I'm using Jelastic and smartfoxserver 2x for a multiplayer server. I want to know if there is a limit to the concurrent tcp socket connections.
There is a limit of 50 TCP connections if you haven't public IP.
Related
I am running into an issue with port mappings on my AWS Fargate AWS::ECS::TaskDefinition. The app inside the container listens for both TCP and UDP traffic on a single specific port. The AWS docs, however, make note that:
You cannot expose the same container port for multiple protocols. An error will be returned if this is attempted.
Is there a recommended way to work around this limitation for services that listen to both TCP and UDP traffic on a single port? (Other than just running on an EC2 instance directly).
Yes it is not possible, I would check if there is a way to expose two different ports on the application level.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions-portmappings.html
As of June 2020 you are now able to map TCP and UDP traffic to a single port in ECS. The documentation has been updated to remove the warning about exposing the same port to multiple protocols.
I'm trying to write a C++ chat program that is based on Peer To Peer technique, with no need to a server. Say peers connect to each other using their IP addresses as identifier.
Can I listen to incoming connections without configuring port forwarding on the router?
It is possible if peers are not behind a NAT. If they are you have to make port mapping(forward ports). You can easily write a function to check if a peers machine is behind NAT or not. And if it is, you can reconsider using server as a transfer place of the messages between peers.
Edit:
You can also think about using public VPN as a proxy(with port forward included). However, it is hard to find free one. Even if you are willing to pay for it, you have no assurance that no one will listen to it and you will be dependent of the uptime of the VPN servers.
I have a Django server deployed on an Azure medium instance. I just wanted to know the maximum number of concurrent connections that can connect to my server at once. Consider these as REST connections rather than TCP connections because our server has a REST interface.
The number of concurrent connection is not artificially limited for Azure Virtual Machines, the actual number of the concurrent connections would depend upon the performance of your web service, the scalability of Django built-in web server and the reuse of TCP connection pool by your clients. You might want to test this using some web load tests.
I'm trying to write a server-client socket program in C. The objective is for the server to listen on a specific port, but across a range of IP addresses belonging to the same IP subnet. This IP subnet is part of the 127.x.x.x range (not 127.0.0.1 of course).
Couple of points to note:
This is a stream-based socket, and not Datagram sockets.
This is not a broadcast address.
Implementation in C/C++ only on Unix/Linux platform
I do not want to open multiple sockets on the server for each IP address in the range. This is not scalable.
Any help would be ideally appreciated. Is this even feasible?
You can only bind to one address on a single socket. Why can't you bind to INADDR_ANY and simply reject any packets not bound for your target IPs? Alternatively, you could bind to an arbitrary port and use OS-level magic (e.g. iptables, bpf) to reroute packets destined for those IP/port combinations to your socket.
The socket API does not allow binding to a subnet -- you can bind to one IP or to any IP. You can listen for all inbound connections and reject those that don't apply. If you need to divvy connections out between processes on the same server, use a single listening socket, and transfer incoming connections to the worker processes.
You can use a firewall to prevent anyone from outside the desired subnet from connecting (that's at the o/s level). You can put the socket in promiscuous mode and accept all connections on a given interface. I don't know if you can do both (have a socket in promiscuous mode and run iptables on it). Essentially it's like building a packet sniffer that only listens on one port.
I looking for add support to a VPN for my software,
I known PPTP and OpenVPN , the two makes a system-wide binding, installing a TAP driver so all applications route their traffic to then.
How could i implement a VPN support for just my application ? ThereĀ“s any library, example, hint or way to do it ?
My software is actually made in C++ /MFC. Using the standard CAsyncSocket.
Forwading incoming connections to your application is relatively easy:
stunnel allows you to forward traffic to specific ports through an an SSL tunnel. It requires that you run it on both ends, though.
Most decent SSH clients, such as OpenSSH or PuTTY also support port forwarding, with the added advantage that any remote SSH server can usually act as the other end of the tunnel without any modifications.
You can also use OpenVPN and other VPN solutions, but this requires specific forwarding rules to be added to the remote server.
Forwarding outgoing connections, though, is trickier without modifying your application. The proper way to do it is to implement the SOCKS protocol, preferrably SOCKS5. Alternatively, you can use an external application, such as FreeCap, to redirect any connections from your application.
After you do that, you can forward your connections to any SOCKS server. Most SSH clients, for example, allow you to use the SOCKS protocol to route outgoing connections through the remote server.
As a sidenote, OpenVPN servers do not necessarily become the default gateway for all your traffic. Some do push such a route table entry to the clients, but it can be changed. In my own OpenVPN setup I only use the VPN to access the private network and do not route everything through it.
If you can force your application to bind all outgoing sockets to one or more specific ports, you could use IP filtering rules on your system to route any connections from those ports through the VPN.
EDIT:
Tunneling UDP packets is somewhat more difficult. Typically you need a proxy process on both the remote server and the local client that will tunnel incoming and outgoing connections through a persistent TCP connection.
Your best bet would be a full SOCKS5 client implementation in your application, including the UDP-ASSOCIATE command for UDP packets. Then you will have to find a SOCKS5 proxy that supports tunnelling.
I have occasionally used Delegate which seems to be the Swiss pocket-knife of proxies. As far as I know, it supports the UDP-ASSOCIATE command in its SOCKS5 implementation and it also supports connecting two Delegate processes through a TCP connection. It is also available for both Linux and Windows. I don't remember if it can also encrypt that TCP connection, but you could always tunnel that one through stunnel or SSH if you need to.
If you have system administrator rights on a remote VPN server, however, you could probably have a simpler set-up:
Have your P2P application bind it's outgoing UDP sockets to the client VPN interface. You many need to setup a secondary default route for that interface. This way your application's outgoing packets will go through the remote server.
Have the remote server forward incoming UDP packets to specific ports through the VPN connection back to you.
This should be a simpler set-up, although if you really care about anonymity you might be interested in ensuring your P2P application does not leak DNS or other requests that can be tracked.
Put SSH connectivity in your app or use SSL. You'll have to use a protocol/service instead of VPN technology. Good luck!
I think you simply need SSL: http://www.openssl.org/
OpenVPN is based on SSL - but it is a full vpn.
The question is what do you need? If you need encryption (application private connection) - and not a vpn (virtual private network) go for ssl.
Hints can be found here:
Adding SSL support to existing TCP & UDP code?
http://sctp.fh-muenster.de/dtls-samples.html
http://fixunix.com/openssl/152877-ssl-udp-traffic.html