I need a socket connection, to receive byte streams, for my app that needs to be accessed from outside. Port Forwarding only redirects HTTP traffics and binding to $OPENSHIFT_PYTHON_IP does not make it publicly available. Is there any workaround?
There is not currently a way to open a raw tcp socket to your gear on OpenShift through it's public ip. You would have to open a port between 15,000 and 20,000 and then use rhc port forward command to access it.
Related
I created a multi-threaded client/server application that can send messages to each other at real time. Everything works perfectly, but I want to be able to send messages over the Internet. From what I understand, I need to do port forwarding to be able to make my server reachable for the clients. I then set up my port forwarding options by providing a port (9991) and then my Macbook Air's IP Address (192.168.0.1).
I then tried to connect to my server using my public server IP (let's say 197.132.20.222) and it didn't work. I then tried to see if the port forwarding worked by using this website: https://www.yougetsignal.com/tools/open-ports/ and I realized that the connection was closed. I also tried the command nc -vz 197.132.20.222 9991 while running my application and the connection is refused.
I'm using a JavaFX application, and for my server side I use a ServerSocket with port 9991. For the client side, I use a Socket and set the IP Address to my public router IP Address, and I tried to connect with another PC using mobile data to use a different network.
My firewall settings are turn off, so I really don't know what is blocking my application to connect to that port. Could it be my ISP is blocking connections? I just don't understand why my ports are blocked even with no firewalls enabled.
Usually a web server is listening to any incoming connection through port 80. So, my question is that shouldn't it be that in general concept of socket programming is that port 80 is for listen for incoming connection. But then after the server accepted the connection, it will use another port e.g port 12345 to communicate with the client. But, when I look into the wireshark, the server is always using port 80 during the communication. I am confused here.
So what if https://www.facebook.com:443, it has hundreds of thousands of connection to the it at a second. Is it possible for a single port to handle such a large amount of traffic?
A particular socket is uniquely identified by a 5-tuple (i.e. a list of 5 particular properties.) Those properties are:
Source IP Address
Destination IP Address
Source Port Number
Destination Port Number
Transport Protocol (usually TCP or UDP)
These parameters must be unique for sockets that are open at the same time. Where you're probably getting confused here is what happens on the client side vs. what happens on the server side in TCP. Regardless of the application protocol in question (HTTP, FTP, SMTP, whatever,) TCP behaves the same way.
When you open a socket on the client side, it will select a random high-number port for the new outgoing connection. This is required, otherwise you would be unable to open two separate sockets on the same computer to the same server. Since it's entirely reasonable to want to do that (and it's very common in the case of web servers, such as having stackoverflow.com open in two separate tabs) and the 5-tuple for each socket must be unique, a random high-number port is used as the source port. However, each of those sockets will connect to port 80 at stackoverflow.com's webserver.
On the server side of things, stackoverflow.com can already distinguish between those two different sockets from your client, again, because they already have different client-side port numbers. When it sees an incoming request packet from your browser, it knows which of the sockets it has open with you to respond to because of the different source port number. Similarly, when it wants to send a response packet to you, it can send it to the correct endpoint on your side by setting the destination port number to the client-side port number it got the request from.
The bottom line is that it's unnecessary for each client connection to have a separate port number on the server's side because the server can already uniquely identify each client connection by its client IP address and client-side port number. This is the way TCP (and UDP) sockets work regardless of application-layer protocol.
shouldn't it be that in general concept of socket programming is that port 80 is for listen for incoming connection. But then after the server accepted the connection, it will use another port e.g port 12345 to communicate with the client.
No.
But, when I look into the wireshark, the server is always using port 80 during the communication.
Yes.
I am confused here.
Only because your 'general concept' isn't correct. An accepted socket uses the same local port as the listening socket.
So what if https://www.facebook.com:443, it has hundreds of thousands of connection to the it at a second. Is it possible for a single port to handle such a large amount of traffic?
A port is only a number. It isn't a physical thing. It isn't handling anything. TCP is identifying connections based on the tuple {source IP, source port, target IP, target port}. There's no problem as long as the entire tuple is unique.
Ports are a virtual concept, not a hardware ressource, it's no harder to handle 10 000 connection on 1 port than 1 connection each on 10 000 port (it's probably much faster even)
Not all servers are web servers listening on port 80, nor do all servers maintain lasting connections. Web servers in particular are stateless.
Your suggestion to open a new port for further communication is exactly what happens when using the FTP protocol, but as you have seen this is not necessary.
Ports are not a physical concept, they exist in a standardised form to allow multiple servers to be reachable on the same host without specialised multiplexing software. Such software does still exist, but for entirely different reasons (see: sshttp). What you see as a response from the server on port 80, the server sees as a reply to you on a not-so-random port the OS assigned your connection.
When a server listening socket accepts a TCP request in the first time ,the function such as Socket java.net.ServerSocket.accept() will return a new communication socket whoes port number is the same as the port from java.net.ServerSocket.ServerSocket(int port).
Here are the screen shots.
I'll be using JavaPNS to implement my server side of things of the push notification service. I don't have control over what ports are open on the server, but assuming that all ports are open for outbound connections, do I have to also open port 2195 for inbound connections? Correct me if I'm wrong, but my understanding of TCP is that when I make the connection with the Apple server, a source port is randomly assigned to any port not being used and when the Apple server responds (the inbound connection), it will come through that source port. So, my theory is that port 2195 does not need to be open for inbound connections. Is that right?
Also, if the response comes through the random port, doesn't that mean that that port needs to be open to inbound connections? How does the firewall manage this since only a few ports will be indefinitely open for inbound connections? Does it leave the random port open only temporarily for this specific request-response session?
You only need port 2195 to be open for outbound connections (and also port 2196 for the Feedback Service).
You don't have to open any port for inbound connections, since Apple doesn't initiate the connection to your server - your server initiates the connection to Apple.
I need to accept only connections from particular client ip address at server side. Should not use acl. With help of socket strict bind at server side can i do?
Example:
client ip address: 1.1.1.1
server ip address: 1.1.1.2
At server side:
1. Open a socket
2. Bind socket with 1.1.1.1(client ip address) with port no.
Will i be allow to do the second step at server side? Any special options are there to do?
Please let me know.
Thanks,
Boobesh
You can only bind the server port to an ip address to specify the interface to use.
For example your server has two network interfaces, one connected to the internet and one to a configuration network. The webserver should maybe only listen on the internet interface and a management tool only listen on the configuration network.
For your purpose you can accept the connection, compare the ip address and if it is not in the list of allowed clients close the connection immediately (or after sending an error message).
The other solution would be to use a firewall that is configured to allow only connections from the specified clients to the server port.
I agree with the friend above, u can only manage the ip and port in you server, but not client. u should compare the coming socket with the one u store in your server.
I have a web server running out of my home. I have assigned it an address such as 192.168.1.123 on port 80.
I understand that this is running on my local network. If I go to another computer on my network and type in the server's ip address, I can see the server.
Is there a way to access this server from outside my LAN?
Yes, you need to set your router to forward connections to port 80 to your internal IP address (192.168.1.123). Look for Port Forwarding on your router admin screen which I would imagine you access by going to http://192.168.1.1
Keep in mind that your ISP may block port 80 completely in which case you can run your web server on a different port (for example por 8180) and have your router forward connections to port 8180 to your internal IP.
To access your server from outside, you just need to point your browser to your external IP address which you can find out by going to http://www.ipchicken.com
Assuming you have a connection to the internet:
https://github.com/progrium/localtunnel
is a quick way to access your local server from the internet. There might be similar implementations in other languages/platforms. This is just the one I know about.
Remember that security issues need to be carefully considered when opening your local network to the world.
If you use a PHP Webserver you can set it this way:
php -S <YourIPAdresse>:<SomePortNumber> <StartPHPpage>
Example: „php -S 192.168.1.123:9000 index.php"