I have begun my first course on networking this semester.
My problem is that whenever I try to connect my socket to a host outside my LAN,
network unreachable error is returned. Whether they be BSD sockets or Java sockets.
Moreover, my nmap probes also return the same error.
Once I asked a similar question here about ping probes and the answer was that my LAN proxy is rejecting ICMP requests. But there are no ICMP requests in establishing TCP connections right?
Why, on the other hand, my browser can connect to any host... although that it uses the same proxy...
Also,(please pardon me for this long doubt) when I give host name as www.google.com in my sockets, "unknown host" is returned. But my browser happily recognizes the same host.
Thank you in advance...
import java.net.*;
import java.io.*;
class Whois {
public static void main(String args[]) throws Exception{
int c;
Socket s=new Socket(args[0],Integer.parseInt((args[1])));
InputStream in=s.getInputStream();
while( (c=in.read()) != -1) {
System.out.print((char) c);
}
s.close();
}
}
Unfortunately, there may be many reasons for this behavior.
My best shot is that you're behind a firewall that's blocking any connections that are not going to port 80. In this case, you may try to connect with your program to the same network, but port 80.
Not sure why you wouldn't get name resolution for google. I'm guessing it's a bug in your code, but can't tell for sure.
Hope it helps.
Investigate and understand your network setup. How are you connected to the internet? Your workstation probably has a default route pointing to some machine again probably doing Network Address Translation (NAT) and/or running a firewall and maybe that proxy server. Find out how you do name resolution (DNS). One you figure these out you might find what you need to do to connect outside.
On the other hand, errors in the code we don't see in the question are also likely :)
There is likely a firewall that is blocking all connections to outside hosts, and an internal DNS server that does not lookup external hostnames. THis is why your socket programs can neither lookup outside hostnames nor connect to outside services.
The same restriction applies to your browser; it's just that your browser is set up to use a proxy server. This means that the browser isn't directly looking up outside hostnames or connecting to outside hosts - it is only looking up the proxy name and making TCP connections to the proxy server. The proxy then is doing the hostname lookups and making the TCP connections to the outside world, on behalf of your browser.
Related
I created a multi-threaded client/server application that can send messages to each other at real time. Everything works perfectly, but I want to be able to send messages over the Internet. From what I understand, I need to do port forwarding to be able to make my server reachable for the clients. I then set up my port forwarding options by providing a port (9991) and then my Macbook Air's IP Address (192.168.0.1).
I then tried to connect to my server using my public server IP (let's say 197.132.20.222) and it didn't work. I then tried to see if the port forwarding worked by using this website: https://www.yougetsignal.com/tools/open-ports/ and I realized that the connection was closed. I also tried the command nc -vz 197.132.20.222 9991 while running my application and the connection is refused.
I'm using a JavaFX application, and for my server side I use a ServerSocket with port 9991. For the client side, I use a Socket and set the IP Address to my public router IP Address, and I tried to connect with another PC using mobile data to use a different network.
My firewall settings are turn off, so I really don't know what is blocking my application to connect to that port. Could it be my ISP is blocking connections? I just don't understand why my ports are blocked even with no firewalls enabled.
I have setup a simple HTTP java server running locally on port 8000. It simply prints a message "Hello world" when a request comes. When I try to ping it from the browser by running http://localhost:8000/test I get my message printed.
I want to get the same results from another computer that is not local. When I try to use my public IP lets say http:/43.xxx.xxx.xxx:8000/test (even from the same machine) I get an ERR_CONNECTION_REFUSED .
I probably suspect that has something to do with the firewall. Can anyone guide me a little more because I lack the experience?
Thanks in advance
You don't specify what host OS your server/firewall is running so I'll keep this generic...
Without knowing your application, it seems like the server is sending a reset (RST packet) when the first SYN packet shows up indicating that the port (on that interface [your external]) is closed. You can do a quick port scan from here (https://mxtoolbox.com/PortScan.aspx) if you don't have access to a remote machine to test with. Odds are, TCP/8000 will not be open.
If it is, in fact, closed, you'll have to look at the firewall that your host OS is running and find out how to allow TCP/8000 to your host. In a major firewall vendor, your rule would look similar to this:
Source: Any
Destination: Your Public IP Address
Service: TCP/8000
Action: Allow
Logging: Full
That being said, you mentioned this was a PC so look into "iptables" (if you're running *nix) or the Windows Firewall (if you're running Windows) on adding firewall rules (Unfortunately I just joined and can't ask questions/comments, yet).
If you really want to find out what packet is being sent, run a tcpdump on your external interface (let's say eth1) (assuming your remote IP is 1.2.3.4 and your home public IP is 4.5.6.7):
tcpdump -nn -vvv -e -s 0 -X -c 100 -i eth1 host 1.2.3.4 and host
4.5.6.7 and port 8000
Here you're looking for the SYN/SYN-ACK/ACK for a successful TCP negotiation or SYN/RST if there is a firewall rejecting (not dropping) the TCP stream to the port.
Once the port is open on the host OS firewall, take a look at the application to make sure it's configured properly. If this were a standard webserver, you could take a look at the configuration files for the "Allow from" directives to make sure that everyone can access the site. If this is a custom application that you've created, you'll have to check this yourself.
I finally solved my problem. I needed to open a forwarding port in my router that maps my local ip address to the public. My router is TP Link so this what I did:
http://www.tp-link.com/us/faq-72.html
Also in order for this to work every time and not to have to reconfigure this every time I reconected to the router (because I get a new local IP), I have created a static local ip for my server following this guide:
http://www.tp-link.com/us/faq-182.html
Thanks for all the replies.
I feel this question is best started with a simplified version of the scenario.
Server A is connected to the public internet.
Server B is in a private Network and uses network address translation to connect to the internet.
I own both servers and can edit the software on them.
The ip addresses of the servers and the nat router are known to me.
Using Winsock, I need to create a connection between them. I know enough about winsock for this to be trivial if the connection is started from server B, but I need server A to start the connection.
I want to avoid using additional libraries if possible as it would appear to me that I only need to figure out what ip and port server A needs to use when starting the connection.
What additional information do I require, How do I acquire it, and How do I act upon the information.
note: I have investigated other similar questions, but none of them addressed this situation. I am not sure if this should have been asked on server fault or another site, but if so please say which one before flagging as "off topic" instead of closing the question wordlessly.
You need to setup port forwarding on the NAT device to the machine on the private network. Exact steps are device/manufacturer-specific, but here's the general idea:
Pick a port number, configure the NAT device so that connections to its public IP and that port are forwarded to the IP of your private server and the port where your application is listening.
I have a web server running out of my home. I have assigned it an address such as 192.168.1.123 on port 80.
I understand that this is running on my local network. If I go to another computer on my network and type in the server's ip address, I can see the server.
Is there a way to access this server from outside my LAN?
Yes, you need to set your router to forward connections to port 80 to your internal IP address (192.168.1.123). Look for Port Forwarding on your router admin screen which I would imagine you access by going to http://192.168.1.1
Keep in mind that your ISP may block port 80 completely in which case you can run your web server on a different port (for example por 8180) and have your router forward connections to port 8180 to your internal IP.
To access your server from outside, you just need to point your browser to your external IP address which you can find out by going to http://www.ipchicken.com
Assuming you have a connection to the internet:
https://github.com/progrium/localtunnel
is a quick way to access your local server from the internet. There might be similar implementations in other languages/platforms. This is just the one I know about.
Remember that security issues need to be carefully considered when opening your local network to the world.
If you use a PHP Webserver you can set it this way:
php -S <YourIPAdresse>:<SomePortNumber> <StartPHPpage>
Example: „php -S 192.168.1.123:9000 index.php"
I want to connect to a system which is behind a router. I know the public address of the router as well as the private ip (fixed always) of the system. How do i establish socket connection with the private ip?
This is why some people say that they are behind a "firewall", when they are behind a router. The Evil Viruses Of The Internet are not able to exploit any software on a computer behind a router (provided that the router admin didn't configure it in the funny way, for example by enabling DMZ).
You still have some options:
Talk to the router admin and make him forward a port for You
Take the router out and put Your "target" computer where Your router was, or enable DMZ (this only makes sense if there was only one computer behind the router). Warrning: install a firewall on the target computer first!
Turn the socket 180 degrees. Make the computer behind a router establish the connection to the server that has a public IP address
Use something like UPnP, if Your router supports it
Get a dedicated IP address for Your computer and configure router to switch all traffic to this IP address to Your computer (this is similar to DMZ, but would work if You have more than one computer behind the router). Warrning: install a firewall on the target computer first!
Use NAT traversal. There is a very good article on the subject here. Simplified version is that client establishes connection to some remote server. The server can see the opened port number on the client's router and this port is assigned to the client's machine, so it (or some another computer sharing this information) may establish connection to that port and reach the client's application. Warrning: this doesn't work with all routers. Some routers just won't let this happen.
The simplest thing is probably to forward the port from the system you want to connect to through the router.
This is more a question of configuration of the router as opposed to your actual program. If the router isn't configured to forward traffic to the private system, there's no way to force it to connect you - rather, the private system would have to open the connection on its own.
Strictly speaking, the answer to your question is "you can't". You can however enable DNAT (Destination Network Address Translation) on your router. You connect to a certain port on the router, and it forwards the connection to the internal ip. The internal ip (and port) are configured in the router settings and are not known by the connecting client.