First of all, i am a newbie in network programming. Few days ago, i wanted to test a simple java server(simple java echo server). I first tried running it in a university computer and then tried connecting through my laptop which is in a different network without any success. I assumed the network(private university network) didn't allow the connection. Next, i ran the server in my laptop expecting it to be public. I ran the server. I ran it in port 5000. Since the connection was through wifi i also did port forwarding so that my router would know where to forward the incoming requests. I even disabled the firewall just to test. Then there is a tool in the internet which i obtained from some other user in stackoverflow http://www.yougetsignal.com/tools/open-ports/ which can check if a port is open in a machine. I put my ipaddress and port number to see if it is reachable. It continued saying the port is closed. Although i don't have a good idea about networks, i called the ISP and asked if the issue was with the network being a private network and if it is possible to host server in my laptop, she concurred saying it was private network and what i am trying to do is not possible. I wanted to try it in some other computer. I met one good guy in stackoverflow who allowed me to run the server in his computer in taiwan. He disabled his firewall or added an exception, then ran the server. I then ran my client and it could successfully connect to his server. I was ecstatic.
So, my question and curiosity is how does isp blocking incoming connection work? Did the ISP really block the incoming connection to my server or could the problem be with some other things? Is it ever possible to host server in my laptop which is accessible to the world. I am still not content with the answer i got from the ISP which was it was private network so it was blocking..isn't internet basically the collection of private networks connected to each other so isn't everyone in one way or other part of a private network? Please help me with these dilemmas. Appreciate your effort and help a lot! :)
Your house probably has one global external IP assigned to you by your ISP. They will normally block commonly used ports incoming, such as 80 (HTTP), 22 (SSH), 23 (Telnet), 25 (SMTP), and 443 (HTTPS). The majority of the remaining ports should be open for you to use.
As you have one global IP, and multiple devices on your network, you need to tell your router which computer the incoming traffic on a given port needs to go to. This is called Port Forwarding. As you don't control the routers upstream from you at your university, you can't change anything while there. At home you can.
Port Forwarding is explained in depth here.
I suppose it depends on the ISP. I have been able to open ports before with mine, using port forwarding from my router.
As a technician who works for an ISP, I can also say that the tech support generally doesn't have a clue whenbit comes to port blocking or networking in general, they mostly follow a script and ask you if you have turned it off and on again. Maybe check that you are forwarding the port correctly?
Related
So, I am trying to build a simple java chat application.
The application is supposed to establish a connection on port 5000. When I tried to give the jar to my girlfriend so she could test the client, she gets a connection refused, so I first though to check my ports. Port 5000 absolutely refuses to open.
I have tried everything I can think of (although I am definitely not IT savvy so I could've missed something);
Here are steps I have taken:
In command prompt (while the server is running) I have used netstat -an and found port 5000 is listed as listening. When the server is not running, this port is not listed.
I have disabled any and all antivirus software /firewalls on my rig, and in my router settings.
I have set up a static IP for my rig.
I have port forwarded port 5000 on my router and checked and double checked that I have done it correctly.
I even contacted my ISP, who swears up and down that they don't block ports.
I have tried other ports, not just 5000.
After the above steps, I have used several different sources to check whether port 5000 is open. That thing is more blocked than Michael Moore's arteries.
My question: Why does the internet hate me?
EDIT: over endless hours of chat we (myself and user roelofs) were able to get it working on port 21, (the ftp port), which isn't a problem because there wont be any conflicts, but it isn't right. If anyone can point me in the right direction, I'd much appreciate it. It seems to be some kind of windows specific problem? Maybe? Can confirm ports are correctly forwarded and any kind of security that I can think of is off.
'Connection refused' means that there was nothing listening at the IP:port you tried to connect to. So, either the IP or port was incorrect or your server wasn't running. If the IP and port were correct it also means your firewall is forwarding the port correctly.
'Connect timeout' to a current Ip:port on the other hand indicates that your firewall isn't set up correctly.
After some testing, it appears that windows might have problems with listening sockets above 1024. Running the code on a port lower than that (and setting up all port forwarding correctly) should get you to the point where you can debug.
I just made a little chat programm with a server and a client in java. The client needs to connect to the server with the ip of the server. All my testing I did with the localhost (127.0.0.1) and everything went fine, but when I tested it later on with a friend of mine, I had to notice that if I put my ip address (I run the server, he runs the client) that it doesn't work.
Is there a way to set up a private little server on my pc to run my server on, or maybe another way to get it working?
EDIT:
Just found a tool called "Apache" to set up your own server, could that might be helpful?
EDIT: When I say it doesnt work I mean I get an IOException, because this fails:
public void connectToServer() throws IOException{
showMessage("Attemption to connect...");
connection = new Socket(InetAddress.getByName(serverIP), 6789);
showMessage("\nConnected to: " + connection.getInetAddress().getHostName());
}
There is a whole host of things that you need to look at before your application will work.
Firewalls on both ends (and anti-virus applications) need to allow
the programs to communicate
Your ISP needs to allow messages to be sent via your designated ports
Your router (and the clients) need to not-filter these messages.
As a start, see if you can ping each others IP addresses and take it from there.
I recommend you first try and disable your firewall. If you are using windows, here is the instruction for turning off windows firewall: Turn Windows Firewall on or off
If you are testing with someone outside of your local network, you may need to setup NAT on the router of the person hosting the server. You can access the router by typing in it's local IP address in the web browser. This is usually something like 192.168.1.1 or 192.168.1.254 but it will depend on the model and network setup.
Once you have connected you should find an option (usually under advanced) for "NAT" or "Port Forwarding". I suggest you do a google search with the router model and how to setup port forwarding.
You also need to be aware that some ISPs will block certain ports. I suggest testing on a common port such as port 80 (HTTP) since it's unlikely an ISP will block this (be aware that you will need to disable Skype or any local web servers to test this)
I made application with java using socket. My computer is the server and my phone(android ) is the client. Only what i trying to do is to forward String from phone to client PC.
Everything works fine when i configure my router and open the port i using. i don't want every time when costumer will install my application will need to open port in the router.
I thought about using remote server that will run my server code. but i didn't find server that can do that . i don't want to make my pc a server for all costumers.
How does all the chats companies do it without open port?
You must look into UPnP. This is what /most/ if not /all/ torrent clients use to allow foreign connections, without forwarding ports. How chat clients do it is a different scenario. They use hacks such as firewall hole-punching using UDP (with an external server) http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html see this link for details on UDP hole punching.
Also see this article http://www.codeproject.com/Articles/13285/Using-UPnP-for-Programmatic-Port-Forwardings-and-N for usage of UPnP. But this is in C++, but I think you will understand.
EDIT: http://4thline.org/projects/cling/ I found this. I think it can help you.
You had to open port probably because of your routers firewall :). If you already opened let us say port 9090 then every client app (android phone) will be able to connect to it :). Of course if somebody wants to install server on their own pc they would problably forward some ports and disable some firewalls. If you want server with no special requriements lookup VPS'es. :)
I'm writing a Java application like AIM where I want a lookup server to help two clients connect to each other with the ServerSocket class. Unfortunately a serversocket needs an open port or it will be blocked by your firewall. Without having the clients manually change their firewall settings is there a way I can either find an open port, open a port (it's okay if it asks for permission) I just don't want every client to manually have to change firewall settings. Thanks!
Creating a ServerSocket is what opens the port on the server end (assuming the port is NOT also blocked on the firewall). On many systems, port numbers <1024 are not blocked by the firewall, and therefore often don't require custom configuration. However, since many ISPs have been more and more stringent with what ports they block within their network, many pieces of software have moved to operating over port 80. Why port 80? It's the port used for HTTP, and therefore pretty much open (at firewalls) 100% of the time for any service that operates on the web.
To answer the question of how to find an open port, port scanners perform this function. Basically all they do is try to establish a connection on a range of ports (say port 1-1024). When a connection is successful (in Java you would see this as a good connection over a Socket), you can consider that port "open". You don't need to exchange any data in order to make the connection, you just need to establish the connection, and then close it.
Also, if there is no server software of any kind running on the server, it won't appear "open", even if it isn't blocked. Without a successful Socket (TCP) connection, you won't know what ports are not blocked by user's firewall.
To reiterate, I'm switching back and forth between two related, but separate concepts. Firewalls can block/open ports, or have port forwarding. That's not the same as a port being "open" for connections on a given machine. In order for a machine to accept connections on a given port, there must be a piece of software listening for a connection on that port, otherwise no connection can be made.
I would suggest to look at a couple of alternative solutions that are less cumbersome - scanning for open ports can take quite some time, can cause panicky reactions from firewalls that feel attacked, and so on. There are a couple of techniques that are in active use and have been developed exactly to solve the problem of servers behind firewalls.
UDP Hole Punching, zero user side configuration needed. Simple explanation on how Skype uses this technique can be found here
UPnP / IGD could be used as an alternative, though less devices support it out of the box nowadays due to security problems.
STUN with a Java implementation of client and serverside called JSTUN
Whatever solution you choose, test it thoroughly with different internet service providers, there's a plethora of limitations you can expect wrt blocked ports.
I created a small chat program, that works flawlessly when client & server are run on the same computer (and probably network, too).
However, as soon as I try to connect to another computer over the internet, the socket connection simply times out.
Is this because of firewalls / routers, etc?
And how can I connect a ServerSocket & Socket over the internet?
However, as soon as I try to connect to another computer over the internet, the socket connection simply times out. Is this because of firewalls / routers, etc?
Yes, most likely. You're running into the NAT problem: essentially, the same externally visible IP address maps to many internally visible endpoints, and external endpoint doesn't know which internal endpoint to give your socket request to.
The easiest way around this is to have both your clients connect to a third party which both of them can see, and then have the third party mediate the communication. This is how most instant-messaging protocols work, for example.
If you have no way to control a third-party entity like that, an alternative to directly connect two clients is to have both clients open up an agreed-upon port, and then map communications on that port to their own internal endpoint. This provides the missing link that the externally visible endpoint (e.g. your home router) needs to deliver the communication to its intended destination.
If your server is behind a NAT router box (and most home computers are, especially if you use WiFi), then it won't be reachable from the outside unless you set up your router to port forward to that server.
What's the IP of your server computer? If it's 192.168.x.x or 10.x.x.x, then it's a non-routable address and can't be reached from outside.
Assuming with running on the same computer you mean that you tell the client the server is at 127.0.0.1 / localhost, it shouldn't be a problem in your code but because of firewalls or routers. If your server is behind a router performing masquerading (i.e., the server doesn't have a public but private IP address like 192.168.x.y for instance), you have to configure the router to pass a connection from the internet to the computer running the server.
Another reason why it doesn't work might be the way you bind your server to the interface. If you specify 127.0.0.1 there, the server will only listen for requests coming from the same system. If you don't specify an address, it will listen on all interfaces.
Edit Your comment indicates that you indeed have the NAT problem like others said. Configuring your router accordingly is probably the easiest solution.
First, test to see if it really works on a LAN; it sounds like you're just assuming it does.
If it works on your local network, perhaps it's failing because the server lacks a public IP, and is running behind a NAT'ing router.