows laptop and her android phone however can’t get an IP address. I’ve checked the logs on the linux box, and I can see the DHCP request coming in, and the offer made in reply, repeated over and over again

Jan  2 06:49:20 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:20 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:20 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:20 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:24 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:24 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:31 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:31 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:47 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:47 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:57 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:57 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:49:59 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:49:59 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 06:50:04 dagda dnsmasq-dhcp(1952): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 06:50:04 dagda dnsmasq-dhcp(1952): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
...
Jan  2 18:32:27 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:32:27 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:32:35 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:32:35 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:32:50 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:32:50 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:02 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:02 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:04 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:04 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:09 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:09 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:16 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:16 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:36 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:36 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:37 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:37 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3
Jan  2 18:33:42 dagda dnsmasq-dhcp(7578): DHCPDISCOVER(br0) 18:87:40:ed:1c:b3
Jan  2 18:33:42 dagda dnsmasq-dhcp(7578): DHCPOFFER(br0) 10.0.0.68 18:87:40:ed:1c:b3

If I give static IPs to the devices that have problems, everything works fine. It seems the repeater is blocking the DHCP offer responses for some devices consistently, and letting the responses through for other devices consistently. Either that, or it’s corrupting the responses somehow.

I’m hoping that I can identify some difference between the responses that work and the ones that don’t. Maybe there’s a setting in dnsmasq to fix the problem…

Is there a way to see if the DHCPOFFER packets are making it across the repeater?

linux – Port forwarding to Raspberry Pi web server not working

I’m trying to set up a local web server on the raspberry pi but I can’t get port forwarding set up so I can access it outside my local network. I have a Verizon router, and I’ve set up port forwarding on port 443 to the local ip of the pi :

port forwarding table

I have Apache set up on the pi to listen on ports 80 and 443. Here’s the output of netstat -lptn :

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::80                   :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 ::1:631                 :::*                    LISTEN      -                   
tcp6       0      0 :::443                  :::*                    LISTEN      -  

Still, when I go to https://{my-ip} from a cellular connection (not on my wifi) I can’t connect to the server. Any help would be greatly appreciated.