I have a wpf app that needs to communicate(exchange data) with a custom designed device (we can modify the code for the device). Do I have any options to connect to the device if it is behind a firewall via http? I was hoping there would be a method where the admin would not have to forward any specific ports or do anything on his end. I assume the issue is how would I address the device from my app. I know SOAP over SMTP is one option. Is another option where the device could chatter out to my application via http?
This problem is solved by relay services like Yaler or My-devices (I did not test this last one).
UPNP is supported by some firewalls to simplify this. Otherwise you are usually stuck opening ports on the firewall manually or using some 3rd party proxy server for a rendezvous server.
A lot of firewalls are setup to allow access on port 80 (HTTP) otherwise the users wouldn't be able to browse web sites on the internet. You can try and see if port 80 is open to traffic. If you can modify the code for both the device and the client you can use port 80 to communicate with your own protocol - you don't necessarily need to use HTTP.
Any kind of RESTful architecture over http will do it. If this is the best option for you depends on what APIs / libraries are available on your custom device.
Related
I would like to know how to send a TCP request from Flex App engine (python application) to the on-premises device TCP port 9701 and get the data back from the device.
Option 1- Set up Cloud VPN and put the firewall hardware in front of the on-premises existing router(if it is not VPN IPSEC supported)
Option 2- Set the on-premises router as DMZ mode with IP mapping and port forwarding.
Could anyone try it and give me some idea of how that works and using any hardware firewall that worked with the GCP VPN?
Thanks in advance!
Your question is actually very complex. I will briefly touch upon both of your options.
Option 1- Set up Cloud VPN and put the firewall hardware in front of
the on-premises existing router(if it is not VPN IPSEC supported)
To set up Google Cloud VPN will require hardware routers on your side that support Google's requirements. Most cheap routers will not meet the minimum requirements.
This method is called site-to-site and you are basically connecting your internal network to your Google Cloud networks (VPCs). This requires a good understanding of VPNs and routing. The benefit is that all your traffic is secure and encrypted. Your internal systems can access your Google systems using their private IP addresses.
Your router must have a public static reliable IPv4 address.
Your internal network addressing cannot overlap with your VPCs.
If you put a firewall in front of your VPN router, the firewall must support passing thru ESP (IPsec) and IKE traffic.
Your router must support prefragmentation.
Dynamic routing (BGP) is preferred, Static routing is supported.
Option 2- Set the on-premises router as DMZ mode with IP mapping and
port forwarding.
This method does not involve Cloud VPNs. Your side is public and your Google resources (App Engine) just access your public IP address. There is no added encryption or security in this configuration unless you add it yourself. For low-cost setups that do not require traffic security beyond HTTPS, this is OK usually. However, you have not provided your network map, services, etc to review how you should NAT/PAT and secure your traffic.
A word about DMZ. Most people assume that this is secure. It is not unless you also have an intelligent firewall in front of your DMZ. A DMZ just passes traffic blindly from port A on the public side to Port B on the private side. Many a system has been hacked because the admin thought that DMZ translated to security. Any system connected thru a DMZ should be considered high-risk to attacks and being breached.
What is the best solution? Redesign your requirements so that App Engine does not need to get into your internal network.
Complementing the last answer.
If you can't bought or you don't known what HW is supported by the cloud VPN service, you can can use a VM or onpremise server like as Firewall using pfsense, this is freebsd distribution that have the capability to manage your network security like a NGFW and can be installed on bare metal or in a VM.
having said that, to configure site to site VPN connection between your own network and GCP network you can follow this tutorial, this tutorial explain step by step the configuration that you need to perform in GCP and in pf sense.
I am developing simple application using Ionic framework (and AngularJs) that fetches json data from my webpage. How can I detect is there "internet connection" and display message to user: "Connect to internet" if not.
EDIT
Can I use cordova API for that ?
Cordova provides org.apache.cordova.network-information plugin.
See documentation HERE
This plugin provides an implementation of an old version of the Network Information API. It provides information about the device's cellular and wifi connection, and whether the device has an internet connection.
If I am not mistaken, this plugin only detects whether the Wi-Fi or Cellular networking is enabled on the device. This does not always mean that the application can actually reach your remote server, if you are connected to the WiFi network without internet connection.
Therefore, the only solution I have found to ensure that the application can reach your remote server is to continuously ping the server.
Do you happen to know common application using unix socket api doesn't work on computer connected to internet router? For example, assume that there is a computer that is running a simple web server using socket in C. when a web browser in another remoter computer send a request, the web server cannot send a response to the request since its port is closed by the internet router(?) (Of course, there might exist another reasons).
However, the common applications by a competent developers works well. For example, utorrent client receives a request for some data from peers and responds to the request well, although a computer that is running utorrent is connected to the internet router. Does utorrent adjust router configurations using some system calls? If not, how does it upload the some data?
So my question is that
how does common application using socket API accomplish to forward its port, with the connection to the internet router?
How my program in C accomplish to forward its port with computer connected to the internet router?
Thank you in advance.
If you're connected the internet through a NAT router, in most cases any unsolicited connection into the router from the WAN will be refused. What you need is to tell the router (in some way) that unsolicited traffic coming in on a specific port number or range is to be accepted, and forwarded on towards a specific local IP address. This can either be done manually in your router's configuration, or if your router supports UPnP you can use that protocol to configure port mapping for the traversal of the router.
They don't. To send and receive data on the connections your program has started it's not needed. Port forwarding needs to be done by hand by the machine administrator and is only required to receive new connections.
I have downloaded an Android app (which is also available for iPhone and ipad). I want to monitor which URLs it is accessing. On the desktop, you can use tools like Chrome dev tools for browser traffic and Charles Proxy (http://www.charlesproxy.com/) for other app traffic. Is there a similar way to set a proxy for the app from outside it, and then view any connection attempts, possibly with headers and responses?
I only need to do it once, to ensure the app isn't malicious, so the process doesn't have to be the most convenient method in the world. For example, it could involve setting up a proxy app on the desktop and then connecting through that, or running the Android or iOS version on a desktop-based simulator and monitoring that.
When searching SO, a lot is to be found on this topic. The best solution seems to be setting up a desktop to be an access point for the android device and run wireshark on it like suggested here
Capturing mobile phone traffic on wireshark
your best bet is charles proxy trial version
to set up charles proxy is like butter
1) Make sure both computer and device are on the same network
2) Download charles proxy on computer
3) On device go to wifi--> connection name--> hold on to it --> modify --> manual proxy --> give your ip address and port 8888
4) keep charles open on computer while you are doing this
5) you will get a pop up in charles regarding the connection and will start showing you the traffic being captured from the app..
From what I've read Web Sockets holds more promise than the duplex polling that is currently available to Silverlight developers for receiving server notifications. However I'm not finding much written in the last 10 months, nor am I finding much at all from a Silverlight perspective.
Please don't answer, that Silverlight can open sockets. I know that --- howerver what I don't know is how silverlight can do that with its web server over port 80 in a firewall friendly way -- all of which is why I'm interested in Web Sockets.
The underlying Silverlight network stack won't allow port 80 to be connected to. The port restrictions are that the port must be between 4502-4534. See Network Security Access Restrictions in Silverlight.
Microsoft recently release a WebSockets prototype part of which includes a Silverlight WebSocket client. One additional restriction with the Microsoft Silverlight WebSocket prototype implementation is that a clientaccesspolicy.xml file must be served up from port 80 on the server that is being connected to.
The Super Websockets project also contains a Silverlight client somewhere. It will most probably have the same restrictions as the Microsoft implementation.
SL4 and 5 do not implement websockets. If browser used to host silverlight plugin supports websockets then you can use browser interop to call websockets api form the silverlight app.
Alternatively a trusted application can connect to any TCP port including port 80.