On Mon, 25 Aug 2008 20:54:36 -0700, 9to5 <da**********@gmail.comwrote:
I've got a little rudimentary client-server app. One runs a server
listening to 'any' ip on a given port and the client attempts to
connect to the external ip of my app. I am on a LAN behind a router
and, undoubtedly, a firewall.
If I make the IP I am trying to connect to 127.0.0.1 everything works
fine but as long as I am using the external IP I can't get through and
I get an exception which states that the host is actively refusing the
connection.
Is this because I am behind a router? More importantly, if this is the
case how do applications manage to get around this. For example, if I
install some new random application, it seems to have no problem
connecting to a peer-to-peer server on some random port. But my app...
gets refused.
What am I missing?
Well, first, it's important to distinguish between what your application
is doing and what "some new random application" might be doing. In
particular, NAT routers are not always explicitly firewalls, but even when
they aren't they exhibit some firewall-like behaviors. But these
behaviors are usually disabled when a client of the NAT router _initiates_
communication outbound.
So, if this "new random application" is on your LAN but connecting to an
IP address outside the LAN, the NAT router is handling that automatically,
acting as a proxy between the client on your LAN and the outside address.
When traffic comes back inbound, it's actually addressed to the NAT
router, but the NAT router knows which client it's proxying on that
address and forwards it on automatically.
You can configure this forwarding ("port forwarding") explicitly. In
practically all cases, the NAT router will let you do this manually. For
most modern NAT routers (anything built within the last 5 years, and
including some built even earlier) they will support "Universal Plug and
Play" which is a protocol that allows clients to discover and configure
the NAT router automatically. But you would have to write your
application to support that.
There are also techniques involving "tunneling". UDP port tunneling is
particularly reliable, in spite of there being no official specification
to ensure that all NAT routers handle it, and there are techniques that
work (less often) for TCP. But it does depend on still having a known
intermediary server accessible to both clients trying to reach each other,
so if you're just trying to loop back through your Internet IP address,
that probably wouldn't be applicable.
Pete