Chat server behind Firewall
Hi
I have developed Chat Application. It's working good in Intranet. But it's not working in Internet. This is b'cause , Chat Server is behind the firewall. So how can I set in Firewall that if any request comes for the port(2004) , it can transfer to the System, where the Chat server is running.
With Regards
Santhosh
hey, i though all the firewalls had the same FM ?!?!
Hahaha!
Similar Messages
-
Putting Identity Server behind firewall
Hi All,
I have an application running on SunONE app server 7 with agent in order to control authentication and authorization. I would like to put the identity server behind firewall. However, everytime when the agent redirect to identity server to perform login, it redirects directly which user can't access the login page. May I know how can I put the Identity server behind firewall? Must I use web proxy server instead? Any other solution? Thx a lot.
\TobeyHi, this is Tobey again. I have installed Identity Server 6.1 and a web proxy server 3.6 in front of the Identity Server.
The web proxy server succeed in reverse proxying all usual applications. However, when I try accessing amconsole through proxy server, the console service always re-direct me to Identity Server host directly. And my client browser is not allow to resolve that hostname.
What I have configured is setting regular and reverse url mapping in Web proxy server. In Identity server, I have set the fqdn mapping, dns alias, adding one more in server list and cookies domain.
Any one had experience on putting Identity Server behind firewall? How to solve the hostname problem that redirected by Identity Server service? Thx a lot.
\Tobey -
RMI server behind firewall--must use host as name, not IP
Server is running behind a firewall, which runs such that any machine behind the firewall cannot use the external IP to get back to itself.
That is:
- outside IP = 192.171.20.5 (port forwards 1099 to 192.168.1.5:1099)
- inside IP = 192.168.1.5 (rmi server listens on 1099)
from the machine inside (192.168.1.5), it is IMPOSSIBLE to create a socket to [outside ip](192.171.20.5), port 1099, and expect it to get back to the machine inside--the firewall prohibits this.
I -can- use name-based lookups, such that I can edit the hosts file on the inside box to route (myhost.com to 192.168.1.5). So, if everyone's DNS resolves myhost.com -> 192.171.20.5, then clients anywhere can go to myhost.com:1099 and will be redirected to my internal machine (192.168.1.5:1099).
The problem with this is that the names get translated to IPs and sent back to the client.
Is there a way to keep the names as names, so that both client (using external real-world DNS entries) and server (using local hosts file) can both resolve to the proper IP addresses?
I'm starting server, as follows:
java -Djava.rmi.server.codebase=http://myhost.com/rmi/ -Djava.security.policy=/policypath/policy -Djava.rmi.server.hostname=myhost.com mypkg.myclass
The client connects and gets this message (from a connection exception):
java.rmi.ConnectException: Connection refused to host: 192.168.1.5;Server is running behind a firewall, which runs such
that any machine behind the firewall cannot use the
external IP to get back to itself.I dont really understand this statement.. Machines behind the firewall referring to the external ip would be going to the gateway, not themselves.. Or do you have an internal AND external ip on the machines behind the firewall? Or are we referring to the gateway machine as an internal machine as well as external?
That is:
- outside IP = 192.171.20.5 (port forwards 1099 to
192.168.1.5:1099)
- inside IP = 192.168.1.5 (rmi server listens on
1099)looks good, what kinda OS/firewall? If we're talking linux/ipchains (or iptables) with ip masquerading, I may be of some use to you...
from the machine inside (192.168.1.5), it is
IMPOSSIBLE to create a socket to [outside
ip](192.171.20.5), port 1099, and expect it to get
back to the machine inside--the firewall prohibits
this.If you're on the internal network, why can't you just go for the internal ip addr? If I'm understanding correctly, you want internal dns requests for myhost.com to resolve to 192.168.1.5, and external dns requests to resolve to 192.171.20.5? That should't be a problem...
I -can- use name-based lookups, such that I can edit
the hosts file on the inside box to route (myhost.com
to 192.168.1.5). So, if everyone's DNS resolves
myhost.com -> 192.171.20.5, then clients anywhere can
go to myhost.com:1099 and will be redirected to my
internal machine (192.168.1.5:1099).the hosts file has nothing to do with routing, it's simply a dns-type thing... If your dns is giving external users a 192.168 address as the ip for myhost.com, they will never get to it. 192.168 is not routable on the internet, i think most inet routes will drop packets from 192.168.x.x or 10.x.x.x.
Is there a way to keep the names as names, so that
both client (using external real-world DNS entries)
and server (using local hosts file) can both resolve
to the proper IP addresses?As long as your dns is working correctly, java doesn't care if you use ips or host names.. Hostnames are preferable, so when you change your network around, you wont affect your rmi server.
I'm starting server, as follows:
java -Djava.rmi.server.codebase=http://myhost.com/rmi/
-Djava.security.policy=/policypath/policy
-Djava.rmi.server.hostname=myhost.com mypkg.myclass
The client connects and gets this message (from a
connection exception):
java.rmi.ConnectException: Connection refused to host:
192.168.1.5;Is your server compiled with the 192.171 ip? That's not gonna work, you have to use the same IP the server is running on. I'm still not clear on your network layout, is 192.171.20.5 and 192.168.1.5 the 2 gateway ip's, or is 192.168.1.5 a physically different machine? I'd be willing to bet that your server is compiled with the external address, and if that's not the same machine, then there's no chance of that working....
There's more than port forwarding going on.. IIRC, java rmi keeps track of its own ip's.. A client request to an external ip will not connect to a server running on the internal ip, even if you forward the port, rmi itself doesn't recognize the internal as the ip it's trying to get to (even if it is true), so it bombs out.. This can happen if you run the rmi server on a gateway, and compile the server with the external ip, and try to connect to the internal ip.. If you want external machines to connect, you MUST run the server on an external ip.
Give a little more info, we'll getcha running... I'm also assuming you have full control of your network (ie, firewall/dns)
doug -
Apple SU Server behind firewall: What ports are needed?
From what I can see the only needed port is 8088; does this encompass the client getting everything it needs from the SUS, or do the more standard ports 80/443 need to be opened up as well? I am trying to get my ducks in a row before making the request to our network engineers to have the ports opened up.
John,
Scroll down in the list till you get the TCP Ports,
that has the information you are looking for:
Novell Documentation
Rainer -
Installing Iplanet web server and directory server behind a firewall
When installing iplanet web server and directory server behind a firewall - should the interal ip address be used or the external ip address?
Hello,
When you are installing iplanet web server behind a firewall,you should use the internal ip address in the firewall.
1. The external ip address connection to the Internet. The type of IP address used?dynamic (commonly used for standard
modems) or static (commonly used for cable modems) is dictated by the ISP to which you connect and the type of service it provides.
2. The internal ip adress connection. This connection must be a static IP assignment, and it must be assigned by you.
obviously it depends on the type of firewall setup you have.
Thanks
Selva -
To host an web server behind an firewall which is behind an router
Dear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
BalamuruganDear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
Balamurugan -
Java chat client behind the proxy or fire wall
i am developing the chat application useing java.net.*.but i am not able to get connectivity behind the firewall or proxy on the java client.pls help me out
to guarantee easy to use, no problem chat applet then you will need to have the chat server running on port 80 and the client use http request/response system
first problem is that the applet will have to have been delivered from port 80 on the same ip# so you will either have to use Servlets or write your own web server with chat facilities
you will need to maitain persistent/ pseudo persistent http connections for the server to deliver messages to clients, you can assume that a connection will remain open for ~ 5 minutes after a request from the client
use HTTP/1.1 for reliable Connection: keep-alive and request/response pipelining
with all that in place your client method is...
register and send GET /chat <wait for upto 5 mins>
if there is client activity send POST/chat <wait for upto 5 mins>
if the above waits timeout send GET/chat <wait for upto 5mins>
server method...
accept GET/POST requests from client
if there is chat to deliver, reply to most recent request from client
if you recive another request before the previous one's reply is used, send a No Content reply to the previous request -
PAT with a single public IP and several servers behind firewall
Hi,
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
Single static public IP: 16.2.3.4
Need to PAT several ports to three separate servers behind firewall
One server houses email, pptp server, ftp server and web services: 10.1.20.91
One server houses drac management (port 445): 10.1.20.92
One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505.
Here is what I have. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP?
ASA Version 8.4(4)1
hostname kaa-pix
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.20.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 16.2.3.4 255.255.255.0
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network server_smtp
host 10.1.20.91
object service Port_25
service tcp source eq smtp
object service Port_3389
service tcp source eq 3389
object service Port_1723
service tcp source eq pptp
object service Port_21
service tcp source eq ftp
object service Port_443
service tcp source eq https
object service Port_444
service tcp source eq 444
object network drac
host 10.1.20.92
object service Port_445
service tcp source eq 445
access-list acl-out extended permit icmp any any echo-reply
access-list acl-out extended permit icmp any any
access-list acl-out extended permit tcp any interface outside eq pptp
access-list acl-out extended permit tcp any object server_smtp eq smtp
access-list acl-out extended permit tcp any object server_smtp eq pptp
access-list acl-out extended permit tcp any object server_smtp eq 3389
access-list acl-out extended permit tcp any object server_smtp eq ftp
access-list acl-out extended permit tcp any object server_smtp eq https
access-list acl-out extended permit tcp any object server_smtp eq 444
access-list acl-out extended permit tcp any object drac eq 445
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static server_smtp interface service Port_25 Port_25
nat (inside,outside) source static server_smtp interface service Port_3389 Port_
3389
nat (inside,outside) source static server_smtp interface service Port_1723 Port_
1723
nat (inside,outside) source static server_smtp interface service Port_21 Port_21
nat (inside,outside) source static server_smtp interface service Port_443 Port_4
43
nat (inside,outside) source static server_smtp interface service Port_444 Port_4
44
nat (inside,outside) source static drac interface service Port_445 Port_445
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 16.2.3.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
prompt hostname context
no call-home reporting anonymousThanks Lcambron...I got PPTP to work. Everything else works fine. I can access email, access my web server, FTP server, and PPTP server. However, from the above configuration, I cannot access my DRAC over the internet..The DRAC runs on a different internal server, and over port 445. So I have th following lines:
object network drac
host 10.1.20.92
object service Port_445
service tcp source eq 445
access-list acl-out extended permit tcp any object drac eq 445
nat (inside,outside) source static drac interface service Port_445 Port_445
Am I missing something here? Internally, i can telnet to port 445 on 10.1.20.92, so I know it is listening. However, externally, i cannot telnet to my external ip address of the ASA through port 445.
Thanks -
Adding devices behind firewall
i have just installed an AirPort Extreme and want to add my thermostat so i can access them remotely. Do i need to add the MAC address and or IP Address of the thermostats? How do i do this and where?
Hi,
TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
Hope this helps.
Rgds,
AK -
___How to access database behind firewall with JDBC___
How to access a database behind a firewall? I have an applet that runs from a server behind that firewall. I can make applet-servlet-database calls, but I cannot make applet-database calls. Therefore, I must go through servlets.
This causes a problem as the ResultSet object is not serializable. I have found two solutions using a search.
1) Store info into a Vector and transmit the vector. This option will take up a huge amount of time with large ResultSets.
2) Used sun's CachedRowSet which is serializable. I read the liscence under the CashedRowSet, and it does not allow use for "productive and commercial" use.
Does anyone have any other suggestions I am missing?I'm pretty sure there are other implementations of CachedResultSet out there that don't have the licensing restrictions on them, so maybe you could hunt down one of those.
As far as storing it in a Collection of some kind, I've never found a huge performance problem in doing so. When iterating through the ResultSet anyway, the additional cost of placing data in a different structure is minimal, even on larger results. -
Hi,
My name is Jay Kishan and I am currently working as a network administrator in my company. We have just finished first phase of implementing Server Farm in our Data Center i.e. all servers in a different VLAN and all users in a separate VLAN. (Actually we have 6 different VLANs for users based on what floor they reside on but lets just call it a single User VLAN).
Anyways, so now my manager wants me to put a firewall in between the Server VLAN and the User VLAN. We have around 80 servers running different applications. I think that by putting a firewall in between the two VLANs will have a performance hit since the throughput required between the two VLANs is way too much for a normal firewall to support.
I just want to know the best practice the industry follows for firewalling in a server farm and the main reasons for it. I am searching for some solution myself but would really appreciate any help. As far as I could find, only critical servers are placed behind a firewall in a separate VLAN and inbound and outbound traffic for that VLAN is passed through the firewall. Also, what is the best thing to do. Place a separate hardware firewall like ASA5510 or use FWSM in Cisco 6500.
Thanks in advance.
- JayHi,My
name is Jay Kishan and I am currently working as a network
administrator in my company. We have just finished first phase of
implementing Server Farm in our Data Center i.e. all servers in a
different VLAN and all users in a separate VLAN. (Actually we have 6
different VLANs for users based on what floor they reside on but lets
just call it a single User VLAN).Anyways,
so now my manager wants me to put a firewall in between the Server VLAN
and the User VLAN. We have around 80 servers running different
applications. I think that by putting a firewall in between the two
VLANs will have a performance hit since the throughput required between
the two VLANs is way too much for a normal firewall to support.I
just want to know the best practice the industry follows for
firewalling in a server farm and the main reasons for it. I am
searching for some solution myself but would really appreciate any
help. As far as I could find, only critical servers are placed behind a
firewall in a separate VLAN and inbound and outbound traffic for that
VLAN is passed through the firewall. Also, what is the best thing to
do. Place a separate hardware firewall like ASA5510 or use FWSM in
Cisco 6500.Thanks in advance.- Jay
Hi Jay,
Best recoomended practice is used to have server behind the firewall, so that restricted access will be graneted via firewall on these servers,which can be achived via acl deployment on switches.But firewall will give addionalt feature for blocking with stateful inspection and stateful failovers.
The ASA supports firewalling/VPN/IPS/IDS/Content filtering so it is a fully featured security device and The FWSM is a module that goes into a 6500 chassis but it is important to note that it is only a firewall ie. it doesn't support IDS/IPS/VPN etc.
So upto your choice how want to segregate the vlan traffic using firewall.
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
We have a sever behind firewall, the SMTP ports are opened on firewall. When the application tries to send mail using java mail API, I get the following error. Anything worng with firewall (or) mail api ?
javax.mail.SendFailedException: Sending failed;
nested exception is:
javax.mail.MessagingException: 530 5.7.3 Client was not authenticated
at javax.mail.Transport.send0(Transport.java:219)
at javax.mail.Transport.send(Transport.java:81)I think you have made it to the mail server (sounds like exchange). Looks like the server is setup to require authentication on incoming SMTP requests. Look here
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_20250036.html
Of course, I could be wrong and your firewall has a custom message for SMTP traffic which isn't coming from a 'authorized' mail server or a authenicating proxy server. -
We just purchased and setup the WRV210 VPN router, but we are having a major issue with it. We are running a mail server behind the VPN router, but we can no longer connect to it through Outlook. We forwarded all of the appropriate ports but still can't connect. On our previous router we only had to forward the ports and everything worked. We can't telnet the SMTP port or anything. We have disabled the firewall and tried nearly every setting we could fine. We access the webmail service that runs on the website (Port 80) and all of the other websites. We can also VPN into the router and access all of the servers. We are also able to do outbound transactions from within the network (when using local IP's) hence why all features in webmail work. Our problem is when trying connect to POP and SMTP through outlook. This is a mjor issue as it is now interrupting our day-to-day operations.
Did you open the Ports 25 and 110 ? What Firmware are you running on the router ? Did you try to reset and re-configure all the setting ?
-
Problem with server behind router
Hey there,
I'm working on a small chatting application which performs pretty well when connecting to a server on the same local network, but not-so-well when it's connecting to a server behind a router that's not on the same network.
Is there any way to get past this problem without using port forwarding? I'd try using that, if it weren't for the fact that the router in question didn't come with any software for configuring it.
I've looked around for a fix to this problem for a while, but I still haven't managed to find anything. Any ideas?
The chat program uses ObjectInput/Output streams to send data between the client and server.Without port forwarding on the router, your options are a bit limited. You'll probably need a central server to act as a go-between, or at least a rendez-vous point.
But doesn't your router have an HTML interface? What make and type is it? A manual should be easy to find online, if you don't have a printed version. -
Hi all,
I am trying to setup 8.1.7 Database server behind a firewall (Cisco PIX), PIX has been configured
with NAT, I am using the DNS which is on the outer interface of PIX. I have opened up
the outbound DNS for the firewall. However, I do not understand why the listener does not allow
any JDBC connections started that are being made from the same server.
However, when I move the system outside the firewall I do not have this issue.
And one more thing, the listener shows that it has 3 services when outside the network, however,
when I move the system back into the secure network it says listerner has 0 services.
Can anybody help me on this issue..
-lakshmioracle press advanced security discusses how to do this
Maybe you are looking for
-
Hi All.. We are trying to create a Universe (using IDT-Version4.0) on top of the HANA Calculation view. The Calculation view has 4 input parameters, So in Universe side we have created the respective prompts. For the creation of derived table w
-
PI 7.1 - CPA Cache not updated with directory data.
Hi Gurus, I have installed PI 7.1 and recently I refreshed my cache in partial and full mode. when I go to RWB->Cache monitoring -> Show Cache Status Table, I see following error for Central Adaptor engine. <?xml version="1.0" encoding="ISO-8859-1"?>
-
Ready to throw my HP Photosmart C4750 out the window
I purchased my printer about two years ago, and have never had any issues with it, til now. I had it set up so that not only I could use it from my laptop, but my sister could from hers, as well. Both as a wireless connection. Out of the blue, mine s
-
Acrobat 9.5.4 update introduced Trojan Horse Generic31.COFB
I allowed Acrobat 9 to update to 9.5.4 this morning. During the process AVG identified Trojan Horse Generic31.COFB in the file JP2KLib.dll. Is this a false positive or is this file truley infected right from Adobe?
-
External drive crash.. need to export from ipod to itunes
hi, I was storing my itunes library for an ipod touch on an external drive due to space issue. This external drive crashed this yeek and I would like to restore all my music on itunes by exporting my current ipod library to itunes. Can i do that? how