Currently I have written an app (kind of communication app) using TcpListener-TcpClient to connect clients to each-other and to the server.
(Clients should be able to connect to each other and also connect to the server at the same time).
The problem is the firewall applications users have. Their firewall app blocks incoming connection from outside of network completely.
(I tried to workaround this using windows firewall configuration script in vbscript with CreateObject("HNetCfg.FwMgr") but it doesn't apply to firewall applications!)
What should I do?
Is there any workaround, or we just have to write manual for every firewall!
Additional notes:
Firewall applications like, kaspersky, node, zonealarm and ...
TeamViewer is a good example. How they did it?
We don't want the clients be dependent to the server. They should be able to connect to each other without using the server.
What you can do is test for internet connection form the client then try to contact your server or any other client from the outside if not reply then ask or prompt the user "Are you using a firewall? most firewalls detect or notify the user of an "application attempting to contact" a server
If you could bypass all firewalls then they would be useless to have. Even if they disable their software firewalls, they could still have a router acting as a firewall and not forwarding connection attempts.
If you have a dedicated server and allow clients to communicate to each other through that server, then firewalls shouldn't be a problem since each client initiates an outgoing connection to the server.
If you want a client to be able to act as a server, then that person will have to make sure to allow that application through their firewall. Also, look into UPnP for opening ports on the router.
Related
I’m developing an app that connects on port 9050 through the public ip of my server. It works fine on lan but if I’m connected on a different network it fails what can I do to fix this?
first try from Command Prompt this command: telnet ip 9050
if it working means the port 9050 between your pc and the server already opened , otherwise you should check why and where the port is blocked (may be firewall in this case you need to create rule in firewall to pass ).
I don't have any code to go by and I know nothing about your network configuration, but I'll tell you what I generally do when debugging a network-enabled app. First, look at your firewall rules. This will obviously vary depending on what OS you're using but on Windows 10 application-specific permissions are located in Control Panel > System and Security > Windows Defender Firewall > Advanced Settings.
After making sure your app can get through your devices' firewall, check the router settings next. Your packets may not getting by whatever inbuilt security protocols are in place. Since your program works with LAN but not over the Internet, this is a distinct possibility. Also, depending on your network configuration, port forwarding may be necessary; if you're sending data via a public IP address, the router needs some way to know which device on the local network needs to be receiving it. Additionally, if you're trying to connect to your server from the same network you're hosting it on, make sure you use the IP loopback address, which I believe is always 127.0.0.1, or in C# IPAddress.Loopback. Public addresses often won't work when connecting to a local host.
If you're still having problems, I recommend using Wireshark. It's an advanced diagnostics tool that tells you exactly what is being sent and received over your network, and can help pinpoint otherwise hard to spot issues.
We are developing a server application which will listen all the connections (TCPListener) from external devices 24/7 and store these messages in our database.
For these connections, we are opening a port (let's say 13002) in our server. We would like to make this port secure which means that someone will not be able to scan ports, and connect and send thousands of requests to this specific port to make our application slow and even out of order.
Any ideas?
Use a firewall.
In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed to not be secure or trusted.
If given is your definition of "secure":
someone will not be able to scan ports, and connect and send thousands of requests to this specific port
Then a properly configured firewall will do.
That will however not prevent malicious users from doing harm to your software. If someone can figure out the protocol you use through packet inspection, they can fire arbitrary requests to your application.
This means that if your protocol is not well-designed, users can impersonate other users, send messages they're not supposed to and thus perform actions they're not allowed to.
Just putting a firewall in between will not make your protocol more secure.
I want to develop sock5 proxy server in c# which could make connections to client.
i.e in normal scenarios client or browser make connection to proxy server but i want the proxy server to connect to the client.
i googled a lot but could not find any code sample in c# or other language.
This sounds like a rather broad question, but generally I think what you are trying to do isn't "by definition possible". Socks5 is defined in RFC1928 (https://www.rfc-editor.org/rfc/rfc1928). It specifically relates to the 'client' connecting to the 'server'. In order for the proxy server to connect to the client, the client machine would have to have some form of service running and listening on a previously established port (assuming TCP/IP here). I suppose you could write some form of browser plugin or a service daemon to listen for server initiated connections; however, this wouldn't technically be 'socks5'. Having an open port (service) on your client open other security concerns, such as a connection from a machine claiming to be your server, or an outside machine requesting the proxy server to contact your client machine. Part of the trust model of these setups is the idea of client initiated actions. You may be trying to solve the wrong problem (i.e. you may need to reframe your problem in a different way).
I'm working on a simple c# messenger and its works on the local network only. Does somebody know what should i do to make it works on the internet?
The solution contains the server project that listening on a certain port, and a client project connect to the server with that port.
Your clients need to be able to communicate with the server, which means that either:
You need to host the server application on a computer that is directly connected to the internet.
You need to setup port forwarding on the router that controls internet access for your network.
In either case the clients will need to know the IP address to connect to, and any firewall interactions need to be considered. This may also include ISP firewalls, as some ISPs limit inbound connections to subscriber connections.
I won't go into the specifics of setting up port forwarding on a router... there are plenty of examples, and every router is different. Google will help you with this if necessary.
Ideally you should have a static IP address for this, or some method for the clients to locate the IP address that your server is hosted on. If you must run from a dynamic IP address (such as some ISPs still use for subscribers) then one of the Dynamic DNS options might work for you.
In-order to make it work on Internet a simple answer is you need to enable ports which is used for communication.Generally the ports will be blocked by the Companies firewall for security reasons.So contact your IT dept to enable the port.
Or Use common port like 80.
I have created a windows service and want to connect to SQL server 2008 over internet. The issue is that although I can connect it locally and with the local IP, my server is behind a firewall. Since there is a Sharepoint server on the web on the same server, I know that the system is on the internet.
What should be the connection string to connect to the server from outside the local network and from anywhere in the world?
If it's behind a firewall, you'll have to open port 1433 to incoming traffic. Other than that, the connection string should be the same as the internal one, only using the external IP (if you don't know it: http://www.whatsmyip.org/). You'll need to make sure that mixed authentication is enabled, because of course you can't connect using Windows domain credentials over the internet.
I should probably mention it's not a very good practice to expose your SQL Server to the outside world ... but you know that, right?