socket communication to private network without port forwarding - sockets

I have an android client which has to communicate through socket to a c# based pc server. The question is, if the pc server is behind a router which somwhow does not seem to support port forwarding through upnp, or even through configuration, it simply cant get connection.
These routers are some kind of free wifi zones prepared for free by some kind of companies, so I can't have any access to it's configs. The upnp or configuring my router both works fine, but I dont really know what to do about these routers.

It's common for a home router to only allow established connections by default. Even with a VPN tunnel or CHAP Callback, you would still need configuration on both ends imho.

Related

Port forwarding raspberry pi port 80 without router access

Is there any way to port forward port 80 to my internal Pi ip address without going into router settings? Since I live on campus i don't really think that it is an option
If your router supports uPnP, you may be able to create a port mapping that way. But that kind of thing is unlikely to work on a properly managed network. Especially not for well-known ports!
UPNP is the only way to do it without accessing the router. You can use a tool like UPNP PortMapper do do this but It will probably not wok on campus wifi.
Port forwarding should be done by the router.
If you cannot access the router configuration and you are on a private network then there is no way to access it from outside except if your raspberry py contact the client in first place.
You might ask a person in charge of the router to do it for you I guess.
It could bring security issues if any devices in the network could have access to port forwarding...

Connecting to TCP server running in a machine connected to private home LAN

I like to connect to a TCP server that run in a machine that is connected to the LAN in my home network. This LAN can be connected to internet via either following methods.
1. Through a router which has a wireless or wired WAN connection
2. Through a router which uses a mobile broadband connection, for example a router that accept a USB modem to connect to internet.
I know in the first case, we can use port forwarding.
In the second case, I believe telcos use PPP protocol and port forwarding does not work.
In addition, even in the first case, if ISP does not give a static IP, then we need to use DNS mapping service to map a fixed URL to the allocated dynamic IP and we need to configure router to go and register the dynamic ip at the start up.
My question is, are there any other better methods that can be used in this situation? I am wondering how chat applications connect to each other? I hope they maintain a TCP connection between two devices, without a central relay server?

Simple TCP communication with a computer behind a router

I'm writing a C# remote control for my media player. It runs on my Android phone.
I have a client app listening for TCP connections on my computer which, one a connection has been established, processes commands (Volume up, volume down, ...). I've tested that part using telnet 127.0.0.1 on my computer, and it works great.
Things are trickier when it comes to connecting from my phone, since it's not on the same network (I don't have Wi-Fi, only wired connections), so I'm not sure how to proceed. Basically I want to connect to a computer that's behind a router.
Should I rather host the TCP server on my phone, and have the PC connect to it? Take IRC as an example: although I'm behind a router, I can connect to servers outside, without port forwarding.
Or if hosting the server on my computer is fine, how do I connect to it?
I don't understand everything to this yet, so feel free to correct me if I got something wrong.
It would be more logical to keep the PC hosting the server, and configure your router to forward connections to your PC. You have two options:
Establish a DMZ: all incoming connections on the router will be forwarded to one PC only. This is easiest when you only have 1 PC on the network that needs to accept connections.
Configure port forwarding: you can instruct the router to forward connections incoming on port X to the IP Y on port Z. This way, multiple PC's can listing for connections (using different ports on the router). It is also a bit more secure.
How to set these up depends on your router, but most routers just accept connections on their port 80 and offer an easy web-interface. If you give your router brand, we can link you to the manual.
Things are trickier when it comes to connecting from my phone, since
it's not on the same network (I don't have Wi-Fi, only wired
connections), so I'm not sure how to proceed. Basically I want to
connect to a computer that's behind a router.
What you want to achieve is possible, but you need to learn about NAT traversal and hole punching.
Most often, devices behind a NAT/Router have a private IP address only valid on the LAN. Remote devices can't guess it. This private address is translated into a public IP address by the NAT when the device wants to communicate with the WAN.
The easy solution is you can give a public IP address to the device behind the NAT. In this case, remote devices on the WAN will easily be able to reach it, because its address is public.

How to set up http server on iPhone behind firewall

I want to develop an iPhone app with a simple IM feature. I am thinking about setting up an HTTP server on an iPhone. If the iPhone is using wifi and is behind a firewall, how can I make sure that other iPhone clients can connect to it?
It's not the firewall that will disturb the connection as much it is the NAT.
When you are connected through wireless router to connect the internet you are surfing via NAT. it means you dont really have an extenral IP but once you initiate connection the router will map your intenral IP to one of his externatl ports and for certain time window he will pass connections to you if he will get it to the right port.
That being said, there is no actual way of setting a server behind a NAT unless you can configure port forwarding in the router and internal static IP.
Hope i was clear enough, good luck
I do not really think that you need to get an HTPP server up and running on iPhone to make an application that can send and receive messages (IM). The idea of making one iPhone user to directly connect to one another does not seem right to me since the users will need to know IP addresses of one another to do that.
Interconnectivity between different users of the chat can be solved by making your application communicate via a dedicated TCP port. It is generally advisable to choose ports with a number higher than 1024 since those below are generally found on the list of so-called well-known ports and are used for Web (like port 80), FTP (port 21), SSH (22), DNS (53), etc., it will be the responsibility of the user to make sure the port used by your application is open on the firewall. In order to solve this problem you can actually use port 80 for communication if you find that the port you have selected is blocked. You can do this because you know that this port will not be blocked in most cases. Indeed Yahoo Messenger is reported to use this technique when the firewall blocks the port it uses for communication.
The port should be used by your application to connect to the Web-server that will actually store user credentials, perform authentication, message transmission, etc., and the server should reside on capable hardware to be able to support large number of simultaneous connections. I can suggest using either a VPS (like the one provided by Linode) or a cloud (like Amazon EC2, Google Application Engine, Rackspace).

connecting to a private ip

I want to connect to a system which is behind a router. I know the public address of the router as well as the private ip (fixed always) of the system. How do i establish socket connection with the private ip?
This is why some people say that they are behind a "firewall", when they are behind a router. The Evil Viruses Of The Internet are not able to exploit any software on a computer behind a router (provided that the router admin didn't configure it in the funny way, for example by enabling DMZ).
You still have some options:
Talk to the router admin and make him forward a port for You
Take the router out and put Your "target" computer where Your router was, or enable DMZ (this only makes sense if there was only one computer behind the router). Warrning: install a firewall on the target computer first!
Turn the socket 180 degrees. Make the computer behind a router establish the connection to the server that has a public IP address
Use something like UPnP, if Your router supports it
Get a dedicated IP address for Your computer and configure router to switch all traffic to this IP address to Your computer (this is similar to DMZ, but would work if You have more than one computer behind the router). Warrning: install a firewall on the target computer first!
Use NAT traversal. There is a very good article on the subject here. Simplified version is that client establishes connection to some remote server. The server can see the opened port number on the client's router and this port is assigned to the client's machine, so it (or some another computer sharing this information) may establish connection to that port and reach the client's application. Warrning: this doesn't work with all routers. Some routers just won't let this happen.
The simplest thing is probably to forward the port from the system you want to connect to through the router.
This is more a question of configuration of the router as opposed to your actual program. If the router isn't configured to forward traffic to the private system, there's no way to force it to connect you - rather, the private system would have to open the connection on its own.
Strictly speaking, the answer to your question is "you can't". You can however enable DNAT (Destination Network Address Translation) on your router. You connect to a certain port on the router, and it forwards the connection to the internal ip. The internal ip (and port) are configured in the router settings and are not known by the connecting client.