I need to accept only connections from particular client ip address at server side. Should not use acl. With help of socket strict bind at server side can i do?
Example:
client ip address: 1.1.1.1
server ip address: 1.1.1.2
At server side:
1. Open a socket
2. Bind socket with 1.1.1.1(client ip address) with port no.
Will i be allow to do the second step at server side? Any special options are there to do?
Please let me know.
Thanks,
Boobesh
You can only bind the server port to an ip address to specify the interface to use.
For example your server has two network interfaces, one connected to the internet and one to a configuration network. The webserver should maybe only listen on the internet interface and a management tool only listen on the configuration network.
For your purpose you can accept the connection, compare the ip address and if it is not in the list of allowed clients close the connection immediately (or after sending an error message).
The other solution would be to use a firewall that is configured to allow only connections from the specified clients to the server port.
I agree with the friend above, u can only manage the ip and port in you server, but not client. u should compare the coming socket with the one u store in your server.
Related
I read that in the server site – The local (server) socket address is provided by the OS and the remote (client) socket address is the address of the client that makes the connection. The server can find this socket address when a client tries to connect
to the server but in the Client Site – The local (client) socket address is provided by the OS.
What about the remote (server) socket address?
The client does need some way to find the IP address of the server it wants to connect to; the most common way to find the IP address is by starting with a hostname string (e.g. "stackoverflow.com" or whatever) that was either supplied by the user or hard-coded into the program, and using DNS to look up an IP address that corresponds to that hostname string. The usual API for doing a DNS lookup is getaddrinfo(), although older (or lazier) software might call the older gethostbyname() function instead.
Once the client has the IP address of the server it wants to connect to, it also needs to supply a port number; often the port number just a well-known standard port number for a particular type of service (such as 80 for HTTP, or 22 for SSH). If not, then the client will either have to "just know" what port number to use to contact the server, or it will need some other mechanism to figure out which port number to use.
I have set up a client and a server using sockets in python where my client sends data to the server, servers performs an operation, then returns some data to the client. Originally both the client and server were to have the same port number (9999). My issue currently is that I have to change the port of the server to 19999, and when I try to run, it does not work. The client is able to send data if its port is also changed to 19999, but it does not work if client is 9999 and server is 19999, which is what I need. New to networking systems so would appreciate any useful links to information or advice.
pic of client (left) and server (right)
Normally, clients will use an ephemeral port for its local port, and connect to the server port. Your client code is attempting to connect to port 9999, which is not the server port, which explains why it is not working. You need to connect to port 19999, since that is the port the server is listening on.
Using an unbound socket causes the client to choose an ephemeral port for its local address when making a connection. If you want the client to bind to a specific port, use bind before you call connect.
# bind locally to 9999
local_addr = (host, 9999)
s.bind(local_addr)
# connect to 19999
remote_addr = (host, 19999)
s.connect(remote_addr)
For a client socket, I can use bind() to bind it to a specific source Ip address to select a specific interface. Or I can use connect() directly then it will pick the source ip based on routing table.
I wonder can I bind a client socket to an ip not belongs to any interfaces ? E.g.: I have two interfaces:
eth0 : ip0
eth1 : ip1
(1) If I bind the client socket to ip2. Is this feasible ?
(2) If (1) is feasible, assuming client socket sent packets thru eth0. Then I configure the iptables in this client host, to forward all incoming packets to ip0 (eth0). In this case, if there are packets sent back from server side with destination ip address is ip2 (assuming this packet will reach my client host). Will my client socket receive the packet ?
Thanks in advance.
I don't really understand your question, but here goes:
For client sockets, you typically want the the OS and its routing table to pick the best interface for you using any available port. In which case, you bind to INADDR_ANY (0) and port 0. Or don't explicitly call bind at at all. Just call connect() and it will do the right thing.
If you need the client connection to occur through a specific interface, then bind the socket to a specific IP address. And then the OS will attempt to use that interface for the subsequent connect call and all traffic after that.
Attempting to bind the socket to an IP that doesn't belong to a local interface is surely going to result in an error.
Not sure what you mean about the iptables stuff. Sounds dicey.
Please have a look at:
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html#ipfreebind
MAN:
https://man7.org/linux/man-pages/man7/ip.7.html
IP_FREEBIND (since Linux 2.4)
If enabled, this boolean option allows binding to an IP
address that is nonlocal or does not (yet) exist. This
permits listening on a socket, without requiring the
underlying network interface or the specified dynamic IP
address to be up at the time that the application is
trying to bind to it. This option is the per-socket
equivalent of the ip_nonlocal_bind /proc interface
described below.
I don't understand what it means to bind a socket to any address other than 127.0.0.1 (or ::1, etc.).
Am I not -- by definition -- binding the socket to a port on my own machine.. which is localhost?
What sense does it make to bind or listen to another machine or IP address's port?
Conceptually, it just doesn't make sense to me!
(This has proven surprisingly hard to Google... possibly because I'm not Googling the right terms.)
Binding of a socket is done to address and port in order to receive data on this socket (most cases) or to use this address/port as the source of the data when sending data (for example used with data connections in FTP server).
Usually there are several interfaces on a specific machine, i.e. the pseudo-interface loopback where the machine can reach itself, ethernet, WLAN, VPN... . Each of these interfaces can have multiple IP addresses assigned. For example, loopback usually has 127.0.0.1 and with IPv6 also ::1, but you can assign others too. Ethernet or WLAN have the IP addresses on the local network, i.e. 172.16.0.34 or whatever.
If you bind a socket for receiving data to a specific address you can only receive data sent to this specific IP address. For example, if you bind to 127.0.0.1 you will be able to receive data from your own system but not from some other system on the local network, because they cannot send data to your 127.0.0.1: for one any data to 127.0.0.1 will be sent to their own 127.0.0.1 and second your 127.0.0.1 is an address on your internal loopback interface which is not reachable from outside.
You can also bind a socket to a catch-all address like 0.0.0.0 (Ipv4) and :: (Ipv6). In this case it is not bound to a specific IP address but will be able to receive data send to any IP address of the machine.
I am confused about TCP/IP Socket Programming. I know the internet protocols but in theory...
I am explaining my problem (what i need )
I have a server working on X.X.X.X IP Adress. And it always listens to Y PORT.
When i want to connect that server on MY PC, i have no problem because i wrote the ip adress (X.X.X.X) and the port (Y) and my PC connects..
When i connect to server server keeps my ip adress and my local ip adress.. After that connection is end.
Here is my problem starting...
As i sad my server knows my local PC informations. How can i connect to my local PC on server my web server and sent TCP or UDP packets ? I did port forwarding on my modem but i dont want it. When i did port forwarding there is no problem but i dont want it ...
Thanks for replies and sorry for my engislih if i have mistakes .
If a router/NAT sits between your server and an outside client, you MUST use port forwarding on the router. The outside client will NOT be connecting to your server's private LAN IP/Port directly, it will be connecting to the router's public WAN IP/Port instead. So the router needs to know to forward inbound packets to that IP/Port to the server's private LAN IP/Port.
A client running on your local PC is able to connect to the server because they are both on the same LAN side of the router, so the connection is direct and does not go through the router's WAN. That is not the case for clients that are on the WAN side of the router.