I made a chat program that works fine in my LAN, but doesn't from the outside world. Do I need a web server for it to work?
It works in my LAN when I use my localhost ip adress for the "Server". I checked my IP from websites to get my not-localhost ip adress, and it seems to be the same for all my computers.
(My networking knowledge is limited)
Do you know how I can make it work? Thanks.
HIWA: You were Registered on 99/03/29 (wow, that would be 1929?), mine thinks I registered on 02/02/02 at 0200 CST.
Anyway, to the poster, your network includes something called a router that includes a technology called Network Address Translation and Port Address Translation (NAT/PAT). This technology allows for multiple computers with private (LAN) IP addresses to access the Internet (WAN) at the same time. Basically, the device maps each connection (socket) from the inside to outside by port numbers.
In order to get your applicaion working on the Internet, you need to make that application (port) open on the NAT router. Ask your network administrator, or just check your vendor's manual for how this is don on your hardware - as it is slightly different from device-to-device.
You need to open a port, this is called Port Forwarding. It should ask you for the local IP address for your "server" machine (e.g. This means your server cannot use a DHCP address, unless you have fancy equipment) and will also ask for the port number to forward.
Doing this will cause the NAT to stop mapping dynamically, that port number to connections, and any inbound requests for that port will be forwarded onto your local machine - hence the 'port forwarding' term.
Let's say that your chat server listens for connections on port 1234 and your local IP is 192.168.1.22.
The full address is 192.168.1.22:1234
However, the Internet sees your network for example as 24.22.131.22.
Then, when people want to connect to your chat program, then they would use 24.22.131.22:1234
Now, you need to set your local machine IP to static (manual), you could use that same 192.168.1.22 if you like - just make sure that it is not assigned to you by DHCP.
Now, go to your router, login, and go to the port forwarding, advanced, firewall, or application configuration page and setup a rule to forward your port - 1234 to be forwarded to 192.168.1.22 (or whatever IP you chose).
You're done.
Now, wait a minute - won't you need to setup a new rule for every client connection?
No. Remember, this is only for exposing the server (sometimes called a service or application) to the outside.
Unless you need a specific port for client connection (yes, there are some programs like that - but they are either specialized or old - such as some older video conferencing software did that).
When your server gets a connection, it creates a new socket - and the port numbers don't matter, as NAT will do what it is suppose to do and forward it automatically to your machine.
You could also try to setup Multicast forwarding, though your ISP would likely block it - and your router will likely not even do it.
I have high-end routers from Cisco that can do this - called IP Multicast Directed-Broadcast, but again, my ISP does not allow this.
Why don't ISPs allow this? Because it would interfere with the operations of their network, and the Internet, etc.
Multicast is not globally locked like IP addresses are. Two networks could be using the same multicast IP, and thus some cross-talk would occur, as messages from one group may reach another and vise-versa. Plus, it would dump a ****-load of traffic onto all networks.
Security problems? Define your scope.
How do you mean "security problems?" When multicast traffic is routed, your consumer Linksys gear is not likely to pass it through to the WAN link (Internet).
However, if you mean, can others access your multicast group who you don't want to? Yes, except you can edit the socket code to filter the IP of the host that wants to join - kick out those you don't want and you're set.
On the side of Unicast sockets (Socket class), and you expose that port (application) to the Internet on your router, you will expose that "service" to the Internet. Anyone can TRY to connect to that port, but your application does not HAVE to allow the connection.
Remember, your host machine is only visable to the Internet as far as the ports are concerned that you have opened (mapped) on the router.
Therefore, if let's say you run a server on port 5000, and expose it to the Internet, someone can't come along and try to connect to your machine's port 23 (telnet) simply because you have an open port.
Port Security is basic at this level. A Host can only connect to a port which is open to the Internet.
Most computers have multiple open ports, but they are only local to the internal network, in order to compromise your security, you'd have to make your host a DMZ host (unprotected), or open each port manually on the router and map it to the host.
Simply put, you are always in control of your security level. Doing a very basic simple thing such as opening 1 port on 1 computer to the outside is not going to expose your entire network, as well as any other port on your computer (with exception of a port opened for a connection between an Internet client and your server, if you choose to allow it).
Your safe.
hi,
we are doing cyber monitor using java. Is it possible to block the ip address of client system until the customer login and it should block when he quits.
If possible Plz can you guide us and suggest any books / web site which gives more details about this topic.
we are freshers to this topic.
Thanks a lot in advance.
