#1
  1. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95

    client server apps across the net


    i have this chat room program, and it works fine on my LAN. i run the server on address 192.168.1.xxx , but when i want to run it over the net, i have to use a different address correct? b/c that is just my local one. so i figured out the my address as assigned by my ISP, it is 24.151.3.xx , but nobody can connect to my server? is there something im missing here?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2002
    Posts
    272
    Rep Power
    19
    It sounds like you are running behind a Cable/DSL router. If this is true, then your router has the 24.151.x.x address. There should be some mechanism in the router's configuration for exposing your machine's address to the net. Be careful, though, because that will probably expose it for anyone to see, not just the clients you want to see it.
  4. #3
  5. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    hey thanks alot i got it working fine now. i changed the DMZ setting to make it work. about the security part tho, as long as im not running all sorts of services/daemons i should be safe correct?
    edit: have a good google term i could search to learn more about what ur talkin about?
  6. #4
  7. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,179
    Rep Power
    2222
    I think that 3dfxMM was talking about a firewall and port-forwarding.

    Just curious how you had set your DMZ up in general. Since your server's IP address was in the private range (per RFC 1918), its actual address could not be forwarded and no other router on the Internet would pass it either. That means that your gateway router must be performing Network Address Translation (NAT), which would change the server's address to the gateway's Internet IP and a different port. In your DMZ set-up, were you able to force NAT to use the chat server's pre-defined port number, such that the client would try to connect to the gateway's IP and that pre-defined port? Or does it work differently?

    As for myself, my AOL-specific router refused to do port-forwarding, so I returned it. Connecting a hub to the LAN side of the DSL modem works just fine instead -- the modem acts as a DHCP server. But as a result, I don't have a DMZ to play with, so I haven't been through the mechanics of it. And MIS would be too paranoid if I were to try it at work.
  8. #5
  9. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    Well what i tried to do first was forward the server's port, but that didnt work. So i kept looking around the config and i see the DMZ host tab, it says:
    -"This feature sets a local user to be exposed to the Internet. Any user on the Internet can access in/out data from the DMZ host. Enable the feature as you wish to use special-purpose service."-
    So in there i typed my local ip 192.168.1.X and it worked. When i had people connect to my server, they used the 24.151.3.X address, and i made no changes to client or server code.
    *I'm actually pretty well confused by this right now myself. I wasnt aware that my computer was "hidden" from the net. Luckily, today in the mail i recieved "TCP/IP Illustrated" by Stevens, so i just read up on address classes and hopefully soon i'll have a better understanding of this stuff. It's amazing what they don't teach you in school! *

    EDIT: ok i was just reading this guide to NAT, and now i understand your question about the port assignment. My router translates my local ip(not routable/unique) to a routable(unique) one, in this process it also assigns it a new port # and stores the addresses in a table. So i am also curious now how the port situation is treated?
    Last edited by infamous41md; June 2nd, 2003 at 10:36 PM.
  10. #6
  11. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,179
    Rep Power
    2222
    {with my Ed McMahan voice}Everything you need to know about TCP/IP and networking are in the Requests For Comment (RFCs). The problem is that there are so many of them. Plus, many have been superceded by later RFCs. They are all online and are the authoritative source. Many of them were written to formalize or just plain to document how the designers of a protocol or a type of network got it to work, so any comments you might have would usually be after the fact. What you read in the text books mostly only condense and distill what's in the RFCs.

    For discussion of private IP addresses, read RFC 1918, "Address Allocation for Private Internets" at http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html (or any number of other sites; just Google on "RFC 1918" or whichever RFC you need to read). Basically, private IP addresses and NAT have pulled our cookies out of the fire and have greatly postponed the dreaded "running out of IP addresses" disaster we were faced with. This way, you can have up to 65,534 hosts on your LAN (including your toaster, microwave, refrigerator, and coffee pot -- read RFC 2324 - HyperText Coffee Pot Control Protocol (HTCPCP) 1 April 1998), but you still need only one public IP address to give them all access to the Internet.

    As for how the port assignment is being handled for your server, I believe that by placing it in the DMZ, you are telling NAT to masquerade the server's IP address but to not change the port number.

    It would be interesting to see what happens if you were to place a second machine in the DMZ and have it also run a server that listens on the same port. Would they conflict or would NAT have a work-around and if so, then what?

    Guess I know where I'll be Googling during lunch today.
    Last edited by dwise1_aol; June 3rd, 2003 at 10:22 AM.
  12. #7
  13. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    rfcs.... i have this stack in one of my desk drawers of a bunch of rfc's. but as you said, i'm sometimes uncertain as to the chronologic relevancy of what i'm reading. the last one i read was in regards to TCP window size and congestion control, after i read it i realized it was from 1988!!! LOL! i'm going to do an experiment and stick 2 of my machines in the DMZ listening on teh same port and see what happens, i'll let u know. Oh and if anyone is interested i put my Coffee Pot in the DMZ, you can reach at address 555.555.555.555; it's currently serving cappucino, but if you can hack it will serve hot chocolate as well!:D
  14. #8
  15. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,179
    Rep Power
    2222
    Originally posted by infamous41md
    rfcs.... i have this stack in one of my desk drawers of a bunch of rfc's. but as you said, i'm sometimes uncertain as to the chronologic relevancy of what i'm reading. the last one i read was in regards to TCP window size and congestion control, after i read it i realized it was from 1988!!!
    Just because it's more than a decade old doesn't necessarily mean it's out of date. I know that in most RFC indices I've seen will list that an RFC has been obsoleted and by which new RFC. Unfortunately, the obsoleted RFC itself does not indicate that it is obsolete -- at least not at the IETF site.

    Originally posted by infamous41md
    LOL! i'm going to do an experiment and stick 2 of my machines in the DMZ listening on teh same port and see what happens, i'll let u know.
    From what I've read (mainly product-specific instructions), I suspect that the router will not allow you to do that. Still, I am curious to find out. Let us know what happens.

    Originally posted by infamous41md
    Oh and if anyone is interested i put my Coffee Pot in the DMZ, you can reach at address 555.555.555.555; it's currently serving cappucino, but if you can hack it will serve hot chocolate as well!:D
    At Klondike-5.Klondike-5.Klondike-5.Klondike-5? Great! Hopefully using a stream protocol. And please don't say that it's on the de-caf port.

    Now if we could only get that Coke machine back on-line, we'd be set.

    BTW as you probably already know, the Trojan Room coffee pot went off-line this past year. Heard that they sold it on E-Bay.

    [Historical Note: The phone company's automated exchanges used to be given names based on the letters of the first two digits of the phone number. 5's letters are JKL, so out of "KL" they formed the exchange name of "Klondike". "Klondike-5" is so widely used in film and TV because no such exchange actually exists. Unfortunately, the producers of "Bruce Almighty" forgot that rule when they gave out God's phone number and now people all over the country with that number (no area code was given) are suffering for it.]
    Last edited by dwise1_aol; June 4th, 2003 at 02:17 PM.
  16. #9
  17. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    Originally posted by dwise1_aol
    Unfortunately, the producers of "Bruce Almighty" forgot that rule when they gave out God's phone number and now people all over the country with that number (no area code was given) are suffering for it.]
    -haha yeah i heard about that on some show the other day. i feel bad for those poor bastards getting calls at 5 am "...lord i have sinned..."

IMN logo majestic logo threadwatch logo seochat tools logo