I have a web server with multiple IP addresses that needs to connect to a database server. The DB server is behind a firewall that's controlled by an IP address whitelist. (If it matters, it's an Oracle server.) Is there a way to specify the IP address used by the web server in the OracleConnection, so that only one IP needs to be added to the whitelist?
I see there are a few similar questions about specifying outgoing IP addresses (such as this one and a couple linked from there), but none that specifically mention database connections.
The database side doesn't come into play (much).
On my simple network, I have a modem/router that gets an internet IP address from my ISP and has a different IP address for the local network. I have configured it to forward requests made on port 80 (the port used for HTTP requests) to a particular IP address on my local network.
IP addresses can by allocated dynamically (DHCP) or statically. Because I want my HTTP requests to go to a particular machine, I need that machine to always have the same IP address. One way to do that is have the machine request a static IP address when it connects to the network. Another is to have the router dynamically allocate an IP address but to always use a specific one for a specific MAC address. I've gone the latter route. Which you choose to do and how you do it depend on your situation (eg OS and network setup).
In your situation you want the local network addresses to be static for both the database server and the web server. That's really a networking issue.
The only time that programming may come into play is if you have multiple network ports. Take my laptop. It has a WiFi card and an Ethernet port. Each of those has a unique MAC address (actually every network device in the world has a unique MAC address). I can connect either or both of those ports to a single network or to two different networks.
If I connect both devices to the same network, they must have different IP addresses because an IP address needs to be unique to a network so the network knows where to send the messages. If I connect them to two different networks, then they might get the same IP address. [The Internet is one big network, but local area networks (LANs) are independent.]
If your machine has multiple network connections, you may need to direct a particular connection to a certain network (so I might always want my db connections to use the eth0 port and other things to use and eth1 port).
Generally speaking for a web server, you have one or more externally addressable IPs, but only one internal one.
The internal address is what is connected to your internal network for communicating with things like database servers. The external ones are used when outside clients connect or for outbound communications..
I would assume that the "multiple IP addresses" are in the DMZ (external network) , and that the database server is in a different (internal) network, no? You should not have this problem.
Related
I have hardware based on a microcontroller with Ethernet communication.
There is a TCP server in the microcontroller.
To configure the hardware, I have an application made in C# for android.
The application, in turn, has a TCP client.
For the app to find my hardware, what I'm doing is pinging each of the addresses of the same network segment of my mobile.
That is, if the IP address of my mobile is 192.168.0.xx, I ping from the address 192.168.0.1 to the address 192.168.0.255.
Those addresses that respond, I try to open a socket and send a data frame, if the answer is correct, I assume that I have found a hardware in my local network (there could be more than one connected)
Obviously those IP addresses that don't respond, or that the socket cannot be opened or that they respond to something wrong are discarded.
Those valid addresses are displayed in a list for the user to choose with which to interact.
Also, these valid addresses are saved in the application so that the next time the app is opened, it will automatically connect to the stored addresses, avoiding the scanning of the IP addresses.
This seems correct to me the first time the user installs the hardware and configures with the app
The problem is that I was informed that there are users that their routers are configured to renew their IP addresses once a month.
If this happens, the app should again perform a scan of all the IP addresses again, and this is somewhat cumbersome, since scanning all the IPs takes some time, I don't think users are happy configuring their app and hardware once a month.
Another cumbersome solution could be to use static IP addresses, but I don't think that's a good idea either.
Any suggestions on how to improve this?
You need to take subnets into account. You are assuming that the subnet you are connected to is a /24. You are also pinging the broadcast address (.255) which is unnecessary. A host doesn't reside there.
DHCP assignments will renew their lease halfway through the lease period. If your hardware is still on the network it will most likely get the same IP assigned as it did prior from most modern DHCP implementations.
Finally, consider lowering any timeout values in your scan. Scanning a /24 for hosts to respond on a specific port should complete in seconds.
The solution is explained by #Charlieface in the comments of the question.
I'm going to implement a UDP server on the microcontroller with an IP address within the range of 224.0.0.0-239.255.255.255 (Multicast IP addresses).
When connecting to said server and sending a data frame, the ip and other parameters will be returned so that the app can connect directly to the hardware without having to perform a scan of all the IP addresses.
More details of the solution, in the following freeRTOs thread:
How can I create a UDP server with static IP?
I'm creating a server client application. I have been able to connect to applications on the same network. For example I can connect to 10.0.0.3 and 10.0.0.4.
Now I have been trying to connect to my external IP and I recieve:
System.Net.Sockets.SocketException (0x80004005). No connection could be made because the target machine actively refused it.
listen = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
write = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
end = new IPEndPoint(IPAddress.Parse(IP), 3212);
write.Connect(end);
Is this a problem with my code or with my router settings? Or is it that you can't connect to yourself... however that wouldn't make sense considering I can connect to 127.0.0.1.
This is a common loopback error, because you're router gets confused when doing Internet NAT redirections. Your external IP is assigned to your modem/router...not your computer, remember that your router could be handling traffic for more than one device inside the network under one single external IP then it uses NAT to redirect traffic to specific local connected devices. One example is, your home network with 2 computers, one printer and 2 mobile devices, all of them connected to your home network via wi-fi, all of them will have a local IP address assigned possible via DHCP, however, the external IP address is the same for all local devices because the external IP address is assigned to your router.
When connecting to local network devices ALWAYS use a local IP address instead of the external one
Edit
I wanted to keep this answer as simple as possible but Scott's comment made me re-think that it is always useful to add details that can help the community out there.
Basically, you can actually set up Port Forwarding which allows your router to redirect incoming traffic received in a specific port to a designated device in your local network. This will make your device accessible from outside your network on that specific port and you can easily take advantage of this to connect to sockets from inside your local network using your external IP address. The flip side is that not all routers/modems support Port Forwarding, so you will have to refer to your modem's manual and check if it's supported or not.
But, if you want to set it up solely for the reason that you want to connect devices from your local network using the external IP, I would recommend you NOT to do it and use the internal IP address, you don't really want to go through the security risks that are involved in exposing your local devices to the internet. You can easily set up strict firewall rules to outsiders and a more relaxed security in your local network.
For my socket application I used port number from 10000, secondly I have created Windows Firewall Rule on socket server computer, which allows your external client to connect to the socket server. you can specify number of individual ip address or a range with a port number 10000. From Start -> All Programs -> Windows Firewall with Advance Security. Follow the prompts set the rule for your client IP. Good luck
I presume the IP address you want to connect to is not 127.0.0.1, but your own IP address as used on the internet (e.g. 80.110.140.30)? You can't do that. Try copy-and-pasting that same IP address in your browser, for example, and you'll see it either does not connect or redirects to your router.
From your own network, the only way to connect to yourself is through the loopback device (localhost or 127.0.0.1).
I'm working on a simple c# messenger and its works on the local network only. Does somebody know what should i do to make it works on the internet?
The solution contains the server project that listening on a certain port, and a client project connect to the server with that port.
Your clients need to be able to communicate with the server, which means that either:
You need to host the server application on a computer that is directly connected to the internet.
You need to setup port forwarding on the router that controls internet access for your network.
In either case the clients will need to know the IP address to connect to, and any firewall interactions need to be considered. This may also include ISP firewalls, as some ISPs limit inbound connections to subscriber connections.
I won't go into the specifics of setting up port forwarding on a router... there are plenty of examples, and every router is different. Google will help you with this if necessary.
Ideally you should have a static IP address for this, or some method for the clients to locate the IP address that your server is hosted on. If you must run from a dynamic IP address (such as some ISPs still use for subscribers) then one of the Dynamic DNS options might work for you.
In-order to make it work on Internet a simple answer is you need to enable ports which is used for communication.Generally the ports will be blocked by the Companies firewall for security reasons.So contact your IT dept to enable the port.
Or Use common port like 80.
OK so I've just started messing with TCP using c#, and I've successfully set up a server that i can send a 'Hello World' Message to, anyway I've been doing this locally (because both laptops are connected to the same router) i just use the 192.168 number to connect. but The whole purpose of it is to work over the internet, and the routers ip address is obviously the same for both computers, if i type the routers IP address it doesn't work, and if i type the 192.168 number that definitely won't work over the internet... So what IP do i use, or what is a better solution?
here's the line of code if it matters
var client = ScsClientFactory.CreateClient(new ScsTcpEndPoint("192.168.1.142", 10085));
Where 192.168.1.142 is the local ip of the laptop with the server started on it
and 10085 is the port.
You have to configure your router to forward any incoming connection to the port 10085 to you local IP adress. Then anyone will be able to connect using your external IP adress.
Each router has it's own configuration system so you have to search "port forwading" and your router model in google.
It depends on what your trying to acheive i guess. If for example your making a chat application. The client (behind the router) lets say its local IP is 192.168.1.111 and router IP is 80.120.78.100. The client would connect to the server.
Once that connection is made it doesn't matter about sending back to the client because the connection is already open between client and server so the server would just use the same connection. The router figures out where to "route" the packet, stuff which generally you dont need to know about.
If however your server is the one looking for clients, then thats different.
I'll try to explain a little about networks, but you'll have to search about it.
Basically, understand an IP mask, such as 192.168.1.0 as one network. Router's role is to connect different networks, that's why a router typically has 2 ports, WAN (wide) and LAN (local).
With this concept, you can see the internet as one big network made from the connection of various ISPs. Each ISP has a router to its network, and another one that gives you an internet connection. Finally, you have a router at your home. So, from this, you can understand that there are 3 networks connected: your home, your ISP and the internet.
In order for you to be able to connect to a computer at my home, I have to make this computer available from the internet, I have to publish it. I do this by setting up a NAT (network area translation) at my router. This NAT says "anything that comes from the internet on port 12345, forward to 192.168.1.10 (my server) at port 80".
This is an extremely simple explanation, ok?
Now, let's take a big step back. If you have another computer available on your network, you can test if your program is working with a much simpler approach.
Connect both computers to you LAN, so they will acquire similar IP addresses. Let's pretend they are 192.168.1.10 and 192.168.1.20
Run the server at 10 and disable all kind of firewalls (Windows and third party)
Run the client at 20 and try to connect to the server
Suppose that I have 1 network of many computers connected to the Internet through a Router Wifi Dlink or a NAT device. On the other end a computer connected directly to the internet which provides some services to the connected clients. As soon one of the computer of the local network connects to the directly connected computer on the other end through the internet I want to determine on the directly connected computer through a Socket or in other ways which of the computer of the local network sent the request. Is this possible ?
I for example know that some Internet Service Providers limit the number of possible computers connected to the Internet even if the computer is located behind a router. It means that in such ways the Internet Service Providers could determine which computer behind the router has performed a connection request..and limits the connection to all the others. How to explain this ?
It is not possible to find this directly from the objects. What I would recommend if you need to know the local IP Address of the sending system, is have the client send the information in to the server as the first thing it does after it connects to the server. So, after accepting the connection the server should expect a set of data that will contain the local IP information send by the client that just connected.