problem with WAN access to wordpress

I'm using Raspberry Pi 3 with the Apache service to install and host my Word Press page in this directory. Once the installation is complete, it could work fine with LAN access, but when I tried with WAN access, it's so slow and it seems like it's a problem with the display. I already change port on Apache and WordPress, open it also on my router. Please see below to understand the problem I am facing.
Could someone give me some advice?

Local access works well
enter the description of the image here
Access to the WAN becomes erroneous.
enter the description of the image here

spam – Localization of the malicious internal IP address on the WAN

Battery Exchange Network

The Stack Exchange network includes 175 question-and-answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

VPN / OpenVPN behind a private WAN IP

I have a NAS server and a Raspberry PI running some services on my home network that I would like to be able to remotely access from my cellphone or my laptop while I'm traveling. The problem is that my router, which connects to the ISP's network via PPPoE, does not have a publicly available IP address. Asking the ISP to transfer port to my private IP address is out of the question.

I now have the feeling that OpenVPN should be able to solve this problem, but until now, I can not understand how. Do I need help from an intermediary to access my home network remotely? Should I install OpenVPN on all devices I want to access from the outside or a device with OpenVPN can it serve all others on the same network? enter the description of the image here

nat – How does the website "whatsmyrouterip.com" detect the IP address of the LAN router and the IP address of the LAN device as well as the IP address of the WAN gateway router?

The website http://whatsmyrouterip.com/ can be used to resolve the public Internet WAN IP address of a gateway router. However, it also displays the private IP address of the gateway router and the private network address of the device sending the request (for example, a laptop).

How does the site access IP addresses of private networks, knowing that the NAT source IP address of the page request is that of the gateway router? HTML headers?

FOR EXAMPLE. Public IP address of the gateway router: 257.59.201.1. Private LAN address of the 192.168.1.1 gateway router. Private LAN address of the laptop 192.168.1.25.

The site is HTTP, so all this information is submitted in clear text.

vpn – Does the Load Balancing of Multiple WAN Connections Improve Anonymity?

I would like to understand the pros and cons of balancing outgoing connections for anonymity.

Scenario 1: My Router (ip A)> VPN Router (ip B)> VPN Router (ip C)> Web Host

Scenario 2: My Router (ip A)> 3 Load Balanced VPN Client Connections (ips B C D)> 3 Separate Connections Leaving VPN Routers (ips E F G)> Web Host

Continuing my sorry curiosity,
What happens if senario 2 to corresponds to 3 connections to the same VPN server but the VPN IP addresses or source to the web host are obviously different.

A problem that I identified is that of senario 2: you have a bigger fingerprint / connection pattern, which is a problem. Visit obscure sites compared to popular sites.

This is assuming the user accepts latency and authentication issues or SSL, etc.

debian – Why do I need a static route to enable WAN traffic?

I've recently set up a Debian 9 server (Debian 4.9.130-2) for it to run as a thin server, running a series of Docker containers (nextcloud, sync, etc.) to basic service sides such as ssh. The services are properly configured and working without problems: I can connect to ssh and docker containers from any device on my local network without any apparent problem.

I've configured the packet capture on my router, then several incoming connection attempts with the ports transferred from a VPN. Using this method, as confirmed in another question here, the router was properly configured and the server dropped packets once it had received them from Offnet. A little more troubleshooting confirmed that the traffic works as soon as I have defined a static route for the WAN subnet. Here's my question – it's a relatively simple Docker server and I've never been in this situation before where static routes were required. What is missing in my configuration?

Here is the original routing table:

$ ip route
0.0.0.0/1 via 10.1.10.9 dev tun0
default via 192.168.1.1 dev eno1 onlink
10.1.10.1 via 10.1.10.9 dev tun0
10.1.10.9 dev tun0 proto kernel scope src link 10.1.10.10
128.0.0.0/1 via 10.1.10.9 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-931904c155b2 kernel reach link proto src 172.18.0.1
172.98.67.82 via 192.168.1.1 dev eno1
192.0.0.0/8 dev eno1 proto kernel link link src 192.168.1.208
192.168.1.0/24 via 192.168.1.1 dev eno1

Quick key for relevant addresses for troubleshooting:

  • 196.52.84.14 is an IP address assigned to my PC when connecting to a VPN
  • 192.168.1.208 is the IP address of the local network of the server.
  • 87.75.107.144 is the IP address of the WAN on the router (obfuscated)

The firewall is as follows:

$ sudo iptables-save
# Generated by iptables-save v1.6.0 on Fri Mar 15 20:37:38 2019
* nat
: ACCEPT PREROUTING [3920:488137]
: ACCEPT ACCEPT [2997:321060]
: OUTPUT ACCEPT [2725:243307]
: POSTROUTING ACCEPT [2735:246173]
: DOCKER - [0:0]
-A PREROUTING -m addrtype -dst-type LOCAL -j DOCKER
-An exit! -d 127.0.0.0/8 -m type-type -dst LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16! -o br-931904c155b2 -j MASQUERADE
-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp -dport 8181 -j MASQUERADE
-A POSTROUTING -s 172.18.0.3/32 -d 172.18.0.3/32 -p tcp -m tcp -disc 7878 -j MASQUERADE
-A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp -dport 8686 -j MASQUERADE
-A POSTROUTING -s 172.18.0.5/32 -d 172.18.0.5/32 -p tcp -m tcp -dport 9000 -j MASQUERADE
-A POSTROUTING -s 172.18.0.6/32 -d 172.18.0.6/32 -p tcp -m tcp -dport 8989 -j MASQUERADE
-A POSTROUTING -s 172.18.0.7/32 -d 172.18.0.7/32 -p tcp -m tcp -dport 4040 -j MASQUERADE
-A POSTROUTING -s 172.18.0.8/32 -d 172.18.0.8/32 -p tcp -m tcp -dport 8000 -j MASQUERADE
-A POSTROUTING -s 172.18.0.8/32 -d 172.18.0.8/32 -p tcp -m tcp -dport 80 -j MASQUERADE
-A DOCKER -i docker0 -j BACK
-A DOCKER -i br-931904c155b2 -j BACK
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 8181 -d DNAT-to-destination 172.18.0.2:8181
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 7878 -d DNAT-to-destination 172.18.0.3:7878
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 8686 -d DNAT -to-destination 172.18.0.4:8686
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 9001 -d DNAT-to-destination 172.18.0.5:9000
-A Docker! -i br-931904c155b2 -p tcp -m tcp -direct 27021 -d DNAT-to-destination 172.18.0.6.8989
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 4040 -d DNAT-to-destination 172.18.0.7:4040
-A Docker! -i br-931904c155b2 -p tcp -m tcp -dport 10001 -d DNAT-to-destination 172.18.0.8:8000
-A Docker! -i br-931904c155b2 -p tcp -m tcp -dport 10000 -d DNAT-to-destination 172.18.0.8:80
COMMIT
# Ended on Fri Mar 20:37:38 2019
# Generated by iptables-save v1.6.0 on Fri Mar 15 20:37:38 2019
*filtered
: ACCEPT ACCEPT [6374971:555022347]
: DROP FORWARD [0:0]
: OUTPUT ACCEPT [8882591:15858115582]
: DOCKER - [0:0]
: DOCKER-INSULATION-STAGE-1 - [0:0]
: DOCKER-INSULATION-STAGE-2 - [0:0]
: DOCKER-USER - [0:0]
-A INPUT -p tcp -m state -state NEW -m tcp -dport 22 -m comment -how "Allow SSH" -j ACCEPT
-A INPUT -p tcp -m tcp -dport 443 -m comment - comment "Allow HTTPS" -j ACCEPT
-A FORWARD -j DOCKER-USER
-Before -j DOCKER-INSULATION-STAGE-1
-A FORWARD -o docker0 -m conntrack -ctstate CONNECTED, ESTABLISHED -j ACCEPT
-Before -o docker0 -j DOCKER
-A BEFORE -i docker0! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-931904c155b2 -m conntrack -ctstate RELATED, ESTABLISHED -j ACCEPT
-A FORWARD -o br-931904c155b2 -j DOCKER
-A FORWARD -i br-931904c155b2! -o br-931904c155b2 -j ACCEPT
-A FORWARD -i br-931904c155b2 -o br-931904c155b2 -j ACCEPT
-A DOCKER -d 172.18.0.2/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8181 -j ACCEPT
-A DOCKER -d 172.18.0.3/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -disc 7878 -j ACCEPT
-A DOCKER -d 172.18.0.4/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8686 -j ACCEPT
-A DOCKER -d 172.18.0.5/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 9000 -j ACCEPT
-A DOCKER -d 172.18.0.6/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8989 -j ACCEPT
-A DOCKER -d 172.18.0.7/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 4040 -j ACCEPT
-A DOCKER -d 172.18.0.8/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8000 -j ACCEPT
-A DOCKER -d 172.18.0.8/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 80 -j ACCEPT
-A DOCKER-INSULATION-STAGE-1 -i docker0! -o docker0 -j DOCKER-INSULATION-STAGE-2
-A DOCKER-INSULATION-STAGE-1-i br-931904c155b2! -o br-931904c155b2 -j DOCKER-INSULATION-STAGE-2
-A DOCKER-INSULATION-STAGE-1 -j BACK
-A DOCKER-INSULATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-INSULATION-STAGE-2 -o br-931904c155b2 -j DROP
-A DOCKER-INSULATION-STAGE-2 -j BACK
-A DOCKER-USER -j RETURN
COMMIT
# Ended on Fri Mar 20:37:38 2019

Taken measures:

$ sudo ip route del 0.0.0.0/1 did not have any effect
$ sudo ip route add 0.0.0.0/1 via 192.168.1.1 likewise had no impact

But when I add:

$ sudo ip route add 196.52.0.0/16 via 192.168.1.1

… I can instantly access ssh and other relevant services port forwarded on this server as long as I am in the VPN with this subnet.

I certainly do not want to add static routes for all possible off-network locations that I will use to access this server. So what is the most elegant change to my current routing table, which can allow traffic to be routed via 192.168.1.1 for these? guests?

For reference, the network interfaces are:

$ ip address list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link / loopback 00: 00: 00: 00: 00: 00 breakfast: 00: 00: 00: 00: 00: 00
inet 127.0.0.1/8 host range low
valid_lft forever Preferred_lft forever
inet6 :: scope host 1/128
valid_lft forever Preferred_lft forever
2: enp3s0:  size 1500 qdisc state pfifo_fast group DOWN default qlen 1000
link / ether fc: aa: 14: 2a: 1e: 74 brd ff: ff: ff: ff: ff: ff
3: eno1:  mtu 1500 qdisc status pfifo_fast UP default group qlen 1000
link / ether fc: aa: 14: 2a: 1e: 76 brd ff: ff: ff: ff: ff: ff
inet 192.168.1.208/8 brd 192.255.255.255 global scope eno1
valid_lft forever Preferred_lft forever
inet6 fe80 :: feaa: 14ff: fe2a: 1e76 / 64 link of the litter
valid_lft forever Preferred_lft forever
4: wlp1s0:  mtu 1500 status qdisc noop DOWN default group qlen 1000
link / ether ec: 08: 6b: 13: dd: eb brd ff: ff: ff: ff: ff: ff
5: docker0:  mtu 1500 qdisc noqueue state DOWN default group
link / ether 02: 42: 48: 16: 8e: 35 brd ff: ff: ff: ff: ff: ff
inet 172.17.0.1/16 brd 172.17.255.255 global reach docker0
valid_lft forever Preferred_lft forever
6: br-931904c155b2:  mtu 1500 qdisc noqueue state UP default group
link / ether 02: 42: d0: ff: 7c: cb brd ff: ff: ff: ff: ff: ff
inet 172.18.0.1/16 brd 172.18.255.255 overall scope br-931904c155b2
valid_lft forever Preferred_lft forever
inet6 fe80 :: 42: d0ff: feff: 7ccb / 64 reach link
valid_lft forever Preferred_lft forever
8: veth60c7669 @ if7:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 42: 4f: 8d: 7f: 5a: bd brd ff: ff: ff: ff: ff: ff link-netnsid 6
inet6 fe80 :: 404f: 8dff: fe7f: 5abd / 64 reach link
valid_lft forever Preferred_lft forever
10: veth769643d @ if9:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 1e: 28: ea: 5a: fc: 69 brd ff: ff: ff: ff: ff: ff link-netnsid 1
inet6 fe80 :: 1c28: eaff: fe5a: fc69 / 64 reach link
valid_lft forever Preferred_lft forever
12: vethcc60b5f @ if11:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether d6: fa: aa: e4: df: d9 brd ff: ff: ff: ff: ff: ff link-netnsid 0
inet6 fe80 :: d4fa: aaff: fee4: dfd9 / 64 reach link
valid_lft forever Preferred_lft forever
14: veth820688e @ if13:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 82: bc: 6b: 10: bd: ee brd ff: ff: ff: ff: ff: ff link-netnsid 5
inet6 fe80 :: 80bc: 6bff: fe10: link bdee / 64 scope
valid_lft forever Preferred_lft forever
16: veth9d1e101 @ if15:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether f2: 19: 3c: 01: 9a: 6d brd ff: ff: ff: ff: ff: ff link-netnsid 2
inet6 fe80 :: f019: 3cff: fe01: 9a6d / 64 reach link
valid_lft forever Preferred_lft forever
18: veth811a2bb @ if17:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether a6: 35: 11: 6a: e1: 4th brd ff: ff: ff: ff: ff: ff link-netnsid 3
inet6 fe80 :: a435: 11ff: fe6a: e14e / 64 scope link
valid_lft forever Preferred_lft forever
20: veth346ef03 @ if19:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 96: ec: 41: 3c: 1b: 42 brd ff: ff: ff: ff: ff: ff link-netnsid 4
inet6 fe80 :: 94ec: 41ff: fe3c: 1b42 / 64 reach link
valid_lft forever Preferred_lft forever
21: tun0:  mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link / none
inet 10.1.10.10 peer 10.1.10.9/32 scope global tun0
valid_lft forever Preferred_lft forever
inet6 fe80 :: 96f5: a985: ad81: 4e78 / 64 range link flags 800
valid_lft forever Preferred_lft forever

ENO1 If the physical interface traffic is to be used, the others are virtual loopback / docker (or unused) interfaces.

I've removed unnecessary routes and now have a simplified chart here, so I guess it's just a question of adding back in the right route:

$ sudo ip route
10.1.10.1 via 10.1.10.9 dev tun0
10.1.10.9 dev tun0 proto kernel scope src link 10.1.10.10
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-931904c155b2 kernel reach link proto src 172.18.0.1
172.98.67.82 via 192.168.1.1 dev eno1
192.0.0.0/8 dev eno1 proto kernel link link src 192.168.1.208
192.168.1.0/24 via 192.168.1.1 dev eno1

apache – i have a problem with the service apache2 only working in the same network as kali linux but not working on wan

Battery Exchange Network

The Stack Exchange network includes 174 question and answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

malware – How are victims targeted from external networks (WAN)?

I started to take a closer look at security about a year ago and from all that I've learned so far, I never knew how some victims were targeted by attackers of the external networks, knowing that the victims were behind a router in a private network. and can not be easily reached.

Now, I know that some victims are attacked by email, social media, or different types of malicious content, and then the attacker gets a session by configuring port forwarding on his router, so that the traffic goes directly on his machine and so on. is clear enough for me. However, my question remains: how can anyone attack a particular person from a wide area network (with the exception of sending malicious content to him so he can open it)? Does it hide behind a router / firewall, or is such targeting and attacks taking place?

P.S sorry for my inability to pose perfectly, but hope you understand. Thank you in return!

firewall – How do routers such as Mikrotik determine if the port is a WAN?

Mikrotik RouterOS has the ability to configure firewall rules such as:

etc.

I therefore have some questions:

1) How does it decide that, for example, SFP1 or Ether1 is a WAN and not a LAN?

I found the following link:

https://wiki.mikrotik.com/wiki/Manual:Detect_internet

But I'm not sure how tied he is.

2) If the decision is made based on Internet access, the address assigned by DHCP or something like that, then it's strange from the point of view of security.
So, if someone can turn off the Internet on the other side or cut the wire, does that mean that now, Mikrotik will think that it is a network? local? And all rules based on the local network are broken?

3) If my assumptions are correct and this is a security issue, how can I tell the Mikrotik router manually to consider all ports as WAN ports, with the exception of one or more specific ports?

server – Fix the script / etc / networking / interfaces for 4 networks with 1 bridge, two subnets and a wan interface

I can not make the last network card on my server work properly. I have an HP Proliant Server with 4 NICs currently serving as a home router. Eth0 is my WAN interface, eth1 and eth2 are configured to serve DHCP on two different subnets. Everything is working fine except the last server network card, eth3. I want this to be related to the first subnet on eth1. I've tried many bridging setups but I'm doing something wrong. Here is my interface script found in / etc / networking. Note that this is how it works and that bridging setups have been removed a while ago since I've been researching this for a while. Therefore, eth3 has not been configured yet.

#Loopback lo
auto lo
iface lo inet loopback

#WAN on eth0
auto eth0
iface eth0 inet dhcp

#Subnet 1 on eth1
auto eth1
iface eth1 static inet
address 192.168.1.1
network mask 255.255.255.0
broadcast 192.168.1.255
192.168.1.0 network

#subnet 2 on eth2
auto eth2
iface eth2 static inet
address 10.13.0.1
network mask 255.255.255.240
10.13.0.15 broadcast
10.13.0.0 network

#alias on eth1: 0
self eth1: 0
iface eth1: 0 static inet
address 192.168.1.2
network mask 255.255.255.0
broadcast 192.168.1.255
192.168.1.0 network

The alias is for a web server serving my internal network. There is also a face for Dnsmasq that uses port 53.

Ubuntu Server 18.04 LTS, Netplan is disabled using ifupdown. ISC-DHCP-SERVER serving DHCP.