0

I am trying to create a Flask app (using Python 2.7) that I can access from across networks, as the title says. I have managed to get the app up and running, and it works successfully all across the Wi-Fi network of my computer where the app is running. I have been accessing it using my internal IP address and port 8000. Whenever I connect from my phone, which is connected to the Wi-Fi, it works. However, when I switch to cellular data and connect from that, it doesn't work, and instead says "took too long to respond". The code for the app itself is as follows:

from flask import Flask, render_template
from GradeScraper import scrapeforgrades
app = Flask(__name__)

@app.route('/')
def home():
    scrapeforgrades()
    return render_template("Grades.html")

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=8000, debug=True)

GradeScraper is just a web scraper I have written, to be called in the app. I don't believe that file is the reason for my problems.

I have also tried connecting to the app from my external IP address, but it says "refused to connect". I went to this StackOverflow page I found, and the answer said something about security settings. I didn't understand at all how to change those. The person who asked the question commented at the end "I played around with security settings and finally got it working" which leads me to the conclusion that I should do the same. Unfortunately, I have no idea how to do that. Could anybody point me in the right direction? I'll provide any and all extra information needed.

Thanks,
Me

dda
  • 6,030
  • 2
  • 25
  • 34
Prem Giridhar
  • 48
  • 2
  • 8
  • 2
    Did you portforward on your router? The post you found is taking about amazon web service, which is not related to your case. Without port forwarding, the public internet cannot access your internal Local Area Network computer's port. – thuyein Dec 22 '17 at 03:31
  • As @ThuYeinTun says, without port forwarding, there's no way you can access your machine from outside your network. You'll have to weak settings on your wifi router. Definitely a hardware question, not coding related. – dda Dec 22 '17 at 03:51
  • 1
    oh, I almost forgot: whatever you do, **do not leave the `debug=True` on when setting up the NAT** that is a major security vulnerability and opens up the opportunity for an attacker to run arbitrary Python code from within your process. – Marco Massenzio Dec 22 '17 at 05:26

1 Answers1

1

For a start probably (hopefully!) your router is blocking all incoming connections; even if it didn't, your computer's "internal IP Address" (the one you connect to via WiFi) is not only unreachable from outside your network, but also unroutable (in other words, your cellular's operator network has no idea how to find it).

You should look for a NAT (network Address translation) function in your router, pick an external port (any port will do - I recommend one above 1024) and map that port to your computer's IP address, port 8000.

IF you don't know what you're doing, that is however A Really Bad Idea - you will be immediately targeted by port scanners looking for vulnerabilities.

To expand on the topic...

your Computer's IP will be something like 192.168.1.101, while your router may be something like 192.168.1.1 - the 192.168/16 space is deemed a "private IP space" and unroutable from the "public IP" space (the one where all external services live - for example, from my location, google.com maps to 172.17.6.46.

Your phone has two radios (and thus, logically, not physically, 2 NICs): the WiFi (which will get an address from the DHCP server in your router: something like 192.168.1.102) and the LTE/4G radio (which will have an IP address of choice from your provider - something like 174.94.66.23, or, possibly, an IPv6): the former can get to your local server, but the latter can't.

Your ISP will have assigned to your router's WAN port one of these "public IPs" form its pool (they usually rotate them, unless you paid for a static IP address) - that one is what you need to find out (http://formyip.com being the easiest way) and then point to it from your phone (or an external computer or whatever).

The matter is complicated and, as mentioned, dangerous for the novice - educate yourself about routing and NAT: just be aware that opening up your network and keeping a server running on the public network is pretty scary stuff these days (I wouldn't do it, and I used to be at Google and I am now with another "large well-known" corporation :)

Alternatively, if your router allows, you could setup an OpenVPN connection: that is more secure, but an altogether other level of complexity.

Hope this helps.

Marco Massenzio
  • 2,822
  • 1
  • 25
  • 37