I'm trying to write a C++ chat program that is based on Peer To Peer technique, with no need to a server. Say peers connect to each other using their IP addresses as identifier.
Can I listen to incoming connections without configuring port forwarding on the router?
It is possible if peers are not behind a NAT. If they are you have to make port mapping(forward ports). You can easily write a function to check if a peers machine is behind NAT or not. And if it is, you can reconsider using server as a transfer place of the messages between peers.
Edit:
You can also think about using public VPN as a proxy(with port forward included). However, it is hard to find free one. Even if you are willing to pay for it, you have no assurance that no one will listen to it and you will be dependent of the uptime of the VPN servers.
Related
I am running into an issue with port mappings on my AWS Fargate AWS::ECS::TaskDefinition. The app inside the container listens for both TCP and UDP traffic on a single specific port. The AWS docs, however, make note that:
You cannot expose the same container port for multiple protocols. An error will be returned if this is attempted.
Is there a recommended way to work around this limitation for services that listen to both TCP and UDP traffic on a single port? (Other than just running on an EC2 instance directly).
Yes it is not possible, I would check if there is a way to expose two different ports on the application level.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions-portmappings.html
As of June 2020 you are now able to map TCP and UDP traffic to a single port in ECS. The documentation has been updated to remove the warning about exposing the same port to multiple protocols.
I'm trying to get TCP timestamp from the packets for clock skewing purposes on my application which is hosted on EC2. In my network I have an ALB.
So my question is how do I get TCP level packet information in my app ? Since ALB filters out all the OSI Layers except application level (HTTP)
If the only reason to get access to TCP packet is to detect timestamp and correct clock drift, I would suggest to configure your EC2 instance to use NTP time server instead.
https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
That being said, the ALB is not "removing" TCP information from network packets. HTTP connections made to your application are still transported over IP and TCP. If you need low level access to network packets from an app, I would suggest to look at the pCAP library which is used by TCPDUMP and many other tool to capture network traffic on an interface.
https://www.tcpdump.org/
[UPDATED to include comments]
It is important to understand the TCP connection between your client and the ALB is terminated at the ALB level. The ALB creates a second TCP connection to forward HTTP requests to your EC2 instance. The ALB does not remove information from TCP/IP, it just creates a second, independent and new connection. Usually the only information you want to propagate from the initial TCP connection is the source IP address. The ALB, like most load balancers and proxies, captures this information from the original connection (the one received from the client) and embed the information in an HTTP header called X-Forwarded-For.
This is documented at https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html
If you want to capture other information from the original connection, I am afraid it will not be possible using ALB. (but I also would be very curious about the use case, i.e. WHAT you're trying to achieve)
We are developing an mobile app for my company, which need to connect in a https webservice. My company provide us a external ip and a specific non-standard (that is, NOT 443) port that we are supposed to use to external connections. The specific host that we are supposed to use already has another service in 443 port.
My question is, would be better use a standard port, if possible? The user will never need to type the host and port, is a hidden configuration, but i am worry if in some networks (like public wi-fi) could have firewalls blocking non-standard ports. Is this common? Should I ask to use to use the standard port for better connectivity?
I coded a TCP/IP Chat Server/Client in C/C++ that works perfectly in my local network and with several clients connected to it. It does not work when the Server is in a different network to the client. I coded time ago the same tool in Python and the same happened.
Is there any way of solving this? Without port forwarding, that is the most common solution.
I could only find this: Android server concept confusion. How to connect TCP chat app on different networks but I could not understand it.
NOTE: I have just find a sample program (server) that works when it is on a different network; http://www.codeproject.com/Articles/1891/Beginning-Winsock-Programming-Simple-TCP-server
You have three choices:
1) NAT penetration. Both devices simultaneously attempt to exchange data with each other, tricking each person's router into thinking that it's replying. For this to work, you each need each other's public IP address and if you need any features from TCP, you need to implement them yourself.
2) Public rendezvous server. Both devices automatically connect to a server on an unNATed network. The server knows the public IP address of every client that connects to it, so it can route your data to the client with the correct public IP.
3) Some combination of 1 and 2. Here, a public server is used to facilitate NAT penetration and eliminate the need for manual coordination. Your friend registers with the public server and the public server tells him your public IP address and facilitates NAT penetration.
In local network addresses of devices doesn't change offently. Yo can reach the computer by only defining the local address. On the other hand, if you want to communicate with a device in different network yoou should know its public IP and should define a routing to the port.
If you have a server with static IP or known IP you can reach it. You can store the IP addresses of clients dynamically in this server. Write a program that inform the IP of host computer to the server. In that way, you can store the IP addresses even they change oftenly.
I looking for add support to a VPN for my software,
I known PPTP and OpenVPN , the two makes a system-wide binding, installing a TAP driver so all applications route their traffic to then.
How could i implement a VPN support for just my application ? ThereĀ“s any library, example, hint or way to do it ?
My software is actually made in C++ /MFC. Using the standard CAsyncSocket.
Forwading incoming connections to your application is relatively easy:
stunnel allows you to forward traffic to specific ports through an an SSL tunnel. It requires that you run it on both ends, though.
Most decent SSH clients, such as OpenSSH or PuTTY also support port forwarding, with the added advantage that any remote SSH server can usually act as the other end of the tunnel without any modifications.
You can also use OpenVPN and other VPN solutions, but this requires specific forwarding rules to be added to the remote server.
Forwarding outgoing connections, though, is trickier without modifying your application. The proper way to do it is to implement the SOCKS protocol, preferrably SOCKS5. Alternatively, you can use an external application, such as FreeCap, to redirect any connections from your application.
After you do that, you can forward your connections to any SOCKS server. Most SSH clients, for example, allow you to use the SOCKS protocol to route outgoing connections through the remote server.
As a sidenote, OpenVPN servers do not necessarily become the default gateway for all your traffic. Some do push such a route table entry to the clients, but it can be changed. In my own OpenVPN setup I only use the VPN to access the private network and do not route everything through it.
If you can force your application to bind all outgoing sockets to one or more specific ports, you could use IP filtering rules on your system to route any connections from those ports through the VPN.
EDIT:
Tunneling UDP packets is somewhat more difficult. Typically you need a proxy process on both the remote server and the local client that will tunnel incoming and outgoing connections through a persistent TCP connection.
Your best bet would be a full SOCKS5 client implementation in your application, including the UDP-ASSOCIATE command for UDP packets. Then you will have to find a SOCKS5 proxy that supports tunnelling.
I have occasionally used Delegate which seems to be the Swiss pocket-knife of proxies. As far as I know, it supports the UDP-ASSOCIATE command in its SOCKS5 implementation and it also supports connecting two Delegate processes through a TCP connection. It is also available for both Linux and Windows. I don't remember if it can also encrypt that TCP connection, but you could always tunnel that one through stunnel or SSH if you need to.
If you have system administrator rights on a remote VPN server, however, you could probably have a simpler set-up:
Have your P2P application bind it's outgoing UDP sockets to the client VPN interface. You many need to setup a secondary default route for that interface. This way your application's outgoing packets will go through the remote server.
Have the remote server forward incoming UDP packets to specific ports through the VPN connection back to you.
This should be a simpler set-up, although if you really care about anonymity you might be interested in ensuring your P2P application does not leak DNS or other requests that can be tracked.
Put SSH connectivity in your app or use SSL. You'll have to use a protocol/service instead of VPN technology. Good luck!
I think you simply need SSL: http://www.openssl.org/
OpenVPN is based on SSL - but it is a full vpn.
The question is what do you need? If you need encryption (application private connection) - and not a vpn (virtual private network) go for ssl.
Hints can be found here:
Adding SSL support to existing TCP & UDP code?
http://sctp.fh-muenster.de/dtls-samples.html
http://fixunix.com/openssl/152877-ssl-udp-traffic.html