I need to able to block any and all connections to my pc from a specific IP address , i know this is possible with a firewall but i need to do this in c#. Any idea how (need code).
Update :
Its a generic C# app not asp.net , target platform is WinXp till Win7
Need more information... if you're talking socket communication, you can simply close the connection to a client as soon as it connects if the IP address is blocked, or process the Connection Request and evaluate there.
Edit: Simplest way for you would probably just be to interact with Windows Firewall API... here's how:
http://www.shafqatahmed.com/2008/01/controlling-win.html
Your question is unclear but I'll try to answer the best I can, within my understanding.
Do you want to control machines from connecting to any port on your machine? if so, you need to control the built-in windows firewall or find yourself a filter driver you can control. In order to write your own filter driver, you must leave the land of managed code, so I am guessing that's not an option.
To learn how to control the firewall, here's a link:
http://www.shafqatahmed.com/2008/01/controlling-win.html
more on google.
Do you want to control remote machines from connection to a port on your machines that your application owns? You cannot do that either (see #1 above). However you can take action after the connection, and close the connection if you don't like the remote IP (check the remote endpoint's IP).
two caveats with this approach:
It doesn't save you from a DoS attack.
You will need to be careful if you need ipv6 support (you can't just check the IPV4 address in that case)
HTH
A "firewall" in c#?
First you would have to access the network interface on a low level, eg.: http://msdn.microsoft.com/en-us/library/ms817945.aspx
Then you have to parse all incoming packets and maybe discard them.
It's not an easy task and I don't recommend you to write a driver and a firewall in C#, because the .NET Framework will be loaded every time you start your machine.
Also traffic parsing can be tricky... I implemented a router/traffic analyzer in C# some time ago and it took me about one year to gain the experience with network programming to gain the knowledge to do this.
Related
PostgreSQL, by default, does not allow remote connections. I know I could change the configuration to allow remote connections, but the software vendor will not support making any changes to the configuration. Since we develop add-on products for this vendor, we cannot simply ignore their wishes.
I would like to access Postgres from a remote computer. But making connections must come from what appears to Postgres as localhost. I'm not at all familiar with what I believe is called a TCP Port Forwarder, or maybe it is called a proxy? or Relay? In any case, I need to make remote connections to Postgres as if the requests were coming from localhost.
I already have a Windows service running on the same server as Postgres, so I would like to add this port forwarder, proxy, rely on this service. We need to do this in c#.
Alternatively, if there is already a tool available for this purpose, that I can run as a service, that would be fine as well.
It is correct that by default Postgres doesn't allow remote connections. But this can easy be changed in the pg_hba.conf file.
For this you just need to add a line with the address of your remote host.
For example:
host postgres all 192.168.12.10/32 md5
Columns:
Type: in your case Host
User: I used postgres in this example, but I recommend you
using a dedicated user as postgres is a superuser.
Database: Which database you want to access via this user and host, I left it to all, but again it is advisable to be more specific
Address: The address of the remote host
The authentication method. (md5 for md5 encrypted password). You can also set trust if you don't want any authentication at all.
For more options I refer to the postgresql documentation: https://www.postgresql.org/docs/9.3/static/auth-pg-hba-conf.html
You say you have a windows service running on the same computer and I take it that you have the code of that service under your control. In theory you can add some code in the service and get the updated binaries installed on that computer. This code can do the proxying between incoming tcp connection from internet and local postgres. From postgres point of view it will look like a localhost connection.
But,
There are some very valid reasons why only local calls are allowed and calls over network are blocked.
Your service may or may not be running with sufficient privileges to listen on a publicly open port.
If any antivirus is running on the machine, it will most certainly flag your app as suspicious and frankly, it is.
Best way to approach this is to ask the vendor nicely to grant access - or to work within the limitations.
It smells of some legal or ethical wrongdoing, but i may be wrong.
Having said that, here are the basic steps:
The service onStart registers a TcpListener on ip 0.0.0.0 and some port known to you.
On a seperate thread in a while(true) loop attempt to GetStream()
Start a TcpClient on ip localhost and postgres port
On a seperate thread in a while(true) loop attempt to GetStream()
In a while(true) loop read from listener's stream and write to client's stream. You may want to use a buffer or an array.
loop until you read a -1
This algo should work in principle.
I hope you are not hacking someone. Please dont.
You need to create a user and allow remote connection to this or an existing user.
you should be able to connecte remotly.
good luck.
I'm having difficulty finding help resources on this. I know how to use the TCPClient class to create a connection between one IP/Port/machine and another.
My doubt is how does that work when one machine wants to initiate a TCP connection to another machine where the destination machine is inside a different network. So the destination network may have hundreds of computers each with its own private ip and the network would have one public IP address. This would be using the TCPClient class or any other that is more appropriate.
I know we could use ports and then inside the network the port could be forwarded to the correct machine but I was looking for a solution like the one services like LogMeIn use. Basically I wanted to use port 80 always and then initiate the connection from the server to that particular machine or others on the same network when I needed.
I suppose, theoretically, I could create the connection first from inside that network, then on the server, save the details and close the connection and then in the near future, when I needed, I would re-open the connection.
So in my scenario, I would have many clients across multiple networks, each network might have multiple internal machines with a client installed. Then on the server I would initiate connection to these machines when needed. Within each network I would want to use port 80 for obvious reasons. The reason I want to initiate the connection from the server and not the client machines is simply to save resources, I couldn't cope with having opened connections until eventually I might need to communicate wit them.
Also, I have no control on the client networks besides them having my client installed.
Ideally, I wish to have c# info, possibly code and not network configuration.
I had this requirement at a previous company. We installed our client/server software (C# based) on numerous different networks with a mix of public/private IPs. I found two relatively simple ways to solve it. First, I want to say that without a public IP, its impossible to connect reliably (in my experience).
When I proposed the solution, I explained the problem to other developers/managers this way.
Your server, the machine with the public IP address [public to clients, but may still be an "internal address"], is like a house without any long distance calling. It can receive calls, but it can't make any calls. The clients are like houses with long distance service. Clients must call the server, because they have long distance. Once connected, any party can talk on the line.
From here you have two choices.
Client connects and never disconnects (this is what I implemented). On the server, I had an object that mapped the client object to the client connection so I could communicate any time with a client that was connected.
Server holds a queue of messages for the client. The client automatically connects on a fixed interval to see if there are any messages (maybe 5 minutes). There would be an option from the server to stay connected for a specific interval. Another vendor called this "fast talk".
There's a couple of approaches.
You could setup NAT - probably no good for your scenario.
You could make an outbound connection from your client.
You could "combine the above" by using STUN (see http://en.wikipedia.org/wiki/STUN) this is quite popular in VOIP for peer to peer scenarios.
The Windows Azure servicebus may have a solution for your problem; NetTcpRelayBinding in hybrid mode allows two comuters behind NAT to create a direct connection with each other. This might not solve your problem if you are money constrained as each connection has an associated cost.The simplest solution is probably to have the clients polling your server.
You may use SignalR, which has been developed for this kind of scenarios.
You must have a third party, though (a server which broadcasts messages from sender to other peers).
But the beauty of this technology is that it chooses the most appropriate way to push data to clients: Polling, long connections, sockets... etc.
This provides an abstraction layer which is quite comfortable.
It has been designed to interact with javascript clients, but may be used in full-C# clients as well.
You need a third server that acts as proxy between your machine and target machine that is behind a firewall.
That is how applications like LogMeIn work.
You can do this using SSH tunnels.
Please check https://serverfault.com/questions/285616/how-to-allow-remote-connections-from-non-localhost-clients-with-ssh-remote-port
The topic is about NAT traversal.
STUN is good choice to try to communicate with client behind NAT.
But if STUN don't work,you can use RELAY service to help to pass the message between your server and remote client.RELAY service is a public service that everyone can reach it.
I was wondering it it was possible to relay a socket object in either C# or Java? (Preferably C#)
I have lots of little programs i make and host them on my home pc, but my pc is behind a router, so i have to forward a port on my router every time i want to make a new application. So is there a way to send a tcp connection to another application on the same computer? for instance i get a connection in with the first line of text being RELAY::21005 which would then forward that port to localhost:21005 ?
Any help, tutorials, code snippets would be much appreciated. Thank you! :)
One problem you might face with your suggested solution (first line identifies target port) is that you'll have to change all of your client programs to send that first line. That's easy for programs you've written yourself but not so convenient if you want to connect to your PC's web server or ssh daemon etc. It's not impossible of course, but does make it hard.
I'd suggest your routing server listens on two ports - a control port and a "normal" port (I can't think of a better name at the moment). You would send control messages to the control port to indicate "until further notice redirect all incoming connections on the normal port to port nnnn". That avoids having to manipulate client protocols.
I don't know enough C# to provide advice about a C# solution, but in Java I'd simply do something like:
while (true) {
acceptConnectionOnNormalPort()
connectToTargetPort()
startThreadCopyingDataFromAcceptedPortToTargetPort()
startThreadCopyingDataFromTargetPortToAcceptedPort()
}
You'd not be able to scale that easily into thousands of connections...
K I take back my comment, check this out:
http://msdn.microsoft.com/en-us/library/aa395195.aspx
Using this requires the port sharing service to be up (it is disabled by default):
The Net.TCP Port Sharing Service is available on all operating systems
that support .NET Framework 3.0, but the service is not enabled by
default.
All of this is only useful to you if you are using WCF services tho.
The easiest approach IMO is to use ssh tunneling. As I wrote in my comment, there are lots of questions on SU that will show you how to do this.
But assuming that you want to program something ...
You'll need to create a client and a server. The client will have threads that call accept on whatever local ports you want to open. When a connection comes to a port, you create another thread that opens a connection to the server and continually sends data over the wire.
The server program listens on a single port, which you open in your firewall. It waits for connections on that port, and when it receives one it opens a connection to the specified local port. Then it shuffles bytes from one to the other.
The only trick is that you have to define a protocol for specifying the destination port in the client-server stream. Simplest approach is to write a two-byte integer at the start of the stream.
Yes, it is possible to relay a socket.
You can use TURN http://en.wikipedia.org/wiki/Traversal_Using_Relay_NAT
Some of TURN library/application:
pjnath
turnserver.sourceforge.net
I am writing you because of a new problem I need to solve, and I have now been banging my head against a wall for too long now.
Basically, I need to create an application that can take care of the following:
A user starts an app, which sends a broadcast to the subnet, and recieves a response of all servers there with their IP (and some additional info). The user can then select what server he wants to connect to.
Making it work is simple enough, with identifying the subnet, and broadcasting with UDP, and then having a different server application recieving it and sending back a response . The problem lies with these restrictions, that I need to take into consideration:
There will most likely also be clients on the server machines in the network, meaning that we can assume that the application is present on all machines. Every machine needs to have the listener running, and every machine can launch the GUI for selecting a server.
I am only allowed to add one exception to the firewall - an exception that handles both sending out the broadcasts, recieving broadcasts, sending answers and recieving answers.
I should also only be adding one Windows Service
on a server machine, the listener should run as a windows service, so the user won't notice it. Nor will the user notice, that the response is sent back to the client.
On the client machine, the user can start an application, which will notify the application to emmit the broadcast, and will get all the server responses, so the user can choose one to connect to.
Besides from the application that the user launches in order to select a server, there should be no interaction with the user whatsoever. Not even a popup, requesting the user to allow traffic trough the firewall - it should all be automatically
It needs to work on and in between Win XP, Win Vista and Win 7.
I don't know if I am putting too many constrains on myself, but I really hope that I can make the application with these requirements.
I have a few ideas - I just need to figure out how to do it:
Should i make everything into one application, that I add to the firewall exception list, so it will take care of the traffic on both the server and the client machines?
Should I add a custom exception to the firewall, allowing UDP traffic on a specific port, and then have all traffic flow trough that?
Is there a third and better option for managing that?
It is OK to have the service running on both client and server machines. But can it take care of everything for me - like it handling both the broadcast send/recieve and answer send/recieve? And is there any way to extract the information about servers on the network from a service?
I know it is a lot, but I really hope that you will be able to help me out.
let me know if I wasn't clear enough, or if you need further explanations.
I am coding in C# .Net, and I can utilize all I want from the .Net framework. As soon as I have this functionality implemented
All the best
/Sagi
The kind of peer-to-peer networking problems become simple to the point of being trivial if you designate one machine as the master server. It should have a well-known name that all sub-servers can connect to so they can publish (and withdraw) their availability. A client can then send a query request to the same server and get a list of known servers in return.
This can also solve your firewall problem, the master server could be listening on port 80.
Look into the System.Net.PeerToPeer namespace for a p2p solution supported by the framework.
Maybe a UPnP server and client may be a solution to your problem?
I want to know how I can send or recieve data over internet to/from a computer in subnet
(this is specially in context to PPP users bcoz getting static IP is not so much in practice).
I actually want to create an application which can transfer file between 2 specific computer in WAN.
so what are things I need to know about to do the same..(ex. PRESENT IP or MAC ADDRESS etc..)
PROGRAMATICAL EXPLANATION ALTHOUGH PREFFERED,BUT IS NOT NECCESARY...
FTP?
There is a vast torrent of useful results in google, I seriously suggest to google before you ask here.
For instance, have a look at the top result: http://www.devarticles.com/c/a/C-Sharp/Network-Programming-in-C-sharp/
Apart from that, FTP, as suggested by Colin, may be what you're looking for. If you're new to using FTP in C# have a look at http://www.google.com/search?q=c%23+ftp
Put the information on a public IP server, so both computers keep polling if there is new data and send / download that data as needed. A single text file can hold necessary flags such as paths and other info you need.
server just need to be a web server, which means IIS or similar should be installed.
I'm thinking part of your question has to do with one of the computers not having a static IP address. If the two computers, A & B, don't know each others IP address, then an alternative is to use a server. Either A can store the information on the server to be picked up by B, or A can register his current IP address on the server for B to lookup and then connect to A, assuming firewalls don't interfere. Another scheme is that A and B can simultaneously connect to the server, and the server can relay data between the two.
Of course, all of this communication would be done using techniques such as those suggested by mafutrct and Colin.
This question sounds to me like the difficulties of NAT Traversal and trying to establish peer-to-peer connectivity over the Internet. I stumbled on this question researching the best way to set up Internet connectivity to a device that is sitting behind a firewall. I am assuming that the device behind the firewall has to initiate the connection, that a Internet server application (on a Public IP address) to at least manage the initiation of the connection is required, and the Internet server application may also have to act as a relay if the difficulties of NAT is not able to be traversed.
http://en.wikipedia.org/wiki/NAT_traversal
http://en.wikipedia.org/wiki/Peer-to-peer
A good example of this is LogMeIn. Where the application is installed on the computer that needs to be accessible over the Internet, that application communicates with the LogMeIn Internet servers, you can establish a connection to that computer either by initiating through the LogMeIn servers and connecting peer-to-peer over port 80/443 using NAT Traversal (this would be establishing a peer-to-peer connection) or by initiating through the LogMeIn server and the LogMeIn server acting as a relay if peer-to-peer is unable to be established.
Please note; you must have an application (something running) on both ends of the connection on the Internet, there is no other way. Just like FTP that was mentioned earlier (FTP Client, FTP Server)... but in this case it is peer-to-peer (basically you are writing your own Client and Server... or if you have to use a relay... Client--Relay--Server
http://en.wikipedia.org/wiki/LogMeIn
"The service connects the remote desktop and the local computer using SSL over TCP or UDP and utilizing NAT traversal techniques to achieve peer-to-peer connectivity when available."
The part I don't know is can the relay go in both directions; and I am figuring the device behind the firewall must have to constantly manage the open connection to the Internet Server that is the relay. Those are the questions I am wrestling with now.
Also, you may want to check out this post.
C# byte streams through TCP
From that time, till this date I have encounter so many problems with these four kinds of NAT that basically without an external server you cant do anything.
This is because, one computer can never find where the other one is located as suggested in the pic.
Here PC 'A' will never come to know about the port that corresponds to PC 'B' on R2B without an external server.Even more, if somehow u come to know about the ports you are still in a situation that the router wont allow you to access it if the request hasn't been made for your IP.