Hi , I Shared my App and it had an IP address 10.1.1

or something like that. I went to my browser and logged in all ok.

Now I went to the public Library and typed in the same address and nothing.

What do I have to do to get my App so others can use it?

I have no experience in these internet things.

Regards

the Address that you are using (10.1.1.1) is an internal address used by your router (probably An Apple Airport or Extreme) and so is only available on your internal network. To publish something externally, you will have to learn a little bit about routers and port forwarding.

Thank you Keith

I thought it would be more involved that the "one click" publishing shown in the tutorial videos

Technically that's not FM's fault though... You can't reduce the complexity of network security, otherwise networks just plain old ain't secure.

If you have a search around the forums you'll find plenty of information relating to port forwarding and setting up IWP for external use.

Thank you, I had just searched for port forwarding

and found your reply. I will get this working today

I hope. I will procrastinate later if I can be bothered

Lol, sorry that note is for me to remind me not to procrastinate like i'm doing now :)

"...otherwise networks just plain old ain't secure"

Actually, port forwarding has nothing to do with network security. It's about being cheap and nasty.

Each ISP has a limited set of IP numbers assigned to them. When you sign up they give you ONE of these precious IP numbers (and that number might even be dynamic and change over time but that's another story). Let's say they give you 138.25.32.19.

When you set up your router at home to share your internet connection with all your computers, printers, home security systems, refrigerators and toasters, the router needs to do some fancy tricks to allow it to happen. Firstly, it creates a whole "fake" internet inside your house. Then it routes (translates) the IP numbers from your fake internet to the one real IP number the ISP gave you, 138.25.32.19, every time one of the devices need to communicate with the real internet. To the real internet you really only have one IP device at your place -- the router.

So how can you set up a web server on one box and a FM Server on another at home and share them with people on the real internet if you only have one real IP address? Port forwarding. You might only have one real IP address, but that address can have many ports associated with it.

You need to set your router up to associate a port on the real internet IP number with an IP number on your fake internet. This requires some self-assembly.

If you set up a web server on port 8080 and a FMP server on port 8888, then for people on the real internet the address of your web server is 138.25.32.19:8080 and the FM server would be 138.25.32.19:8888. People on the real internet then need to specify your real IP number followed by the port number you set up to access that machine on your home network.

So the port forwarding thing isn't about security, it's about overcoming the limitation that your ISP only gives you one real IP number.

Thanks Vaughan,

Do I have to set up my Mac as Appache server to allow IWP?

I only want to see this working on a browser on another computer for testing. Later I will copy my application to a rented server.

The trouble is I an learning OS X, FileMaker, writing an application and publishing it , this week.

Next week I have to work.

"I only want to see this working on a browser on another computer for testing."

So forget about setting up port forwarding, it's only needed of you want to view the iwp from outside your home network.

"Later I will copy my application to a rented server."

It's got to be a server running FM Server Advanced, it cannot go on just any old web server.

Thank's

Oh! not any old server. Well I will try to make my Mac the server, to start with. Will I need to run Appache?

"Will I need to run Appache?"

I dunno, having never used IWP. Just follow the directions, rinse and repeat.

I tried to rinse and repeat but my washer won't go. the refrigerators and toasters have used my ONE and only IP number.

Thank's for your help . I will now finish the App and Publish later.

Actually, port forwarding has nothing to do with network security.

Really Vaughan? That's a bit of a rash statement to make don't you think?

So i take it you have all your ports open with a whole bunch of unsecured applications behind them? Or better yet no applications whatsoever behind them?

You don't run hardware and software firewalls that corporations spend hundreds of thousands of dollars a year on to stop malicious attacks over unsecured ports?

Your not afraid of DOS or DDoS attacks or someone hijacking your PC or streaming fraudulent data to badly written applications?

Port forwarding has EVERYTHING to do with security, it allows you to control the type and source of traffic that is able to flow in and out of your network, where that traffic flows to, and how its communicated to other machines when inside.

If that is indeed your philosophy though, why don't you open a few ports up and tell me your ip? :)

From Wikipedia http://en.wikipedia.org/wiki/Port_forwarding

-- start quote

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router.

...

Traditional port forwarding allows the entire world access to the forwarded port, reducing network security slightly."

-- end quote

Port forwarding is done by routers. On the server you've forwarded to inside the LAN, you'd still only have those ports open you need, and have the rest closed.

The term "reducing network security slightly" refers to the fact that the WHOLE WORLD now has has access to the server port, not just devices from within the LAN. But that's the price of granting access to the outside.

So just wanting to make sure again, you think that a router will protect your network completely?

Again Vaughan, what's your ip eh?

Genx, you miss the point. Port forwarding is about granting access to a server that's inside a LAN to people who are OUTSIDE the LAN.

You wouldn't port forward to a web server hosting the intranet site, because it's solely for internal consumption. But you would port-forward to the server that's hosting the public web site.

Both the intranet and extra-net servers still need to have exactly the same security and firewalls set up on them, because attacks can come from both inside the LAN and outside. (Only there are more people outside the LAN so there is more chance of attack, but that's beside the point really.)

"Again Vaughan, what's your ip eh?"

I'm currently inside a private LAN, so my IP is useless to you: there might be hundreds of computers around the world with the same IP address, because there are hundreds of private LANS sitting behind routers. I have no idea what the real public internet address is: it'd probably map to the organisation's web proxy server anyway.

On the other hand the address I original posted 138.25.32.19 was the IP address of my computer at a University I worked at: it was a *real* IP address, because that university was part of the backbone of AARNET who originally set up the internet in Australia in 1986. There is only one computer on the whole internet with that IP number.

That's the difference: it was on the *real* internet. My current Macintosh is sitting on a fake internet, like the vast majority of internet users.

You're missing the point.

The side effect of having ports open in your environment is that they are hackable and they do have vulnerabilities -- they are as vulnerable as the software sitting behind them.

As for the odd's... dunno, 6 billion people, vs. 20 people at your place. I think there's a larger chance that hackers are going to exist outside of your organization, not in it.

In any case, you said port forwarding had nothing to do with security. Not directly no... but then again what do viruses have to do with Windows? Windows is an OS it exists to run programs, not to be infected with viruses, on that basis it should never get a virus right?

I didn't ask for your private ip, I asked for your external IP, just like the one you'd hand out to people to access your IWP solution.

it'd probably map to the organisation's web proxy server anyway.

Trace route it, you'll find it pretty quick.

Well, according to http://whatismyipaddress.com/ my IP address is 210.193.203.50. Which is weird because my system preferences says it's 192.168.45.131.

So lets say I get that server to forward port 8888 to my computer, where I'm running FM Server (yes I know I need more ports to server FMS). You'd be connecting to 210.193.203.50:8888. Apart from somebody hitting the port serving FM Server mercilessly for giggles, how can you attack any other port on my computer even if they are open? You cannot directly see it because you're direcrtly communicating only with the router, and the router is communicating with me. FM Server sees all traffic as originating from the router.

I think we've both got our hands on the same tiger except you've got its legs and I have its tail. :)

Well, according to http://whatismyipaddress.com/ my IP address is 210.193.203.50. Which is weird because my system preferences says it's 192.168.45.131.

How can that be?

Ip Masking? Zone Alarm does it. Depends on firewall settings I believe.

192.168.45.131 is your internal ip silly.

Vaughn why .45 rather than .0 or .1?

"Vaughn why .45 rather than .0 or .1"

Because it's a large organisation and they have set up subnets, including some in other cities. Subnets help compartmentalise network traffic. Who remembers LocalTalk or "thin" Ethernet?

"192.168.45.131 is your internal ip silly."

Yes I *knew* that, silly. :)

Because you can..

Local networks have the following options:

10.0.0.0 – 10.255.255.255 - gives around 16 million addresses as far as i remember

172.16.0.0 – 172.31.255.255 - around 1 million

192.168.0.0 – 192.168.255.255 - around 65,000.

Yeah was just curious...thats the range we put our printers in :)

Lol, Vaughan, I could be way off here, but you work for the AFC?

Most certainly... did you glean that form the IP number or its DNS name? Can you tell anything else? (hint: they're black and lacy today!)

That youripnumber web site displays a map that was pretty accurateT I'm in Wolloomooloo (gotta love that name) on the south side of the Harbour.

(hint: they're black and lacy today!)

Lol, I am sooooo not going to go there.

... and that's a good place to end the topic for today. :)

Hi My Published site in my broswer is http://10.0.0.1:80/fmi/iwp/res/iwp_home.html

my ip is 121.221.3.87

can you see it in your browser ?

No, you haven't forwarded port 80 correctly - and the address you should be giving us to test is:

http://121.221.3.87/fmi/iwp

http://10.0.0.1:591/fmi/iwp will get my test app in my browser. Using port 591 as found in FM documentation.

do internet people now have to use http://121.221.3.87:591/fmi/iwp.

The only thing I can change in FileMaker is the port number

As far as I know this still does not work.

It is interesting that http://10.0.0.1 would get me the application file page, now it gets me Test Page for Apache installation ?

Apart from somebody hitting the port serving FM Server mercilessly for giggles, how can you attack any other port on my computer even if they are open? You cannot directly see it because you're direcrtly communicating only with the router, and the router is communicating with me.

Vaughan, coming back to that for a moment. Hacking is not about getting directly to your computer, its about infiltrating a network. Hacking is about getting past a router, once you're past the router you can go wherever you want, ports don't matter inside a network, only ip's that uniquely identify each and every machine do. Hitting your computer from outside the network would be like trying to rob a bank from outside a building - probably possible, but not practicle.

As for how you would attack other open ports besides ones you are directly communicating through i.e. the FM ports -- its called port scanning, and if you've got a cheap router, it won't pick up a scanning that can try to communicate with all ports in a matter of a few minutes, otherwise, it takes a few days to do it "under the radar". In either case, its fairly easy to identify insecure ports.

http://10.0.0.1

Because that used to return http://10.0.0.1:80 which would have been the port that filemaker was on which would have automatically redirected you to http://10.0.0.1/fmi/iwp

Now that you've installed apache (a web server) that has a default port of 80 (and rightfully so) it becomes the application located on port 80.

If you are on FileMaker server, then the hosting runs through http://10.0.0.1/fmi/iwp

591 is found in the documentation as it relates to a FileMaker Pro Solution being hosted for some reason I have assumed that you said you were on FileMaker Server, not Pro.

If you are on FileMaker Pro, you do not need any webserver what soever - There is one essentially in built in FM. If you are hosting through FileMaker Server then yes, you will need Apache.

In any case, neither of those two ports are open on the ip you've provided - Note that you may have a dynamic ip meaning that it could have changed since the last time you posted it in which case you have an entirely different issue (go to www.whatismyip.com again, and see if you are getting those same numbers).

I have turned off Apache Server if I don't need it.

http://121.221.3.87:591/fmi/iwp is supposed to be the address. I have just started it and should I be able to see this on my computer or do I have to be outside? I have no Internal network here.

Nah, you still haven't forwarded your port properly - have you been in your router yet?

And to see that address above you have to be outside your network.

No, I assume you mean my BigPond 2Wire Modem 2071a. I did not know that port forwarding was about the Modem so I will try to find out how to do this.

Edited August 9, 200718 yr by Guest

Lol is that USB modem by any chance -- does it look like a router?

Yeh, well in any case, if it is a router, you're gonna have to pull out your instruction manual and do some googling on port forwarding. If its not a router in you have it directly connected to your pc via a usb cable or something, then you probably have a software firewall of some sort that comes packaged with mac looking after your port blocking - in which case i know nothing about mac networking so you should probably google.

I honestly know nothing about Internet and routers modems etc. I do know Java, SQL, MS Access.

It is connected via ethernet cable not usb

Edited August 9, 200718 yr by Guest

Lol, okay seriously. Hunt down the manual - find the version number. Google port forwarding for it.

I have a Residential Gateway

ie

all in one box: wireless, modem, router, VoIP, and firewall.

So I will have to do a lot of google to find the problem

Edited August 9, 200718 yr by Guest

No, just SEARCH PORT FORWARDING ...

Seriously, I can't tell you how to do it with every model - because its specific to every model and brand.

Search: MyModelNumber Port Forwarding

You're not going to get this thing to work by avoiding the issue...

Setting up port forwarding usually involves chatting with the box and changing some settings: these days the routers all have http servers in them and their configs are set through a web browser interface.

Ok I will load cd that came with the gateway/modem/router

and if im not in this forum for several weeks , you will know that I have disconnected myself from the internet by new settings

Here Goes ..... wooooooo

Wow! This is a good little tennis match! In today's day and age, you can say that EVERYthing has to do with security. The intended development of a technology and its current practical uses are two different ball games. I wonder what IPv6 will do to all this. For security reasons, you probably will still have NAT and private IPs and multiple subnets even though technically, each device can have its own static IP- including that filemaker database. But NAT, subnets, etc, are really just ways to expand the scope (and manage traffic) of machines on an network that is finite.

Are signs on the road for safety or instruction?

Hi Genix, can you try this agin please http://121.221.3.87/fmi/iwp

New to IWP and probably an advanced beginner FMPro 8 .... My problem is not dissimilar: I can see FMPro db in browser locally but cannot access from outside. Details: FMPro 8 database running within Windows XP within Parallels on a Mac OSX. Able to view db in a windows or mac broswer on same machine using internal ip. Have used whatismyip to determine a fixed ip. Have tried to access from outside "fixedp"/fmi/iwp/ . Doesn't connect. Using Zone Alarm and have turned it off to attempt access without success. Whatismy ip shows same ip address whether Zone Alarm on or off. Router airport extreme. Help [email protected]

external ip example (not real) 209.175.46.129:591/fmi/iwp/