This is the special page of Agratitudesign Art And Nature Photography and Graphic Design images gallery collection from what I have learned into practice about art and nature of Photography and Graphic Design. This page contains a lot of my still artwork of Photography, Graphic Design, Drawing, and Illustrations which is separated into different categories on tabs. This images gallery collection will show a glimpse of how far and deep of my skill, experience and knowledge in the field of Photography and Graphic Design to inspire or just as comparison with you who already expert in Photography and Graphic Design. Photography and Graphic Design has much relationship one another that could be as complement each other. Having a good knowledge and experience by practicing of Photography and Graphic Design will produce a better masterpiece.
This is the special collection of Agratitudesign Art and Nature Videography and Animation as a medium for my creativity in the field Videography and Graphic motion art or animation. This main page collection contains raw material video or commonly called as footage's, composition video footage's as a clip video of music, and also editorial or documentary video of the event.
Learning Network using Mikrotik with the router OS was very fun. At this moment I would like to write the note about how to remote or access DVR as the camera/CCTV server on our Mikrotik network by creating port forwarding rules on firewall nat of the Mikrotik router OS. Maybe you be like me wanted to be able to see a certain place that you feel important to keep safe in your observation wherever you are. It doesn't look to be such a big deal, your eyesight is in your hands right now on your mobile.
Obviously for the security reasons you need surveillance system at the office or even your home. Installation CCTV (Closed Circuit Television) camera is not difficult matter. I think right now you wanted to buy the camera and hoping to be able to see the place where you think it might be necessary for you. Perhaps you have CCTV installed already, but don’t quite know the CCTV network system. I hope after this you can manage your CCTV network by your self. Lets take a look the schematic picture below!
Based on the schematic picture above, we have the internet connection with static public IP connected to port 1 of wan mikrotik interface named as internet. The internet goes into the router and out to the network through port 4 of local network interface named as localnet-3. Then the Internet connection which is already masquerade by the router will be shared to the local area network using switch/hub. DVR CCTV server as the device client of the local network must be set using static IP, it can be done by setting DVR server lonely like you set the IP the configuration on the PC client that uses static IP. DVR CCTV server usually has the port that you can set manually, or just leave the port number by default manufacture, you just need to know what the port that used to access DVR as CCTV server.
As probably you know, there are two kind of the cameras/CCTV such as Analog Camera which is using coaxial cable, its kind like commonly antenna cable television connected to DVR and IP Camera which is using LAN cable. Surely when you buy the cameras you must know the kind of DVR as the camera server, its using coaxial cable or LAN cable that will connected to. In this implementation I was used Analog Cameras and The DVR. DVR will act as the server of cameras to view and record the showing what the camera captures.
In this case I am not showing you how to setup DVR as the server, its probably a less of my record. But trust me it is easy its depends on the brand of your DVR that you have. If you want to setup the DVR, you can connect the screen, maybe PC monitor must be connected to DVR, you can plug in PC mouse and keyboard if needed, then start on the DVR. DVR will ask you the login password to access DVR menu. The default login may you can find at the body chasing of DVR itself. After you have logged in, you begin to setup DVR configuration, its truly depending on yours. Just for the reference:
IP address (static) : 192.168.3.5
Subnet Mask: 255.255.255.0
Default Gateway (real) : 192.168.3.1
Preferred dns server : 8.8.8.8
Alternate dns server : 8.8.4.4
Subnet Mask: 255.255.255.0
Default Gateway (real) : 192.168.3.1
Preferred dns server : 8.8.8.8
Alternate dns server : 8.8.4.4
Media Port : 34567
Mobile Port: 5000
Mobile Port: 5000
So that is the point of DVR configuration, once again its depending on your network environment that you have. Some of DVR may does not have or provide you Media Port. In this condition you have to access the camera server just from the mobile port by your mobile phone through internet from outside of your network.
As the schematic picture, let's assume:
Mikrotik Router Configuration:
Wan/public Interface : Internet
Public Network : 114.6.112.92/30
Gateway IP : 114.6.112.93
Public IP: 114.6.112.94
Lan/Local Interface : localnet-3
Local Network : 192.168.3.0/24
Gateway IP : 192.168.3.1
Public Network : 114.6.112.92/30
Gateway IP : 114.6.112.93
Public IP: 114.6.112.94
Lan/Local Interface : localnet-3
Local Network : 192.168.3.0/24
Gateway IP : 192.168.3.1
PC Security Monitor:
IP address (dynamic) : 192.168.3.13
Subnet Mask: 255.255.255.0
Default Gateway (real) : 192.168.3.1
Preferred dns server : 8.8.8.8
Alternate dns server : 8.8.4.4
Subnet Mask: 255.255.255.0
Default Gateway (real) : 192.168.3.1
Preferred dns server : 8.8.8.8
Alternate dns server : 8.8.4.4
According to this condition, what would you like to do?
1. Access DVR CCTV Server Displaying the Cameras View from Local Network
Our aim to access DVR CCTV server through local network in the same local port interface of mikrotik router we don’t need to add or create the new rules of the mikrotik configuration that has been run. If your DVR has provided the Camera Client View software, you can install the software on PC client, in this case is PC Security Monitor. But if your DVR doesn’t provide any software, you may need third party software like CMS2000. I believe you just like free software!
The you make the configuration to access DVR CCTV server from local network in the same interface or DHCP server of the router. Create the name of the configuration, login password for DVR that you have setup earlier, insert DVR IP address and media port that’s used to access DVR server. Some people commonly use 34567 | 7000 | 8000 | 9000 as media port DVR. Just my opinion leave the port configuration by default manufacture for not invite any trouble during the setup.
If you have got the problem in accessing DVR CCTV server from local network, it most probably caused by PC client that you have used is in different interface or network/subnet. When you using different interface like this, you may need to setup the bridge on the router, or you just can access from public IP router itself. So to avoid any problem during the configuration, simply just put PC client monitoring in the same interface or network of the router. Another thing that could be the cause is firewall filter rules on the router that may block the connection. DVR server is hang can be the cause of the problem too, try reset the DVR. The last possibility is DVR is broken system, buy the new one, lol!
2. Access DVR CCTV Server Displaying the Cameras View from Internet
This will be the main thing that I want to explain, which is the main goal is how we can access DVR CCTV camera everywhere as long as we have internet connection. This is the way how we can access the cameras through public IP of the Mikrotik as the router of the network where the DVR CCTV is located. Lets assume that we have public IP which is not changed or static 114.6.112.94. So knowing your ISP internet connection IP, you have private Public IP or not.
We should create the new rules port forwarding media and mobile port DVR on firewall nat Mikrotik. The same kind like what I have done as the article Building Web Hosting Server. So have to create two rules port forwarding for each port DVR like below!
/ip firewall nat add action=dst-nat chain=dstnat comment="CCTV Media Port Fowarding" dst-address=114.6.112.94 dst-port=34567 protocol=tcp to-addresses=192.168.3.5 to-ports=34567 add action=dst-nat chain=dstnat comment="CCTV Mobile Port Fowarding" dst-address=114.6.112.94 dst-port=5000 protocol=tcp to-addresses=192.168.3.5 to-ports=5000
Simply I just can say, we do CCTV media port forwarding to public IP media port will be forwarding to DVR IP media port that just using TCP protocol. This will allow you in order to access DVR CCTV server through public IP using PC or laptop with camera client view software like CMS2000.
On the other part, we also add the rule for CCTV mobile port forwarding, that will allow you to access DVR CCTV server using mobile device with any mobile application like HDIVS. HDIVS is available on android and iOS of your mobile phone.
We have done in adding the rules port forwarding on mikrotik firewall nat, next we ready to install camera client view software on PC/laptop (CMS2000) and camera client view app on mobile device(HDIVS). Just like what we have been done like we setup Local Access DVR CCTV Server Displaying the Cameras View from Local Network, but now we are going to use the Public IP on the configuration as shown like the picture below!
The picture above is how we configure the camera client view software in this case CMS2000 on the laptop to access the camera from public IP DVR Server. It assumes you have private public IP from your ISP on DVR CCTV server.
In the most cases you gonna need to access the camera just wherever you want. For this kind purposes you have to setup camera client app on your mobile device that has connection to the internet. The picture below is how you can configure HDIVS app on your mobile device!
If you have found any problem in accessing DVR CCTV Server Displaying the Cameras View remotely through internet or public IP. Try to cross check you have the right way in creating the new rules port forwarding media and mobile port DVR on firewall nat Mikrotik about public IP of DVR server side. Make sure access media and mobile port has been opened. Go to yougetsignal.com type your public IP with media and mobile port that should be opened, like the picture below!
It’s impossible to access the camera remotely through internet since you have found the port is still closed. Try to check the firewall rules and make sure there’s no rule has block the port access. In most cases try to reboot the DVR CCTV Camera Server.
So that’s the concept how we can access DVR CCTV Camera Server from local network and remotely through public IP. Perhaps some of you have wondering how about if we have just dynamic public IP on the camera server. It can be solve by accessing from ddns domain name.
Please read how setup noIP on the article Build Web Hosting Server by self Using Dynamic IP. After you have domain name on noip.com and related to your dynamic public IP, you must keep it in up to date by using Script Automatic Update Dynamic IP into the router like the script below!
/system script add name=no-ip_ddns_update policy=read,write,test source={ :local noipuser "your_user_login_noIP" :local noippass "your_password_login_noIP" :local noiphost "yourdomain.ddns.net" :local inetinterface "your_wan_interface_router" :global previousIP :if ([/interface get $inetinterface value-name=running]) do={ :log info "Fetching current IP" /tool fetch url="https://www.trackip.net/ip" mode=http dst-path=mypublicip.txt :local currentIP [/file get mypublicip.txt contents] :log info "Fetched current IP as $currentIP" :for i from=( [:len $currentIP] - 1) to=0 do={ :if ( [:pick $currentIP $i] = "/") do={ :set currentIP [:pick $currentIP 0 $i] } } :if ($currentIP != $previousIP) do={ :log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed" :set previousIP $currentIP :local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$currentIP" :local noiphostarray :set noiphostarray [:toarray $noiphost] :foreach host in=$noiphostarray do={ :log info "No-IP: Sending update for $host" /tool fetch url=($url . "&hostname=$host") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt") :log info "No-IP: Host $host updated on No-IP with IP $currentIP" } } else={ :log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed" } } else={ :log info "No-IP: $inetinterface is not currently running, so therefore will not update." } }
/system scheduler add interval=2m name=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test comment="Update No-IP DDNS" disabled=no
By using Script Automatic Update Dynamic IP, the router will working in updating your Dynamic IP still related to ddns domain noip in order to access the camera. In this condition we do a little bit changed for the rules port forwarding DVR CCTV Camera Server that is no longer using public IP, otherwise it must be refer to wan interface router like the rules below!
/ip firewall nat add action=dst-nat chain=dstnat comment="CCTV Media Port Fowarding" in-interface= your_wan_interface_router dst-port=34567 protocol=tcp to-addresses=192.168.3.5 to-ports=34567 add action=dst-nat chain=dstnat comment="CCTV Mobile Port Fowarding" in-interface= your_wan_interface_router dst-port=5000 protocol=tcp to-addresses=192.168.3.5 to-ports=5000
That’s all about the accessing DVR CCTV Camera Server on our Mikrotik network, for more clearly, you may need watching the video, have a good day!
Netcut is the software that has an ability to control the internet connection in the same network interface of the router. By scanning IP address to all the device that connected with the same network. Netcut can be used to get and take over the network client devices and can do anything with the internet connection for all devices as the network clients. Netcut is used by someone inside the local network as part of our network clients. It most probably used on wifi connection after the client is login.
There are some kind Netcut software out of there. But one of the most powerful netcut software which is has very complete ability as I have found so far is P2pover. First I know P2pover is used by my client that want to cut another network clients for the internet connection. Hoping to get faster internet connection of other clients. I was very surprised this kind netcut, because it is really work, this software can be used to manage our bandwidth clients like an admin of the network. P2pover can cut or drop, limit, filter and others inside our network. As an admin, it might be an alternative way to manage the internet usage by the clients. But if the client is used, it could be a big problem. One client that uses this kind netcut software will tend to do a bed thing to another clients for their personal reasons.
As the picture above the client that used P2pover which is without any login the software, it will able to scan all the clients IP in the same network. After that can be create or define the rules to limit the internet speed like we are doing as an admin on mikrotik. It is possible until kill or cut the internet connection to another clients until out of the network. If more than one client do like this, you can imagine what would happen with our network services. We as the admin or IT network just receive much complain that will be angry with a this chaos, and most probably one of them will be gone. This would be a terrible threat, does it not? You are in the same boat, we must dealt with some kind the netcut software, so that no netcut anymore between our network clients and the mikrotik.
In order to prevent from netcut attack on mikrotik network, there a few method to do so. Some tutorial may advice such as creating any rules to block netcut on firewall filter mikrotik. Prevent the clients creating static IP by themselves so that the IP address that used by any clients just come from dhcp server on mikrotik, like the picture below!
For such kind netcut software like P2pover, none of those method that I mention above during my experiment to block P2pover, it won't work perfectly. It looks like need another way that can strictly and powerful to block P2pover on our mikrotik network. Especially for you that is using wireless interface of mikrotik you must isolate communication between the clients by disable default forward so the clients can not communicate each other. The same thing if you have use wireless router like TP-link try to enable AP isolation.
This is one of the most powerful way in order to stop at all the netcut and protect the clients on our mikrotik network. This is the smart method by using trick to hide the real IP gateway from netcut, so that the netcut will never know the access gateway for the interfaces that we have used on mikrotik router. Ok I assumes that you have used 4 local network interfaces and 1 public interface as reflected by the rules below!
Configuration Before Block Netcut is Implemented on Mikrotik
/ip address
add address=192.168.1.2/24 interface=internet network=192.168.1.0
add address=192.168.2.1/24 interface=localnet-1 network=192.168.2.0
add address=192.168.3.1/24 interface=localnet-2 network=192.168.3.0
add address=192.168.4.1/24 interface=localnet-3 network=192.168.4.0
add address=192.168.5.1/24 interface=localnet-4 network=192.168.5.0
add address=192.168.1.2/24 interface=internet network=192.168.1.0
add address=192.168.2.1/24 interface=localnet-1 network=192.168.2.0
add address=192.168.3.1/24 interface=localnet-2 network=192.168.3.0
add address=192.168.4.1/24 interface=localnet-3 network=192.168.4.0
add address=192.168.5.1/24 interface=localnet-4 network=192.168.5.0
And dhcp server network would be like this rules:
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.4.1
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.5.1
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.4.1
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.5.1
We are going to hide the real IP gateway that used by every local network of the router interfaces. This method has found by someone from many many experiment. It looks like little funny by using fake IP gateway on dhcp server network such as:
dhcp gateway IP for localnet-1 : 1.1.1.1
dhcp gateway IP for localnet-2 : 2.2.2.2
dhcp gateway IP for localnet-3 : 3.3.3.3
dhcp gateway IP for localnet-4 : 4.4.4.4
Change the gateway IP of dhcp server network for each interfaces that you want to protect our network clients against netcut or remove dhcp server network rules and insert the new rules for dhcp server network like this:
Configuration After Block Netcut is Implemented on Mikrotik
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=1.1.1.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=2.2.2.2
add address=192.168.4.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=3.3.3.3
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=4.4.4.4
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=1.1.1.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=2.2.2.2
add address=192.168.4.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=3.3.3.3
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=4.4.4.4
So the result of dhcp server network after changing would be like this!
In order to make this gateway IP work, we need to add the new rules of network IP address for each interfaces. The rules that we need to add would be like this!
/ip address
add address=1.1.1.1/24 interface=localnet-1 network=1.1.1.0
add address=2.2.2.2/24 interface=localnet-2 network=2.2.2.0
add address=3.3.3.3/24 interface=localnet-3 network=3.3.3.0
add address=4.4.4.4/24 interface=localnet-4 network=4.4.4.0
add address=1.1.1.1/24 interface=localnet-1 network=1.1.1.0
add address=2.2.2.2/24 interface=localnet-2 network=2.2.2.0
add address=3.3.3.3/24 interface=localnet-3 network=3.3.3.0
add address=4.4.4.4/24 interface=localnet-4 network=4.4.4.0
It looks like little bit funny or non theoretical, but its really realy work, it will not effect anything with the internet connection for all the network clients. It just hide the real gateway IP and make the netcut software stuck will never know the right gateway IP for every network router interfaces. Finally no netcut anymore between mikrotik and network client.
My notice here if sometime you want to use external wifi router to interface that have been setup to be anti netcut, you should not use automatic configuration on external wifi router. But you have to setup manually of wan interface gateway that must be using the real gateway IP from the mikrotik router interfaces. That’s all about the smart and powerful way to stop netcut on mikrotik, give a try! and for more clearly lets watch the video! See you!
On this occasion, I’d like to explain how to build web hosting server as our own, at our home on our PC. This is Part II of Building Web Hosting Server but now we are using double or multiple router port forwarding technique using Mikrotik as the router of local network. The script automatic update dynamic public IP that most probably we have to the No-IP sub domain. The script will run automatically by system scheduler, and check our current public IP every time its changed the script will send the current IP to the noip.com server, and noip.com will know that the sub domain that we have should be updated to the current IP, and finally your sub domain still keep represent as your current public IP. So we don’t need “Dynamic Update Client” app of noip.com because this job will be handle by the script that will run on mikrotik, without burdening the web hosting server with the application.
Perhaps amongst of you will ask, why we need to use double router or multiple router ? so the reason is depending on your needs. Personally for me as you can see like the picture above ZTE Optical Router by ISP I have limited to manage everything to my network clients. Other than me as just the user of the ISP router that have limited to manage the router, Mikrotik is the programable router, I can manage my Bandwidth of my web hosting server amongst of other network clients as I see fit. I don’t want my web hosting server lack of bandwidth because of the internet purpose of other Pc clients on my local network.
1. The First Router Port Forwarding for TCP and UDP Protocol
In this case I am using ZTE Optical Router from ISP, I still have the access to the router as user login. I can setup port forwarding configuration of the public IP router ISP that is using port:80 to the Public IP wan interface my Mikrotik router that is using the some port:80. As you can see as the above schematic picture, dynamic public IP 36.85.254.229:80 will be forwarding to private public IP Mikrotik 192.168.1.2:80 that is using TCP and UDP protocol.
Try to find port forwarding feature if your ISP is not using ZTE optical router, it should be any on many kind of the router. But if you have Mikrotik as the first router, you can add the rules on firewall NAT like this! Please change public interface name and public/wan IP that will be the second router!
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=tcp to-addresses=192.168.1.2 to-ports=80 comment="TCP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=udp to-addresses=192.168.1.2 to-ports=80 comment="UDP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=tcp to-addresses=192.168.1.2 to-ports=80 comment="TCP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=udp to-addresses=192.168.1.2 to-ports=80 comment="UDP port forwarding"
It means the incoming connection that comes from public IP that is using port 80 will be forwarding to private public IP of the public/wan interface of the second router.
2. The Second Router Port Forwarding for TCP and UDP Protocol
Next we have plan to put our web hosting server as the PC client of local network of Mikrotik as the second router. We need to setup the second router port forwarding that will fowarding connection from public/wan IP on the second router Mikrotik that is using port 80 to the IP web hosting server as the client of local network second router mikrotik that is using port 8080. So we need add 2 rules on firewall NAT of the second router mikrotik like this!
/ip firewall nat
add chain=dstnat dst-address=192.168.1.2 action=dst-nat protocol=tcp to-addresses=192.168.2.254 to-ports=8080 comment="port forwarding router IP to the client"
add chain=dstnat dst-address=192.168.1.2 action=dst-nat protocol=udp to-addresses=192.168.2.254 to-ports=8080
add chain=dstnat dst-address=192.168.1.2 action=dst-nat protocol=tcp to-addresses=192.168.2.254 to-ports=8080 comment="port forwarding router IP to the client"
add chain=dstnat dst-address=192.168.1.2 action=dst-nat protocol=udp to-addresses=192.168.2.254 to-ports=8080
At this time we have done to setup double router port forwarding on the two router. The condition now is if any incoming connection that comes from public IP on the first router that is using port 80 will be forwarding to the IP of web hosting server by double router port forwarding.
3. Adjustment Server Configuration on Local Network As Web Hosting Server
If you follow the previous article, its nothing different then what we have done to Build Web Hosting Server that used Single Router. Just make sure, the IP address of web hosting server should be set 192.168.2.254 as the static IP on the ethernet adapter configuration of LAN related to the second port forwarding. The windows firewall should not block wamp server as the web server application, and create the rules that allow TCP and UDP Port 8080. On Apache httpd.conf of wamp server
httpd.conf : C:\wamp64\bin\apache\apache2.4.23\conf
Find the text with “Listen” and change
Listen 0.0.0.0:80 -> Listen 0.0.0.0:8080
Listen [::0]:80 -> Listen [::0]:8080
Listen [::0]:80 -> Listen [::0]:8080
Find the text with “ServerName” and change
ServerName localhost:80 -> ServerName 192.168.2.254:80
Find the text with “onlineoffline” and change
Require local -> Require all granted
Find the text with “onlineoffline” and change
Require local -> Require all granted
Optional:
DocumentRoot "${INSTALL_DIR}/www/agratitudesign"
<Directory "${INSTALL_DIR}/www/agratitudesign/">
<Directory "${INSTALL_DIR}/www/agratitudesign/">
phpmyadmin.conf : “C:\wamp64\alias”
Require local -> Require all granted
4. Script for Automatic Update Dynamic Public IP to No-IP Domain on Mikrotik.
The second router Mikrotik as the programmable router that allow us to do the job like Dynamic Update Client to keep update your sub domain noip.com related to the dynamic Public IP ISP that would be changed at anytime. The System Script for Automatic Update Dynamic Public IP to No-IP will be join with system scheduler.
/system script
add name=no-ip_ddns_update policy=read,write,test source={
:local noipuser "agratitudesign"
:local noippass "Password"
:local noiphost "agratitudesign.sytes.net,agratitudesign.ddns.net"
:local inetinterface "internet"
:global previousIP
:if ([/interface get $inetinterface value-name=running]) do={
:log info "Fetching current IP"
/tool fetch url="https://www.trackip.net/ip" mode=http dst-path=mypublicip.txt
:local currentIP [/file get mypublicip.txt contents]
:log info "Fetched current IP as $currentIP"
:for i from=( [:len $currentIP] - 1) to=0 do={
:if ( [:pick $currentIP $i] = "/") do={
:set currentIP [:pick $currentIP 0 $i]
}
}
:if ($currentIP != $previousIP) do={
:log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed"
:set previousIP $currentIP
:local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$currentIP"
:local noiphostarray
:set noiphostarray [:toarray $noiphost]
:foreach host in=$noiphostarray do={
:log info "No-IP: Sending update for $host"
/tool fetch url=($url . "&hostname=$host") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
:log info "No-IP: Host $host updated on No-IP with IP $currentIP"
}
} else={
:log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed"
}
} else={
:log info "No-IP: $inetinterface is not currently running, so therefore will not update."
}
}
add name=no-ip_ddns_update policy=read,write,test source={
:local noipuser "agratitudesign"
:local noippass "Password"
:local noiphost "agratitudesign.sytes.net,agratitudesign.ddns.net"
:local inetinterface "internet"
:global previousIP
:if ([/interface get $inetinterface value-name=running]) do={
:log info "Fetching current IP"
/tool fetch url="https://www.trackip.net/ip" mode=http dst-path=mypublicip.txt
:local currentIP [/file get mypublicip.txt contents]
:log info "Fetched current IP as $currentIP"
:for i from=( [:len $currentIP] - 1) to=0 do={
:if ( [:pick $currentIP $i] = "/") do={
:set currentIP [:pick $currentIP 0 $i]
}
}
:if ($currentIP != $previousIP) do={
:log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed"
:set previousIP $currentIP
:local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$currentIP"
:local noiphostarray
:set noiphostarray [:toarray $noiphost]
:foreach host in=$noiphostarray do={
:log info "No-IP: Sending update for $host"
/tool fetch url=($url . "&hostname=$host") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
:log info "No-IP: Host $host updated on No-IP with IP $currentIP"
}
} else={
:log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed"
}
} else={
:log info "No-IP: $inetinterface is not currently running, so therefore will not update."
}
}
/system scheduler
add interval=5m name=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test comment="Update No-IP DDNS" disabled=no
add interval=5m name=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test comment="Update No-IP DDNS" disabled=no
Insert the script above to the new terminal winbox! the system script and scheduler should be set with policy=read,write,test. Change on the script that I have marked as red color, depending on your noip.com account and the public interface name on your mikrotik router as the second router. The system schedule will run every 5 menit as the interval that we set to execute the related system script. Then the system script will watch your current public IP, if it is changed from the previous public IP, the script will send the request to your noip.com account to update the related IP for sub domain that we have setup. But if the current public IP is not changed is nothing to send request to noip.com server.
Actually build web hosting server, its not such a big deal. It doesn’t matter, perhaps you need triple or multiple router port forwarding. We just only understand the principle Port forwarding techniques and how to make the firewall is not blocking the port forwarding process running on the server. That’s it… let’s see the video for more clearly, good job!
At this moment I am going continue my experiment in order to build Web Hosting Server as my own self on my personal computer (PC). Web Hosting Server that I am going to build is on our PC server which is one of my PC client on my network that is using just one router port forwarding at this time. Here The equipment environment that I used:
a. Wamp Server : Windows Web development environment with 3 packages in one, that is Apache, MySQL, PHP. Wamp Server itself require its dependency that is The Visual C++ Redistributable Packages that must be installed before you install wamp server to make it run on windows.
b. Network Router : It is depending on your network environment of the internet connection that you have use from your ISP (Internet Service Provider). In this case the ISP using their router to provide internet connection that is ZTE optical router. But it doesn’t matter If you use Mikrotik that directly connected to Public IP of internet.
c. No-IP Account: This is for you who no have IP from ISP. No-IP means that you have no private or static public IP. Of course you have public IP but always changed at anytime. Using noip.com will make it possible to create any domain still keep related to your dynamic Public IP.
d. Website Project Files: the files of your website that you have build and need to launch so that you can access the website from outside using internet. In this case I have use wordpress for the complete example the website that using PHP and database Mysql to test Web Hosting Server that we are going to make it.
Before we begin lets take a look the image schema above! I am using the ISP router directly connected to the switch/hub before connected to the local network PC clients. The Web Hosting Server as the PC client can be connected directly to the router or use switch/hub in between if you more than one PC clients. The Web Hosting Server get the IP from ZTE Optical Router with dhcp server inside the router system by ISP. After thay we need to set the IP of Web Hosting Server to be static. We can setup or define the static IP through windows ethernet adapter.
As you can see, the Web Hosting Server as of the client local network already set to be static IP 192.168.1.9 and use the IP gateway 192.168.1.1 of the local network of the router, in this case ZTE Optical router. After that we need to setup port forwarding from the router in order to access the Web Hosting Server through public IP of our internet connection.
Ok lets begin step by step in detail how to build Web Hosting Server for Dynamic Public IP using single router. If you have different kind of the router by your ISP, try to find the port forwarding feature that allow you to setup port forwarding!
1. Get Free Sub Domain noip.com as the Domain Name your Public IP
If you have no the account yet, let you register first to make your account on noip.com, then define any sub domain that you will use as the domain name of website project that you want to launch as live web server.
Noip.com has nice domain name, its easy to remember. But as free user we have limited to create the sub domain on it, and has expiration date. But we still have chance to update the sub domain that we have created every month. If you have more funds you can upgrade to be premium user of the noip.com account.
As you can see, the sub domain is related to the IP target that is our current Public IP right the way. But how about when the public IP has changed. Noip.com has provide the app that you must be install on one of PC clients as the client of the local internet network that still using the same Public IP.
You can download Dynamic Update Client app from the site and install it to PC client on the local network. Using this app will keep the sub domain that we have just created still related to our dynamic Public IP. Every time our Public IP is changed, this app will get our current IP and send the request to noip.com to update the sub domain IP from the previous IP to current IP of our public IP. Please keep this app running as the background.
2. Setup Router Port Forwarding Public IP to the Web Hosting Server
Don’t worry If you have another kind of the router, try to find where the port forwarding feature is. The principle is you setup port forwarding for TCP and UDP protocol of public interface router on port 80 to the IP local network client as the web hosting server on port 8080. We can not using port 80 of the web hosting server, cause most probably port 80 on it is busy.
ZTE router is such kind of the instant or simple router. As you can see, how easy to setup port forwarding on it. But for you Mikrotik lover, perhaps ask to me, why not using Mikrotik. Ok assuming you have use Mikrotik as your router and connected directly to the external/public IP. Or maybe your ISP use mikrotik router to provide their internet connection to you. So this is single mikrotik router port forwarding rules that you must add to the nat firewall as follow:
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=tcp to-addresses=192.168.1.9 to-ports=8080 comment="TCP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=udp to-addresses=192.168.1.9 to-ports=8080 comment="UDP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=tcp to-addresses=192.168.1.9 to-ports=8080 comment="TCP port forwarding"
add action=dst-nat chain=dstnat in-interface=internet dst-port=80 protocol=udp to-addresses=192.168.1.9 to-ports=8080 comment="UDP port forwarding"
We require two rules on firewall nat, change in-interface name, it depends on public interface name on your mikrotik configuration. So that we also create port forwarding for TCP and UDP protocol.
3. Installing Wamp Server According to Public IP and Port Forwarding
The process for the Installation of Wamp Server on windows its not such a big deal that I should be explain explicitly. Just go immediately to http://www.wampserver.com/en/, then you can download Wamp Server for the latest version that now is including with php 7.0.10. Don’t forget before install Wamp Server, you must be install its dependency Visual Studio 2012 : VC 11 vcredist_x64/86.exe.
After this you can install Wamp Server itself, before finish the installation, I suppose you to allow Apache http server of Wamp Server running on private and public network on the app windows firewall. Remember we have plan to access Wamp Server as Web Hosting Server through public IP or external IP. So we don’t want app windows firewall blocked Wamp Server.
4. Adjust Wamp Server Configuration and Windows Firewall Rules
We have done to create port forwarding rules on the router, but our job is not finish yet, still need to Add Windows Firewall rules for TCP and UDP port on windows firewall with advanced security and adjust Wamp Server Configuration.
Adjustment Windows Firewall:
It is the very common way but its required. Most probably we fail in building web hosting server because of it, so that we need to add 2 rules to the port 8080 for each TCP and UDP protocols on windows firewall with advanced security like the picture below!
And don't forget to make sure that Wamp Server is allowed to communicate through windows firewall as private and public on app windows firewall like the picture below!
Adjustment Wamp Server Configuration:
Adjustment Windows Firewall:
It is the very common way but its required. Most probably we fail in building web hosting server because of it, so that we need to add 2 rules to the port 8080 for each TCP and UDP protocols on windows firewall with advanced security like the picture below!
And don't forget to make sure that Wamp Server is allowed to communicate through windows firewall as private and public on app windows firewall like the picture below!
Adjustment Wamp Server Configuration:
Before we adjust Wamp Server Configuration, let you check everything is working properly. Run Wamp Server App and make sure Wamp Server System Tray Icon should be green.
Type localhost, 127.0.0.1, and The IP address 192.168.1.9 as you set as static IP for the server, all should be able to access from your browser to open Wamp Server.
After that you begin to find httpd.conf of Apache configuration file on Wamp Server installation directory. It is according to the place where you put the Wamp Server installation files on your PC. “C:\wamp64\bin\apache\apache2.4.23\conf”. Open httpd.conf with your favorite editor then
Listen 0.0.0.0:80 -> Listen 0.0.0.0:8080
Listen [::0]:80 -> Listen [::0]:8080
Find the text with “ServerName” and change
ServerName localhost:80 -> ServerName 192.168.1.9:80
Listen [::0]:80 -> Listen [::0]:8080
Find the text with “ServerName” and change
ServerName localhost:80 -> ServerName 192.168.1.9:80
Find the text with “onlineoffline” and change
Require local -> Require all granted
For phpmyadmin of Web Server in order to access it through public IP, find phpmyadmin.conf on Wamp Server installation directory “C:\wamp64\alias”. Open phpmyadmin.conf and change
Require local -> Require all granted
This is just an option, in order to access the web project directly rather then access directory root www just by typing public IP or domain name. We need to set DocumentRoot and Directory, still on httpd.conf like this:
DocumentRoot "${INSTALL_DIR}/www/agratitudesign"
<Directory "${INSTALL_DIR}/www/agratitudesign/">
<Directory "${INSTALL_DIR}/www/agratitudesign/">
"agratitudesign" is a directory name of the web project files
You have done to adjust Wamp Server Configuration according to router port forwarding. Then you need to restart all the wamp server services, you can do it from Wamp Server System Tray Icon. Everything should be working properly. At this you can access Wamp Server through public IP or your sub domain that you have created on noip.com.
4. Adjust Wordpress Sites from Localhost to Live Web Hosting Server
In this case I am using Wordpress CMS as the example of the Website Project that uses database to work with. Its so many tutorial about how to install wordpress, here I just explain how to adjust Wordpress Website from local configuration to the live web hosting server configuration. Our aim is to test the Web Hosting Server that we have just created.
Ok assuming that you have build Website Wordpress Project to the directory “www” as default document root of Wamp Server. In this example is agratitudesign directory, and I have been move the document root to this directory itself. So that we can access agratitudesign web project just by typing the subdomain of noip.com, that is agratitudesign.sytes.net or agratitudesign.ddns.net. If you don’t how to install wordpress please watching the video of this tutorial for more details.
The most important that I have to tell you, consider that our Wamp Server its not localhost that only can be access from you’re the PC server, but now is the live server that can be access anywhere as long as connected to the internet. Usually we leave “localhost/phpmyadmin” with user root with no password. Imagine that someone type “yoursubdomain/phpmyadmin” they can access the website database with the common login like this. So we are going to create a new login for phpmyadmin of Wamp Server
Create a new user login for phpmyadmin don’t forget activate all global privileges for the user login, after that you can remove the root login, because almost everyone already knows as the default user login for phpmyadmin on windows.
So when we build website wordpress project, we have database name of the site, user login for the database, user login for admin backend for that wordpress site. As usually we do, when we move wordpress project from local to the live web hosting server, we need to adjust wp-config file of wordpress site files
After that we login to the database of this wordpress site, by typing “subdomain/phpmyadmin” with the new login that we have just created. Open the database of the wordpress site and find “wp_options” table and change siteurl and home from localhost to subdomain that we have. Lets see the picture below!
Most probably wordpress website was using hyperlink refers to localhost but now we must change ro subdomain. It would be very painful to do manually one by one to check the database tables. Go to the related database and on SQL tab we insert sql query as follow
UPDATE wp_posts SET post_content = REPLACE(post_content, 'localhost/agratitudesign', 'agratitudesign.sytes.net');
The last is go to wp-admin of the backend wordpress website then select setting > permalinks and update the permalink on the backend.
Well done we have successful to build web hosting server by own self on our local network using dynamic public IP and single router. I have already test the subdomain access, admin backend of wordpess site, the database. Everything is working good, and finally Web Hosting Server is own hands. For more clearly lets watch the video, see you!