I'm trying to develop a little client-server application in c. For that, I took a source code : http://www.iprelax.fr/outils/c_prog5.php
It's working in local without changing the ip address or the port. I tried with 2 computers (mac os and ubuntu). They are connected with an ethernet cable and we defined a static ip addresses 10.0.0.10 and 10.0.0.20 on this interface (eth0). In the client, we changed the line :
char *msg, *htoname = "127.0.0.1";
with the server ip address but it doesn't work, there is no error.
We tried to change the port number but still the same problem.
We saw anything with the netstat and netcat commands.
How to run the application between 2 computers ?
Thank you for your help
When going between two machines, generally a firewall blocks incoming connections i.e. your server machine should allow client to connect to itself.
If your server is on Ubuntu, you are using Linux IP tables. Either add a rule to allow the server port for incoming connections or disable IP tables entirely.
vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5800 -j ACCEPT
The answer to this question list it in detail
using ip tables on stack overflow
Related
Port 51820 already mapped in my router. Points to my Qnap NAS ip.
My Linux client configuration set in /etc/wireguard/wg0.conf
[Interface]
Address = 198.18.7.2/32
SaveConfig = true
ListenPort = 37636
FwMark = 0xca6c
PrivateKey = <client key>
[Peer]
PublicKey = <qnap key>
AllowedIPs = 0.0.0.0/0
Endpoint = <mydyndns>:51820
PersistentKeepalive = 10
When I try to connect
╭─ender#ender-PC ~
╰─$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 198.18.7.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
╭─ender#ender-PC ~
╰─$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7168ms
Qnap "server" configuration
Publick key of the client has been added.
I've also tried to connect from the Android app and does not work.
I've been able to check the logs in the Linux client wg0: Handshake for peer 3 (<nasIP>:51820) did not complete after 5 seconds, retrying (try 2) which are the same logs as in the Android app. The issue seems to be pointing in the NAS side.
PS: I have already another VPN working (QBelt, which is a proprietary of Qnap) and is reachable from outside.
QTS version 5.0.0.1837
Hope I come with good, if partial news: I managed to fix OpenVPN through a TeamViewer on a Pi4 linked to the NAS's LAN. Also set up L2TP/IPSec as a second connection solution.
Diagnostic on what went wrong during QTS4->5 update (1828 20211020): NAT still properly set on the routeur, but somehow the OpenVPN server was affected to the secondary LAN. So yes, NAT was pointing to the wrong IP address… There is no telling if the glitch came from QVPN or the network & virtual switch.
Please note the list of issues and changes is impressive. Not surprising for a major release, but still… Next step: I'll set up a WireGuard connection. More later…
I may have missed QTS version on your configuration. Do you mind giving us a few details? Wireguard means a fairly recent version, but which one is important.
I recently updated a new NAS to QTS 5, and a perfectly working OpenvPN server stopped working altogether. Worked like a charm in version 4, being overzealous in updating the server was (sadly predictably) a mistake. Concrete result is, I now get an infinite timeout on port 1194, which ends up with "TLS handshake failed".
Same situation after dropping the OpenVPN configuration on the NAS and recreating it from scratch. So the answer to your problem may be as simple as having to wait for QNAP to fix either QVPN or LAN management on QTS 5.
Unfortunately I cannot access the NAS remotely anymore, so I can't corroborate your feedback that Qbelt is not affected. I will have a TeamViewer set up on the LAN tomorrow ta get access to the NAS again, and I'll give it a try.
This looks like an error on the keys.
Can you please try to recreate public and private server and client keys, ensure the public server key and private client key are in the client configuration files, and public client keys is in the server configuration table?
On a side note, you shouldn't use RFC 2544 IP, even if QNAP tutorial is using them.
the ip of the nas was not correctly set in the port forwarding mapping...
Im trying to figure out a way for one user to open a server, on a port of their choice, and for a user on the same LAN, to be able to see that server without manually putting in the ip and port. Think like when you open a minecraft LAN server, and people on the LAN can see the server, even though they never put in the ip, and the port is different every time. Is there a way to do this in c on linux with the Berkley Sockets API, with TCP sockets?
There's plenty of articles out there on how to use Unix built-in's to scan your Local Area Network for other hosts.
You can find your own IP address and Network using ifconfig, like in this article.
It's then a simple task to get a list of IP's/hostnames on your LAN using a command like nmap, and then sort through the output.
Here's an example:
sudo nmap -sn 10.84.32.54/24 | grep -Po "(\d{1,3}\.){3}\d{1,3}"
Which will return you a list of ip-addresses on your network like:
10.84.32.1
10.84.32.11
10.84.32.12
10.84.32.14
10.84.32.17
You could then go about scan each of the ports on these by running:
nmap -p- 10.84.32.1
To get an output like:
PORT STATE SERVICE
22/tcp open ssh
2581/tcp open unknown
2443/tcp open unknown
In socket programming in c,why to specify the socket address in server program?
Im unable to understand why to specify socket address in server program because socket address we anyways specify in client program,what is the need to specify in server program.
Here is the code:
bzero((char *)&serv_addr,sizeof(serv_addr));
serv_addr.sin_family=AF_INET;
serv_addr.sin_addr.s_addr=inet_addr(argv[1]);
serv_addr.sin_port=htons(atoi(argv[2]));
Most servers don't specify the socket address explicitly, they use INADDR_ANY (as #ybo addresses).
The reason a server might specify the address, however, is to control which interface clients arrive on. For example, you might bind to the address 127.0.0.1 (localhost) to ensure that clients are running on the local machine only, reducing a security risk associated with remote connections. You also might bind explicitly to an external port in order to better sandbox remote clients.
You don't have to, you can use INADDR_ANY instead of the real address, but it can be useful when you have multiple network interfaces on your machine.
Actually same answer as the rest, but in other words:
A server usually just uses 1 public IP address. And also has 1 or more internal IP addresses (like localhost 127.0.0.1 and maybe for lan 192.168.0.1).
But a server can easily also have multiple public IP addresses. Your hosting provider will give these to you (and may be charge you for them.)
A server even NEEDS multiple public IP addresses if it will host multiple HTTPS certificates on port 443, as each one is bound to a specific IP address.
When listening , you can listen on 1 specific IP address, and thus ingore traffic from the other IP addresses. You can even have other applications use the same port number on the other IP adresses.
If for security reasons you only want applications to connect from localhost (eg client and server are on the same machine), you are better off listening only on 127.0.0.1 rather than ALL ip's.
Your computer may have many IP addresses. (Even 127.0.0.1 can be thought of as a separate IP from your "real" one.) On the server socket you can choose which of these addresses you're "listening" to. Following the above example, I believe that binding a server socket to 127.0.0.1 means you'll only be able to connect to that server program locally.
I have the following setup:
2 Ubuntu machines (server and client)
on the "server" I'm running this to echo all the data received back to the sender (the client):
ncat -e /bin/cat -v -l 12345
on the client I have simple application which just connects to the remote socket: socket() -> setsockopt() -> connect()
So... my question is: Is it possible to check if there are other applications already connected to the socket from the client application? I want only one process connected to the socket at any given time and I want to check this from the client application. Is this possible? After 3h googling I couldn't find anything relevant :(
(sorry, no experience with network programming)
No, a client is not able to see how many other clients are connected to a server.
To be able to retrieve this information an application specific protocol needs to be used on client and server.
Anyhow there is this one special case: If the client knows that a maximum of N clients can connect to the server, and it's own try to connect is refused it could assume that N clients are connected to the server already.
To set the maximum number of connections ncat handles in parallel use it's option -m/--max-conns. Verbatim form man ncat:
-m numconns, --max-conns numconns (Specify max number of connections) .
The maximum number of simultaneous connections accepted for an Ncat instance. 100 is the default.
Run:
netstat -an | grep <your server port port number>
on your client machine to see any existing TCP connections.
Can you not close the listening socket on the server after you've accepted one client? If there's no listening socket no more clients will be able to connect. Once you've dropped your one client, you can then open the listening socket again, ready for one more. That way the client will see a "failure" to connect if the server is busy, or will succeed normally otherwise.
The down side of this approach is that the client won't be able to determine exactly why it can't connect, it could be because the client is busy (has its one client) or it could be because of other issues. Does this matter?
I'm trying to write a server program in C,
using another client, I get this error when I try to connect through port 2080 for example.
connection refused
What can be the reasons of this error?
There could be many reasons, but the most common are:
The port is not open on the destination machine.
The port is open on the destination machine, but its backlog of pending connections is full.
A firewall between the client and server is blocking access (also check local firewalls).
After checking for firewalls and that the port is open, use telnet to connect to the ip/port to test connectivity. This removes any potential issues from your application.
The error means the OS of the listening socket recognized the inbound connection request but chose to intentionally reject it.
Assuming an intermediate firewall is not getting in the way, there are only two reasons (that I know of) for the OS to reject an inbound connection request. One reason has already been mentioned several times - the listening port being connected to is not open.
There is another reason that has not been mentioned yet - the listening port is actually open and actively being used, but its backlog of queued inbound connection requests has reached its maximum so there is no room available for the inbound connection request to be queued at that moment. The server code has not called accept() enough times yet to finish clearing out available slots for new queue items.
Wait a moment or so and try the connection again. Unfortunately, there is no way to differentiate between "the port is not open at all" and "the port is open but too busy right now". They both use the same generic error code.
If you try to open a TCP connection to another host and see the error "Connection refused," it means that
You sent a TCP SYN packet to the other host.
Then you received a TCP RST packet in reply.
RST is a bit on the TCP packet which indicates that the connection should be reset. Usually it means that the other host has received your connection attempt and is actively refusing your TCP connection, but sometimes an intervening firewall may block your TCP SYN packet and send a TCP RST back to you.
See https://www.rfc-editor.org/rfc/rfc793 page 69:
SYN-RECEIVED STATE
If the RST bit is set
If this connection was initiated with a passive OPEN (i.e., came
from the LISTEN state), then return this connection to LISTEN state
and return. The user need not be informed. If this connection was
initiated with an active OPEN (i.e., came from SYN-SENT state) then
the connection was refused, signal the user "connection refused". In
either case, all segments on the retransmission queue should be
removed. And in the active OPEN case, enter the CLOSED state and
delete the TCB, and return.
Connection refused means that the port you are trying to connect to is not actually open.
So either you are connecting to the wrong IP address, or to the wrong port, or the server is listening on the wrong port, or is not actually running.
A common mistake is not specifying the port number when binding or connecting in network byte order...
Check at the server side that it is listening at the port 2080.
First try to confirm it on the server machine by issuing telnet to that port:
telnet localhost 2080
If it is listening, it is able to respond.
1.Check your server status.
2.Check the port status.
For example 3306 netstat -nupl|grep 3306.
3.Check your firewalls.
For example add 3306
vim /etc/sysconfig/iptables
# add
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
Although it does not seem to be the case for your situation, sometimes a connection refused error can also indicate that there is an ip address conflict on your network. You can search for possible ip conflicts by running:
arp-scan -I eth0 -l | grep <ipaddress>
and
arping <ipaddress>
This AskUbuntu question has some more information also.
I get the same problem with my work computer.
The problem is that when you enter localhost it goes to proxy's address not local address you should bypass it follow this steps
Chrome => Settings => Change proxy settings => LAN Settings => check Bypass proxy server for local addresses.
In Ubuntu, Try
sudo ufw allow <port_number>
to allow firewall access to both of your server and db.
From the standpoint of a Checkpoint firewall, you will see a message from the firewall if you actually choose Reject as an Action thereby exposing to a propective attacker the presence of a firewall in front of the server. The firewall will silently drop all connections that doesn't match the policy. Connection refused almost always comes from the server
In my case, it happens when the site is blocked in my country and I don't use VPN.
For example when I try to access vimeo.com from Indonesia which is blocked.
Check if your application is bind with the port where you are sending the request
Check if the application is accepting connections from the host you are sending the request, maybe you forgot to allow all the incoming connections 0.0.0.0 and by default, it's only allowing connections from 127.0.0.1
I had the same message with a totally different cause: the wsock32.dll was not found. The ::socket(PF_INET, SOCK_STREAM, 0); call kept returning an INVALID_SOCKET but the reason was that the winsock dll was not loaded.
In the end I launched Sysinternals' process monitor and noticed that it searched for the dll 'everywhere' but didn't find it.
Silent failures are great!