I'm wondering if there is a way to setup connection between a client and a server over the internet and have both of them programmatic setup all needed router/firewall configuration changes to open needed external ports to communicate.
Assuming both server and client have known ip addresses and a DNS is not needed in this example to find the IP addresses. How might one have a server that when started configures access past the firewall and tells the router how to route proper communication to the server. I would assume the client may not need anything like this as it should only need to know the external IP address and port number of the server. If i'm wrong about my assumption please let me know.
Example if I have two houses house (A) has a server and house (B) has a client and both sites know what the other house external IP address is and know what port they will be using how may a Java application do all the configuration or at least do as much as possible on say windows,mac,ubuntu. The idea is the user of the server and client should not have to do a bunch of firewall/router configurations to get the application running. It would also be nice if in the example it shows how to release the connections when the server is terminated. Example when the java server is turned off it should close up port settings on the firewall and router. security and clean house.
There is no easy way of doing that as it will depend on the OS and on the many possible firewall application running on the machine. Plus, if your app crash, you will never set back the original parameters, which can be problematic when talking about security. Instead of trying to set up custom configuration, you should try to use standard communication template/protocol like http. This will gives you a high probability of your app running without additional configuration almost anywhere (since there is almost no point of having an internet connection if you don't allow http port).
Related
I have java programs for my client and server, and they work fine within the same wifi network. But I need the clients to be able to connect to the server from the open internet. In questions like these
How to connect client and server with the help of ip address which are connected to internet through different wifi?
https://coderanch.com/t/667020/java/Socket-connections-networks
the solution is to manually reroute a port to the server from the router, making it open to connections from the outside. Is there a way to do this with just software on the server? I don't understand why manually dedicating ports is necessary since of course other applications on my computer (like games) that I install communicate with their servers back and forth without me having to manually go in and flip switches.
How can I achieve this with just software running on my server?
If there isn't another way, how do other applications communicate openly without manual router changes, and will opening up ports through my router result in security issues?
You would need to change the architecture of your application. Currently, your server is behind a firewall which blocks connections from the internet - you want this! If you allowed all traffic from the internet to connect indiscriminately to your server, it would be very vulnerable to attack.
Other applications install and communicate without port-forwarding because the developer provides a server on the internet to act as a proxy between clients. The client connects out to the internet which is generally not blocked on home networks. Internal connections going out are considered less harmful than connections coming in.
Heyy guys. I'm writing a chat application in java, works pretty well. But can i somehow host my Server file or the Serversocket on the web? I want to make it so my friends from other pcs can use the client and connect to the server file which is hosted on the web. Is that possible? Can i host the File/socket online?
When you run a java application that opens a ServerSocket, it opens a port on your local machine and starts listening for incoming connections. What you do with those connections is up to the implementation of the java code that you write.
The "web" is much less foreign than you are making it out to be. Your own computer can be on the web that you're talking about and people can connect to your chat service. Or you can choose to host it on something like an AWS server.
The following approach is assuming you are behind a pretty standard NAT config.
Once you run your java application, you need to make sure other computers can see you, either inside your LAN or outside on the internet. You want to start testing from as close to your computer as possible, then start expanding outward.
First you need to make sure that your computer's firewall is actually allowing connections on the port that your java application is listening on.
Opening ports in the Windows Firewall
Setting up and opening ports in Linux
Now computers on your LAN will be able to connect to your java program. Now you need to go one layer out, and port forward your router. This is much less standard so I can't help you too much, but Google can.
At this point, anyone on this internet, knowing your external ip and what port your java application is listening, can connect to your service.
If you chose to host this on an third party hosting service, you'll need to go through similar steps, but there may be slight differences that you can either ask about, or again Google is a great resource.
I am working on an application where the app should able to read/fetch the emails from a smtp server. The problem is the ports may differ in different environment. Is there any way to connect to smtp/pop (microsoft exchage) server without knowing the port. Any information might be helpful because of I am new to this javamail api's.
There are standard ports for these services, which JavaMail uses by default. It's relatively rare that one of these services will use a non-standard port. But you do need to know whether the service requires SSL or not, and there are two standard ports used for SMTP. You could easily write code that tries all the common ports and you would probably cover 99.99% of the cases.
I don't think that would be possible. Each port serves a different purpose.
What you can do is read your port number from an external property file, so that your code becomes environment independent, and then you just have to change the value in your property file which placed outside your deployed war/jar
This way, your port no value could be environment specific without having to change your code.
What I mean is like servers on video games. You can run an application and it will set up a server on your computer with an IP and a port.
For example, how would you make an application where one host application sets up a thing where it has an IP and a port, and another computer that has access to the internet as well can type in the IP and port and it would be able to communicate with the host? I mean simple communication, like sending a boolean or String.
And would there be any security problems that would be needed to fix?
I guess I grasp the concept of your question...
You want two computers to connect via internet right? If that is the case, then you will have to use a thing called "sockets" that do connections between computers. About the server thing, well, for starters the client must always know what IP the server as (direct IP or by a DNS), and then you can connect your client to your server. There is a tutorial for sockets at the java pages: http://download.oracle.com/javase/tutorial/networking/sockets . About security issues, well, you must make sure that your server can handle anything that comes from the client (i really mean everything), i mean, accepting every type of data that is supposed to receive and deny everything that is not (trash per say). If you have that in mind then there is no problem (and of course, the server must have a firewall also to control the sockets, but that's not up to you).
Here is an example of how to use sockets to send a string from a server to a client.
http://www.java2s.com/Code/Java/Network-Protocol/StringbasedcommunicationbetweenSocket.htm
The site has about 20 examples of how to do what you are trying to do. In general I find this site to be the best JAVA resource that I know.
In general, the thing you probably want is a Socket. Sockets allow you to send bytes to an endpoint via TCP or UDP. This is very low-level, though, and are somewhat tricky because you have to design your own application protocol. You may want to use something that offers more abstraction.
Java sockets expose a stream interface so you could just encode integers as strings, for instance, and send them line by line, or you could do something fancier and more efficient like using a DataOutputStream to wrap it.
Handling the following issues can improve security.
If you have router ,set different ports for routing.
Example: If you are running server say on port 6001, map a virtual port say 9001 , which would be exposed to public.
DDos
IP Restriction - Not every user can access your machine !
Enabling router firewall does handle most of the issues.
I have a database application (or search engine) which is called Solr.
I connect to it via port 8983.
I do this from PHP code, so I add and remove records from it via php.
On my server I have a firewall.
I have set this firewall to only allow connections to and from this port (8983) from the ip address of my own server. In other words, only allow servers IP to access this port.
Is that safe? Or am I thinking all wrong here? Will others be able to "simulate" my ip address and act as the server?
This is because otherwise others may add/remove records as they want from their own IP addresses...
Thanks
It might be a good idea to also block all outgoing traffic from port 8983 on the server to anywhere but your own server's IP address. This, in addition to dropping any packet to that port not from your server, will doubly ensure that, even if someone is somehow able to modify the daemon listening on port 8983 on the server, allowing it to mirror traffic to another host, it would be dropped before it leaves your computer.
Yes, you are safe as long as no one gains control of your local server.
You can also cause Solr to bind to the "localhost" or "127.0.0.1" adapter as opposed to "0.0.0.0", which would have a similar effect. It never hurts to layer the firewall above that just in case the configuration is messed up.
You would not be safe if you are worried of tampering from the same network. There are many situations where the real threats are from inside the network, not from some script kiddie a continent away.
I agree with theatrus to use only localhost.
If you are deployed on multiple hosts there are several ways to create a secure tunnel, e.g
ssh -l 8983:localhost:8983 solr.server
this will create a secure tunnel. (Although it takes non trivial CPU when the bandwidth is high). There are also other solutions.
An additional advantage is that for a developer you can use a sample solr server locally and your code in your IDE, and it will just work with the same config as in production. The less that needs to be changed when deploying, the better.
This is safe. The ip address used in a TCP connection because of the three way handshake. This is a good firewall rule-set, but you should always test your rulesets with nmap.
What you do have to worry about is running an open proxy server on the server that is executing the PHP.