I have a .NET remoting service listening on a Windows 2003 Server. As far as I know, the Windows Firewall is properly configured to let the information of the Remoting Application go out.
In my PC I have the other part of the communication, trying to execute methods that lives in the Remoting object. In theory, there are not firewalls that can interfere, but this exception is thrown:
SocketExcepcion (Error produced during the connection try, etc.)
I've captured traffic with Microsoft Network Monitor, and I've seen traffic going on between "server and client".
Ideas?. Any help would be very appreciated.
Thanks!
Ok, Windows Remoting (the predecessor to WCF) is quite limiting as there are firewalling issues...basically, it will not work with a firewall, even though you have punched a hole in the firewall, the problem is the NAT'ting of the IP addresses, hence likely, you're getting a connection timed out socket error message. It might help you and re-assure that the problem may easily be remedied by allowing the traffic to be redirected, I have written an article on CodeProject which may help you. What you can do is put the application on the end point where the firewall is, put in the IP address that is facing publicly to the internet, and put the in the IP address that is to be redirected to the remoting server.
Feel free to contact me anytime if you so wish,
Hope this helps,
Best regards,
Tom.
Related
That's it. It's a newbie question, probably. I'm almost giving up on TcpClient/Listener because of NAT and firewall issues. I wanted to know if theres an alternative. port 80 probably doesn't have to deal with any of these annoying things. I hope the answer is Yes.
What about the SignalR over WebScockets
Yes, you can implement WebSockets in a non-browser application, but it won't solve your problem.
When you try to open a server listening to websocket connections, you will run into the same problem you ran into when you created a normal socket connection: Personal firewall solutions will get in the way and not every router will forward the port you've chosen. Using the well-known port 80 won't help you here. It is quite uncommon for normal consumers to have a webserver running behind their NAT router, so by default no NAT router will forward the port unless specifically configured to do so.
A NAT router will generally prevent any hosts behind it to act as servers unless configured to allow it. When you want the users to not worry about their NAT configuration, both users must act as clients. The only way to do this is by having a central server all players connect to.
While hosting a server is still not free, it has become quite cheap due to cloud-based hosters who will rent you small, virtualized servers for very modest prices. The smallest instance from Amazon EC2 only costs you 2 cents per hour or $14.40 per month. Or you can build your own server from some spare-parts and host it on your own internet connection. When you don't have a static IP address you can use a dynamic nameserver service like no-ip or DynDNS.
Yes you can, but please don't.
I would suggest to change your architecture:
Use a server socket as a main point to handle clients. This server has to have a visible IP/port. In this case you may have clients behind nuts, and do not bother.
I have to detect if a server is on or off, some people told me to try using the pinging way, and if it's not working I should use TCP connection between me and the server.
Can someone please explain me whats the difference between these, why does the ping way may not work good?
Thank you.
Using TCP would allow you to verify a certain port/service is operating correctly on a host. While ping would just assure that the machine is responding.
A ping also might be blocked by various firewall settings.
It really will depend on your requirements on what your definition of "up" is for your project.
Just responding, or my service hosted on port X is responding when I open communication.
Im sorry if this been asked before, but couldnt find anything about this particular matter.
I try to find out with which of my own ip's my computer use to connect to a remote ip.
I use some kind of socket setup both ways etc, and im sending my ip (and other stuff with xml) to another server so it knows how to contact me.
But how do i figure out which ip i should send to it?
I have the servers ip or host name, but trying with
Dns.GetHostEntry("host").AddressList
But that only gives me the ip of the remote host and not how my computer reach it.
Is my question solveable at all or is this just wishful thinking?
Can you have the remote host capture that data? That end would surely have it.
If you're using UDP then this is exactly what the STUN protocol was designed for. STUN is used in VOIP applications (among other P2P systems) to be able to tell what a specific connection looks like on the internet.
One very reliable .NET implementation that implements STUN is included in the Lumisoft.NET library (source code available here). I've used it myself for to satisfy this specific task for applications ranging from VOIP to P2P VPN alternatives. It is very easy to use and is standards compliant.
NOTE: I am NOT in any way affiliated with Lumisoft, I've merely used their library in several different applications
Ok, quick update that wont help anyone except myself.
But.
Found out that i can send hostname instead of actual ip, will work for now and most cases, and let the DNS do what its suppose to do :)
I need to able to block any and all connections to my pc from a specific IP address , i know this is possible with a firewall but i need to do this in c#. Any idea how (need code).
Update :
Its a generic C# app not asp.net , target platform is WinXp till Win7
Need more information... if you're talking socket communication, you can simply close the connection to a client as soon as it connects if the IP address is blocked, or process the Connection Request and evaluate there.
Edit: Simplest way for you would probably just be to interact with Windows Firewall API... here's how:
http://www.shafqatahmed.com/2008/01/controlling-win.html
Your question is unclear but I'll try to answer the best I can, within my understanding.
Do you want to control machines from connecting to any port on your machine? if so, you need to control the built-in windows firewall or find yourself a filter driver you can control. In order to write your own filter driver, you must leave the land of managed code, so I am guessing that's not an option.
To learn how to control the firewall, here's a link:
http://www.shafqatahmed.com/2008/01/controlling-win.html
more on google.
Do you want to control remote machines from connection to a port on your machines that your application owns? You cannot do that either (see #1 above). However you can take action after the connection, and close the connection if you don't like the remote IP (check the remote endpoint's IP).
two caveats with this approach:
It doesn't save you from a DoS attack.
You will need to be careful if you need ipv6 support (you can't just check the IPV4 address in that case)
HTH
A "firewall" in c#?
First you would have to access the network interface on a low level, eg.: http://msdn.microsoft.com/en-us/library/ms817945.aspx
Then you have to parse all incoming packets and maybe discard them.
It's not an easy task and I don't recommend you to write a driver and a firewall in C#, because the .NET Framework will be loaded every time you start your machine.
Also traffic parsing can be tricky... I implemented a router/traffic analyzer in C# some time ago and it took me about one year to gain the experience with network programming to gain the knowledge to do this.
I just a moment ago saw a request for finding the MAC adress of a remote host. An answer was that the MAC address is always sent as part of the TCP/IP protocol.
How would I go about retrieving this information from an ASP.NET C# application?
See: Reference to sister-post
Any such answer is false. The MAC address of an adapter is only available on the same network segment. Not on the other side of a router.
If your remote device is SNMP-enabled you can query it for its ARP cache. That will have the MAC address in it. See this FAQ entry for more info.
Simple Answer: You can't.
Complex answer: You can, but you need to read the output from "arp -a" command. That might get difficult, depending on how many connections you currently have through your NIC (wireless or wired).
The only way that I can think of to get this from the network itself depends on interfacing with network management software with SNMP or RMON. Currently, I'm using a Java Applet on the client (see my answer to the other question), but it has some limitations. I'm hoping to meet with our network engineers to see if there is a way to get the same information server-side by interrogating the network switches. If such a solution exists, it will likely be specific to whatever network management software you are running.
You can build it into the application itself and have the application send the mac address in any messages that it may already be sending. Other than that, John nailed it.
Edit: Oh, if this is a "web app" and the "client app" is a browser, yeah, no go.