仅允许使用Express-ip-filter在同一网络上的计算机

Question

So I'm using localtunnel to expose my ports over the internet, but I only want to let devices on the same network as the server access the server.

I'm using express-ip-filter to filter away anything that's on a different network. I tried a few things: first I tried using 192.168.1.0/24 as the only ips that could access the website, but that didn't work, as it didn't let anything in. I then tried using the ip I got from WhatsMyIp, but that wouldn't let any device in. I then found out that express-ip-filter spits out a message saying that a certain ip was not allowed and, on every device, independently on the network it was connected to, the address was 127.0.0.1 . I tried confirming by only allowing 127.0.0.1 , and then every device could access the server. Why would ip-filter only get 127.0.0.1 as ip? Here's my code as a reference:

// Init dependencies 
var express = require('express'),
    ipfilter = require('express-ipfilter').IpFilter

app = express()

// Blacklist the following IPs 
var ips = ['192.168.1.0/24']

// Create the server 
app.use(ipfilter(ips, { mode: "allow" }))
app.get('/', function (req, res) {
    res.send('Hi')
})

app.listen(8080, () => console.log('Up'))

Answer 1

From my limited understanding of localtunnel it seems like it proxies users requests to you via the localtunnel software which causes all users to have the same IP. In laymans terms:

1. User connects to your site through localtunnel
2. localtunnel copies the users request and sends it to your computer
3. Your application receives the request but it looks like all traffic is coming from localtunnel because it's incredibly difficult if not impossible for localtunnel to imitate someone else's IP.

Why use localtunnel at all if you only want devices on the same network to connect, you don't need to do any port forwarding or DNS setup if you just want to access another machine on the same local network.

If you really do need to tunnel connections then there is a solution, not with localtunnel(Which as far as i can tell does not use forwading headers, although if someone knows if they do ill change my answer) but using https://ngrok.com instead which does exactly the same thing but also sends a little extra bit of data in every request which tells the application what the clients actual IP is.

1. Install ngrok
2. Run ngrok http -subdomain=(the subdomain you want) 80

3. Edit your application code to find the real client IP

    var findProxyIP = function(req) { var realIP = req.header('x-forwarded-for'); return realIP; } app.use(ipfilter(ips, { mode: "allow", detectIP: findProxyIP })); 

   ngrok is much more complex and has a lot more features compared to localtunnel, however, it is freemium software and its free plan is quite limiting.