flat assembler
Message board for the users of flat assembler.

Index > Heap > Networking prob - Local Requests accepted - external not ?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
I have a server application which opens a port. Im using telnet to test this server application at the moment. The program seemed to be going fine when connecting to it from a local network, but when trying to connect using external IP address, the connection is refused. All ports are forwarded from the router and firewall is disabled. Does anyone know of any possible reasons that could cause it not to work from external IP? Thanks in advance for any help and feel free to ask for more information or source code - although i use custom includes...

someone else having seemingly the same problem, accept in java (unresolved): http://tinyurl.com/4l68s5
Post 09 May 2008, 07:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Pinecone_ wrote:
I have a server application which opens a port. Im using telnet to test this server application at the moment. The program seemed to be going fine when connecting to it from a local network, but when trying to connect using external IP address, the connection is refused. All ports are forwarded from the router and firewall is disabled. Does anyone know of any possible reasons that could cause it not to work from external IP? Thanks in advance for any help and feel free to ask for more information or source code - although i use custom includes...

someone else having seemingly the same problem, accept in java (unresolved): http://tinyurl.com/4l68s5
Most likely your router setup. They can be tricky things to get right, and worse, every brand/model has an entirely different way to program it.
Post 09 May 2008, 09:08
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
Thats what i thought. It's actually being hosted on my friends computer because my dad is way over-protective and wont let me forward any ports to my computer.. I trust that my friend (lets call him corey, just because its easier lol) has setup his router config properly, he says he's set as DMZ or something and all ports should be forwarded to his computer. So the two of us are really stumped.. Thanks for your post and if anyone has any other ideas on why it may not work, please post Razz
Post 09 May 2008, 09:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
What type of router are you using? Will it translate outgoing ports? If your friend is expecting incoming data on a particular port then it might get translated. eg. let's say you send on port 11111, it might end up at the destination on port 33333:

Your PC (port 11111) --> your router translation (port 22222) --> your friends' router (port 22222) --> your friends PC (port 33333)

Although a DMZ will usually not translate port numbers, so in the example above your friend would likely see port 22222.
Post 09 May 2008, 12:16
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
why would a router translate ports?
Post 10 May 2008, 04:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Pinecone_ wrote:
why would a router translate ports?
That is their function. They use port numbers to differentiate between IPs in the inside. Else how do you get many internal IPs onto one external IP?
Post 10 May 2008, 04:49
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
If you need to use fixed port numbers then most routers will support setting up pinholes by using something called port forwarding. That way you can force it to use port 11111 (in the example above) to always be translated to 11111, but with that you must also set one fixed internal IP that the port number is associated with. Then it is 11111 all the way through, but other ports are still translated as normal.
Post 10 May 2008, 04:54
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Can a mod be kind enough to move this to heap. This is not related to Windows programming, it is about networking.
Post 10 May 2008, 04:56
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
revolution wrote:
Pinecone_ wrote:
why would a router translate ports?
That is their function. They use port numbers to differentiate between IPs in the inside. Else how do you get many internal IPs onto one external IP?


Ok kinda makes sense however i am somewhat doubtful of the accuracy of this as i can only see it causing problems; why would a router need to translate ports for outgoing connection? Corey has port forwarding enabled on his end so his router shouldn't be translating the port number, but if routers translated ports for outgoing connections then wouldn't there be some kind of problem when trying to access any port on any remote computer? eg: browser need to connect to port 80 on a web server, router translates port number and the connection gets refused? i don't understand how it could work... also how is one to know what number the router has translated the port to?

The way i have always thought it: a computer tries to connect to the IP address of the router, if there is port forwarding setup for whatever port its trying to connect to, it passes all information to that computer. If there is no port forwarding for that port then the router simply does nothing. for all outgoing connections from the internal network, the router keeps track of which connection belongs to which computer and passes the appropriate data to the appropriate computer when necessary.

if there is some kind of flaw in my logic, or it just isn't done that way please tell me. Possibly the way you have said, however as i said, i don't see how it would work that way without problems.



however assuming that your theory is correct:
revolution wrote:

Your PC (port 11111) --> your router translation (port 22222) --> your friends' router (port 22222) --> your friends PC (port 33333)
what happens if the beginning port is 55555?
using the same kind of thing as you posted:
Your PC (port 55555) --> your router translation (port 66666) --> your friends' router (port 66666) --> your friends PC (port 77777)

as im sure you know, the maximum port number is 65535, another problem in your theory.
Post 11 May 2008, 04:28
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
When you access a port (say 80) of course you get no outgoing translation, but the return path is translated (port 11111-->-->33333 in the example) so your friend would see someone on port 33333 wants to access the resource on port 80.

Say, for example, two people want to access the resource on port 80 of your friend's computer. The router must assign a separate return port number to create a path to each of the two clients. If both clients are sending on port 11111 and both translate to 22222 and then both ask the server for port 80 then whole thing still works because the destination router will assign separate ports (33333 and 33334) so that it can distinguish between the two clients. In this situation your friend would see incoming connections on ports 33333 and 33334 from the routers internal IP, and you friend's app will not know the external IPs of the accessing clients.

Maybe a small diagram will help:
Code:
Outgoing path:

Client IP:port             Router translation                      Server PC
10.10.10.1:22222       10.10.10.1:22222 --> 192.168.1.1:33333       Sees 192.168.1.1:33333
12.13.14.1:22222      12.13.14.1:22222 --> 192.168.1.1:33334       Sees 192.168.1.1:33334


Return path:

Server PC         Router translation                      Client IP:port
Sends 192.168.1.1:33333       192.168.1.1:33333 --> 10.10.10.1:22222       10.10.10.1:22222            
Sends 192.168.1.1:33334 192.168.1.1:33334 --> 12.13.14.1:22222       12.13.14.1:22222    
Post 11 May 2008, 06:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Pinecone_ wrote:
revolution wrote:

Your PC (port 11111) --> your router translation (port 22222) --> your friends' router (port 22222) --> your friends PC (port 33333)
what happens if the beginning port is 55555?
using the same kind of thing as you posted:
Your PC (port 55555) --> your router translation (port 66666) --> your friends' router (port 66666) --> your friends PC (port 77777)

as im sure you know, the maximum port number is 65535, another problem in your theory.
The port numbers are just examples. Don't take them literally. Usually a router simply assigns ports incrementally and wraps at the top. Depending upon the router the port numbers can cycle from 32768-65535 or maybe 5000-65535 and lots of other combinations. Some port are skipped due to frequent use by applications.
Post 11 May 2008, 06:16
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
okay then, so the routers translate port numbers. The server has port 1200 open and listening for connections, i try to connect to it from my computer, the routers translate the port numbers and the port I'm connecting to on my friends computer is no longer 1200 so the connection is refused because there is nothing listening on the new port? how is someone to know what port number to open on the server and what port to connect to with the client?

once the connection is established the ports the data is transferred through should not matter, however i cant establish the connection because. Opening port 1200 on the server, connecting to port 1200 with the client should work should it not?

note: port 1200 is just a number i picked, has no relevance to anything...
Post 11 May 2008, 06:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Depends on your friends setup. Listening on port 1200 is fine, your PC sends from a translated port to port 1200, it gets there to destination port 1200. But if the destination is expecting to receive from a fixed port then it won't recognise because the source port number has been translated.

  1. Your PC sends (to your router) from port X to port 1200
  2. The router translates port X to port Y
  3. The router sends from port Y to destination server port 1200
  4. destination server sees data/request from port Y to port 1200
  5. Maybe refused because incorrect source port Y not allowed, only waiting for port X


Note: that websites listen on port 80, but don't care what the source port number is so accept all connections regardless of the source port.

So ask your friend is the software needs a special source port or whether it doesn't care. Ask your friend if port 1200 is forwarded without translation. Ask your friend to check the firewall/router for dropped packets in the log.
Post 11 May 2008, 09:03
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
the software I'm trying to connect to is software I've written using FASM, it opens a port and then enters an accept loop (port the connection is coming from does not matter), when connections are accepted it creates a separate thread for that connection with a receive loop. it works fine over LAN, but not when going through the internet, this was the problem from the beginning... as said before, he's set as DMZ and firewalls disabled on both ends. I ran out of ideas so posted here, now seems like I'm back at square one (not that i ever really left it) with a little better knowledge of how routers work Razz
Post 11 May 2008, 10:06
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 9000
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
since your friend corey already did the DMZ, imo, that should open totally his pc ports to outside.

maybe you can try ask him, if he sets static ip for the pc that you want to connect? and DMZ to that static ip?

try if you could remote desktop to that machine (i assume u use windows xp)

and how about the code that listening for connection? it should be u listen on a port address, eg. 80, then accept it in another port, so that 80 is still available for listening.
Post 11 May 2008, 11:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17467
Location: In your JS exploiting you and your system
revolution
Well if you learn about how routers operate it should help you to solve your problem. Once you understand all the terms you can work out how to configure the router successfully.
Post 11 May 2008, 12:09
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
already tried him switching to static IP, no luck.

not a bad idea to try remote desktop, ill ask about it later, thanks for the suggestion.

last thing you said is not a problem, i can have as many connections incoming into port 80 after accepting, i think this is as revolution said with the port translation, once the connection is established it switches to a different port or something.. the point is i know thats not the problem cause it works over LAN with many connections.
Post 11 May 2008, 12:09
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Pinecone_ wrote:
but when trying to connect using external IP address, the connection is refused.
The fact that you are getting connection refused instead of timing out means you are connecting to something.

Have you set your router NAT server to pass your listening port from any WAN IP to the LAN IP which is running your FASM program?

What router is being used with your software?
Post 11 May 2008, 12:18
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
sleepsleep wrote:
and how about the code that listening for connection? it should be u listen on a port address, eg. 80, then accept it in another port, so that 80 is still available for listening.
??? For each connection you accept a new socket handle is aquired, you can still listen on the same port for more connections.

A lot of routers have a web server interface, if your using port 80, be careful it doesn't clash with the router.
Post 11 May 2008, 19:19
View user's profile Send private message Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
Alphonso wrote:
The fact that you are getting connection refused instead of timing out means you are connecting to something.
Which is why this is so frustrating because i know that my program is listening for connections on the port and yet connection is still refused...

Alphonso wrote:
Have you set your router NAT server to pass your listening port from any WAN IP to the LAN IP which is running your FASM program?
as was discussed before, port forwarding is setup.

Alphonso wrote:
A lot of routers have a web server interface, if your using port 80, be careful it doesn't clash with the router.
I'm not using any of the routers reserved ports.
Post 11 May 2008, 21:02
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.