private vs public ports - c++

I am having a tough time with private and public udp ports. I am doing a client-server VoIP program and have some questions.
1) the private port is the one you use in bind() right?
2) the public port is assigned by the firewall right? as it is the port visible outside my local network.
3) When I am debugging between two machines on my local network, I am specifying both to send/recv to the private port, and communication works. If I would be communicating with a client outside my network I would use the public port, right?
4) Is there any way for two hosts on the local network to communicate on the public ports? since that's what its going to be in release mode, it would be good to make sure it works.
5) will the router forward packets sent to the public port to the application listneing on the private port? so the sender (if outside the local network) specifies the public port and not the private port.
Hope that was clear, just ask otherwise!
Thanks in advance!
Johan

1) the private port is the one you use
in bind() right?
Right.
2) the public port is assigned by the
firewall right? as it is the port
visible outside my local network.
Well, yes, but it's not exactly the firewall. It's the NAT. Of course, NAT could be (and most often is) implemented in the firewall, but there are also firewalls that don't use any NAT. Another thing to note is that you may have multiple levels of NAT (like one at home and one at ISP), in this case it probably makes sense to refer to the port assigned by the outermost NAT as the public one.
3) When I am debugging between two
machines on my local network, I am
specifying both to send/recv to the
private port, and communication works.
If I would be communicating with a
client outside my network I would use
the public port, right?
That depends on the network setup. Since you mention "client-server" in your question, I assume that the client "connects" (sends the first packet) to the server. If the server isn't behind any NAT, then its public IP/port pair would be the same as the local one. But if the server is behind a NAT, then you can't just connect to it because it has no public port assigned yet. Just opening a port doesn't cause the NAT to assign a public port, you need to actually send something from that port.
So if your server is behind NAT, then it must act as a client, and the client must act as a server, provided that the client isn't behind NAT too. If both sides are behind NAT, then you'll need a third-party non-NATed server to perform hole punching. Note that when using hole punching, usually both private and public endpoints are used just in case that both sides happen to be in the same LAN by pure chance.
4) Is there any way for two hosts on
the local network to communicate on
the public ports? since that's what
its going to be in release mode, it
would be good to make sure it works.
That depends on the NAT setup. It could just ignore everything that comes from inside the LAN and has the NAT's public address as destination. For example, I can't even ping my own public address from my home PC.
5) will the router forward packets
sent to the public port to the
application listneing on the private
port? so the sender (if outside the
local network) specifies the public
port and not the private port.
See my answer to 3). Of course it will forward packets as soon as the public port is assigned, because that's what it assigns it for in the first place. But it will probably check that the incoming packet is coming from the same address and port that the packet that caused the port to be opened was sent to, so it's a valid response to a packet sent earlier, not just some random hacker trying to break in.

Related

How safe is to use public subnet?

I have a EC2 machine in public Subnet, In Security group I have only opened 22 port for my public static IP. How safe is it?
As per your comment
if i keep open security group for certain IPs, I am quite unsure
whether it is safe or not because there are multiple Hops b/w that IPs
and AWS IPs(packet data travels through it). am i correct ? and that
application can be accessible from that Hops?
It is absolutely safe to use the ssh port unless there is a vulnerability found in the future in the ssh protocol itself.
Firstly, you are restricting the access only from a static IP so no one else should be able to initiate the ssh session from any other machine.
Secondly, if you have protected your ssh private key and it is not shared then anyone else from the same static IP wouldn't be able to start an ssh connection.
Thirdly, ssh connection creates a secure encrypted data pipe between the client and servers, so even if someone tries to sniff the packets as it passes through different hops, it is hard to make any sense as all the data is encrypted.
Considering all of the above, in my opinion it is quite safe.

How to get the IP that others can use to connect to my socket build in c++

My computer is using Wi-Fi provided by a tplink router.
I am using a website to get my IP, https://www.whatismyip.com.
My code is fine, because I can connect to the socket in my own computer by using 127.0.0.1.
Here is my code from https://www.geeksforgeeks.org/socket-programming-cc/amp/
But I don't know why my friend can't connect to my socket using the IP I get from the website.
I wonder, do I need to set up something in my router, or am I using the wrong code?
What you get from whatismyip.com is your public IP address. Your computer is probably behind a NAT/PAT (Network Address Translation / Port Address Translation), meaning your machine has a private IP address that gets translated by your router/firewall into the public one displayed by whatismyip.com
You have two solutions:
Get a public IP address from your Internet provider, and disable NAT on your router (probably you'll need help for this).
Configure port forwarding on your router so that it forwards traffic on your public IP address to a given port on your machine.

TCP Chat not working in different networks

I coded a TCP/IP Chat Server/Client in C/C++ that works perfectly in my local network and with several clients connected to it. It does not work when the Server is in a different network to the client. I coded time ago the same tool in Python and the same happened.
Is there any way of solving this? Without port forwarding, that is the most common solution.
I could only find this: Android server concept confusion. How to connect TCP chat app on different networks but I could not understand it.
NOTE: I have just find a sample program (server) that works when it is on a different network; http://www.codeproject.com/Articles/1891/Beginning-Winsock-Programming-Simple-TCP-server
You have three choices:
1) NAT penetration. Both devices simultaneously attempt to exchange data with each other, tricking each person's router into thinking that it's replying. For this to work, you each need each other's public IP address and if you need any features from TCP, you need to implement them yourself.
2) Public rendezvous server. Both devices automatically connect to a server on an unNATed network. The server knows the public IP address of every client that connects to it, so it can route your data to the client with the correct public IP.
3) Some combination of 1 and 2. Here, a public server is used to facilitate NAT penetration and eliminate the need for manual coordination. Your friend registers with the public server and the public server tells him your public IP address and facilitates NAT penetration.
In local network addresses of devices doesn't change offently. Yo can reach the computer by only defining the local address. On the other hand, if you want to communicate with a device in different network yoou should know its public IP and should define a routing to the port.
If you have a server with static IP or known IP you can reach it. You can store the IP addresses of clients dynamically in this server. Write a program that inform the IP of host computer to the server. In that way, you can store the IP addresses even they change oftenly.

C++ P2P Listen on a port without port forwarding

I'm trying to write a C++ chat program that is based on Peer To Peer technique, with no need to a server. Say peers connect to each other using their IP addresses as identifier.
Can I listen to incoming connections without configuring port forwarding on the router?
It is possible if peers are not behind a NAT. If they are you have to make port mapping(forward ports). You can easily write a function to check if a peers machine is behind NAT or not. And if it is, you can reconsider using server as a transfer place of the messages between peers.
Edit:
You can also think about using public VPN as a proxy(with port forward included). However, it is hard to find free one. Even if you are willing to pay for it, you have no assurance that no one will listen to it and you will be dependent of the uptime of the VPN servers.

how can I get my server application' public endpoint(ip, port) in a NAT network

i start my server in a NAT envorment, and want to test it in public network,
how can i get its address? I am using boost::asio to write my app.
If you want to know peer's public IP address, you need to have one server in public network (not behind any NATs), connect to the server and let the server sends client's IP address it sees back to the client. This site ( http://www.whatismyip.com/ ) shows your public address with this manner. So, your server needs to connect another server which resides in a public network without NAT invloved.
However, your server should not be in a NAT environment anyway as NAT normally blocks any incoming connections which are not initiated from inside peers. That means even though a client knows your server's public address, it won't be able to connect to the server behind NAT as NAT will block client's connection request.