Grafana is working great when I access it from my internal network http:192.168.1.129:3000, it’s fast and stable, but when I try to access with my domain http://betonext.com.br:3000 is only work out of my network(with my 4G network). I think is a loopback problem, I saw something about the Grana is not listening loopback. Is there a way to solve this problem ?
That hostname resolves to 191.31.160.207 It is exposed to the entire Internet
for anyone to access - is that really what you want?
Tell us how you are translating that address into 192.168.1.129
Also, tell us how many different machines you are working with here:
- is Grafana running on one machine, your router (connecting to the Internet,
and presumably doing the NAT) is a second, and your browser is on a third, or
are two or more of any of those functions running on the same machien as each
other?
I think the word “loopback” in your question is quite misleading, because that
woudl refer to the address 127.0.0.1, which is only accessible from the same
machine, and therefore nothing to do with access from another machine, either
on your local network or across the Internet.
Antony.
When you access your own domain inside your nat isn’t it a loopback ? Thats is my problem, out of my network is fine the ports are open, but inside my not o only access with http//:192.168.1.129.
Thanks for help Antony.
When talking about networking, I would only ever use the word “loopback” to
refer to the interface on every machine, which has the IP address 127.0.0.1
You seem to be asking about connecting from a machine inside your (private)
network to another machine inside the same network, but trying to connect to
it using a public address which exists on the external interface of your
router.
Let me guess what your setup is, and if I’m right, explain what the problem
is.
You are connecting from a machine with a 192.168.1.x address to the public IP
191.31.160.207, and this public IP address is on the external interface of the
router between your network and the Internet.
That router has been configured to translate 191.31.160.207:3000 into the
internal address 192.168.1.129:3000, and therefore it sends the packets from
your machine 192.168.1.x to that internal address, where Grafana is running.
The problem is that Grafana sees the source address of those packets as
192.168.1.x, and the network stack on the Grafana machine realises that this
address is in its own local subnet, so it does not send the reply packets back
to the router which did the original NAT, but instead sends the replies
directly back to 192.168.1.x, from its own address 192.168.1.129.
Your machine 192.168.1.x has then sent a request to 191.31.160.207 and got a
reply from 192.168.1.129.
That doesn’t work. Your machine needs a reply from 191.31.160.207.
Assuming that is an accurate guess at your networking setup, what options do
you have to fix this?
-
Accept that 191.31.160.207 works from the outside but not from the inside,
and you need to use 192.168.1.129 from the inside. The hostname
betonext.com.br will not work from the internal network. -
Configure your router so that it not only translates the destination address
191.31.160.207 into 192.168.1.129 but also changes the source address to its
own address (which I might speculatively guess is 192.168.1.1) so that the
reply packets go back to the router, it can then perform the necessary reverse
NAT, and send the expected packets back to your machine 192.168.1.x from
191.31.160.207. -
Configure a DNS server inside your own network so that it resolves
betonext.com.br to 192.168.1.129 and therefore you can use the same hostname
from both internal and external machines, happy that that name resolves to
different IP addresses in each case, and they both work as required. -
Change the netmask on your Grafana server so that instead of being
255.255.255.0 (again, this is a guess, but I’m pretty certain it’s a good
guess), it is 255.255.255.255. That means it only knows about itself and the
router, so it will not reply directly to 192.168.1.x, and as in option 2,
reply packets will go via the router, which will then do the required reverse
NAT. -
Move your Grafana server to an external machine so that it genuinely has a
public IP address and both you and the rest of the Internet can access it in
the same way. -
Modify the /etc/hosts file on your client machine 192.168.1.x to contain the
mapping betonext.com.br → 192.168.1.129 (this is similar to option 3 but
slightly simpler to implement) so that you can type the hostname into a
browser but it gets converted into a local address instead of doing a DNS
lookup.
However, all of that said, I am going to repeat one of my questions:
The hostname betonext.co.br resolves to 191.31.160.207 Grafana is exposed to
the entire Internet for anyone to access - is that really what you want?
Antony.
1 Like
Thanks Antony now I understand, what you said. The first option is ok for me…Sorry for not answering the quest about expose, but yes, my Grafana is exposed. Is there a problem to use Grafana open to internet ? There is a user and password my measurements are only temps and weather things, in a raspberry that only do this, nothing more. Grafana is a open source project and I hope that’s is secure maybe I’m wrong. Is a bad idea use Grafana like this ? Was not the concept of the project. Sorry, I’am just a newbie in this stuff.
There is no problem in exposing your Grafana server to the Internet so long as
you know that is what you are doing, you trust that you have strong usernames
& passwords, and that any compromise will not result in a leak of sensitive
data.
It sounds as though you are happy with all of these things, so by all means
continue to make this available on a public IP address if that is what you
want to do.
Antony.
This topic was automatically closed after 365 days. New replies are no longer allowed.