I've got two applications, a client and a rest server on two different servers.
The server is in the DMZ, and the client is on a hosted server.
My entreprise IT department wants to have only ontgoing connexions to the hosted server so that the firewall only sees outgoing connections.
They sugsets to have the following architecture :
hosted dmz
Client <---------------> Server
Proxy server Proxy client
1) Proxy server opens a tcp socket
2) Proxy client connects to this tcp socket permanently
3) http requests can be forwarded from client app to rest server app through the tcp connection
Do you know any software that implements such an active proxy mechanism ? (eg apache, nginx...)
Is it more secure that just opening port 80 for the web hosted machine ?
Do you know any software that implements such an active proxy mechanism ?
There are a variety of solutions: from netcat (nc) to socks5. I suggest you to start with netcat, since it is much easier to understand and configure.
Is it more secure that just opening port 80 for the web hosted machine ?
Yes, it is more secure that just forwarding port 80 to DMZ, since you are punching a hole in firewall just for the specific flow.
On the other hand, adding an access list on top of 80 port forwarding should make it even, but there might be other issues, like corporate politics, hardware limitations etc...
Related
Scenario:
I need to have access to a socket server from internet. This server is on a machine that can have a dynamic IP and can be behind router NAT etc and I don't want to configure "port forwarding" dynamic DNS for going out.
My idea is to run socket in a server that client (app) and machine with dynamic IP can connect and the server create data channel from client and master.
Master ----- Socket Mirror with DNS ---- Client (can be more than one)
what is the best way to do this? Backend service like google cloud services? or other ?
The thing you are discussing is about to implement a TCP tunnel, since the question is more general I can't answer with code; I recommend services like ngrok, where it establishes a tunnel between remote server & dynamic IP server, the software is opensource.
NOTE: if you need answer specific to languages search with TCP tunnel.
I have my own web site hosted on a dedicated server. I have 2 IP addresses set up.
One is for my web server and the other is for my web socket.
I did this so that my web socket clients can access my server using port 80.
However, when I run my server application I get the error:
An attempt was made to access a socket in a way forbidden by its access permissions
Now if I switch it to a different port it works (which I have allowed through the firewall). There is nothing entered in the Windows Logs.
I am running as an Administrator. I am using Windows server 2012.
Is there anything I can check?
I checked using netstat etc but this IP address is not being used on port 80 anywhere else
I have 2 IP addresses pointing to my server hosted at FastHosts.
So I have a web site (using IIS)
Originally I had a web socket connection/listener listing on port 8090.
I had created a rule in my firewall settings to allow access to this connection.
Indeed for over a year now I have been using this connection using port 8090.
It occurred to me last week that using a clients PC that they could not access the socket over port 8090. I assumed because of firewall issues.
So, I figured if i switched to port 80 for this socket it will not need an exception to that clients firewall rules.
The trouble is I cannot have a web server listening on port 80 and a web socket so I purchased another IP address from my host and 'added' to my network adapter.
I have made sure nothing else is using port 80 for this new IP address. But I get the access denied
As a test I created a default.html page which said 'hi' all with no issues. I then 'stopped' the web server for that IP address
I plan to set the Secure Gateway Client at DMZ at on-premise environment, so I need to open Outbound ports for SG Client to connect to SG on Bluemix. The following question is similar to my question, but the answer doesn't show the needed ports.
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
The following Bluemix Doc shows Outbound 443 is needed.
https://www.ng.bluemix.net/docs/troubleshoot/SecureGateway/ts_index-gentopic1.html#ts_sg_006
What are the best practices for running the Secure Gateway client?
Before you install the Docker client into your environment, ensure that both the internet and your on-premises assets are accessible and all host names are resolvable by a DNS. The client uses outbound port 443 to connect to the IBM Bluemix environment, normally this port is open since its secure. Ensure you check or modify additional firewall and IP Table rules that might apply.
But, the tcpdump, which I got when I executed "docker run -it ibmcom/secure-gateway-client XXXX", showed that SG Client used Outbound 443 and 9000. Is it collect that all ports SG Client uses are Outbound 443 and 9000 ?
Correct, if you are closing down both outbound and inbound ports using your firewall, then for outbound allow ports 443/9000. So your initial assertion is correct.
I want to use this as a proxy server to connect many different clients with servers. Here is what I'm looking to do:
The server software on a user's computer would connect to a proxy server that is running on a VPS. It would pass in some kind of Key or authentication info to identify itself and then would maintain a persistent TCP connection to the proxy server.
A client application running on a mobile device or other computer would connect to the proxy server and pass in some kind of Key or authentication info. The proxy server would match the connection between the client and server based on their authentication info, and then forward all data back and fourth between the connections.
The proxy server would need to be able to handle multiple clients and servers connecting to it at once and use the authentication info to pair them up. There could be multiple clients connecting to the same server at the same time too. The connection from the client and server would both be outbound so that they are not blocked by firewalls. I wrote the client and server software, so I can make them work with any specific proxy.
What is the name of this kind of proxy server? And can anyone recommend any?
Thanks!
I have to make an app using C/PHP sockets on linux that sends data from one socket to other socket, like this.
I have server (server_hosted) hosted somewhere with an IP or domain name. It is running web application.
I have another server (unknown_server) running at my home (unknown IP).
Client send some information through web application hosted in server_hosted to another server running at my home (unknown IP).
I need a way to established a connection between server_hosted and unknown_server.
I was able to make connection between both using TCP socket. I made server_hosted as server listen to certain port says 8080 and unknown_server as client, which make open connection to server_hosted.
The problem comes when I have multiple unknown_server at my home. How can I made connection to same port? How many client can TCP/IP support?
Any ides how to make tunnel or connection between server_hosted and unknown_server.
Is possible to do with curl or socket any better ideas?