How to develop streaming tcp application to be used by many users --pass thru most firewalls - Firewalls

This is a discussion on How to develop streaming tcp application to be used by many users --pass thru most firewalls - Firewalls ; My situation: Upgrading the TCP port of an application with an installed base of thousands of users, all uncontrolled users(anonymous, individuals, or businesses) from different locations across the globe. The application used port 2222 to pass traffic. This was cumbersome ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How to develop streaming tcp application to be used by many users --pass thru most firewalls

  1. How to develop streaming tcp application to be used by many users --pass thru most firewalls

    My situation:

    Upgrading the TCP port of an application with an installed base of
    thousands of users, all uncontrolled users(anonymous, individuals, or
    businesses) from different locations across the globe.

    The application used port 2222 to pass traffic. This was cumbersome
    because every day people would call "the software doesnt work!" and it
    had to be explained to each and everyone to open up port 2222 for tcp
    traffic. This was difficult with the newbies who didnt know what a
    firewall was. And Windows Firewall just makes it even worse (hate
    that windows firewall)

    Next we had a great idea -- let's use port 80 since everyone has port
    80 open to the world. Well this worked great but now we have users
    calling in saying "it will connect but I get nothing back". This is
    because their firewall or ISP is acting as some form of a proxy server
    or is not allowing persistent socket connections.

    So I am given the task to figure out how AOL instant messaging and all
    these big boys are getting around firewalls. Or not so much to "get
    around the firewall", but how to best work with the firewall.

    Do I just create two different policies:
    1. connect via port 80.
    2. if it fails, connect via 2222

    Is there a better design? Has anyone encountered this and done
    extensive research? I cant find any documentation on how "big boys"
    are handling this

  2. Re: How to develop streaming tcp application to be used by many users -- pass thru most firewalls

    If the client-side of the application needs to accept incoming TCP
    traffic to a port (with the server initiating the conncetion),
    switching that port to port 80 will NOT allow it to "pass through" most
    firewalls, if the client has or is behind a firewall that restricts
    different types of outbound traffic setting your server to listen on
    port 80 would likely help (assuming the client is allowed to have
    outbound http traffic).

    If your client is behind a firewall that restricts certain types of
    outbound data that is their problem.

    The proper way to deal with this is to use a passive connection scheme
    (research how passive ftp works).

    the client connects to a port on the server.
    the server tells the client what port to reconnect on.
    the server opens the port it told the client to reconnect on.
    the client connects to the servers newly opened port.


    also, not everyone has port 80 open to the world.. I dont know where
    you got that idea, the only people who have port 80 open to the world
    (usually) are ones who are hosting HTTP servers, and if you require
    your server to connect back to a client on port 80 you will prevent
    anyone who has an http server running from using your software.

    As a suggestion, get some developers who know a little more about networking.
    Or, use rentacoder.com.

    OxDEADBEEF

    On 2008-07-18 19:31:06 -0700, stevehunter_1@hotmail.com said:

    > My situation:
    >
    > Upgrading the TCP port of an application with an installed base of
    > thousands of users, all uncontrolled users(anonymous, individuals, or
    > businesses) from different locations across the globe.
    >
    > The application used port 2222 to pass traffic. This was cumbersome
    > because every day people would call "the software doesnt work!" and it
    > had to be explained to each and everyone to open up port 2222 for tcp
    > traffic. This was difficult with the newbies who didnt know what a
    > firewall was. And Windows Firewall just makes it even worse (hate
    > that windows firewall)
    >
    > Next we had a great idea -- let's use port 80 since everyone has port
    > 80 open to the world. Well this worked great but now we have users
    > calling in saying "it will connect but I get nothing back". This is
    > because their firewall or ISP is acting as some form of a proxy server
    > or is not allowing persistent socket connections.
    >
    > So I am given the task to figure out how AOL instant messaging and all
    > these big boys are getting around firewalls. Or not so much to "get
    > around the firewall", but how to best work with the firewall.
    >
    > Do I just create two different policies:
    > 1. connect via port 80.
    > 2. if it fails, connect via 2222
    >
    > Is there a better design? Has anyone encountered this and done
    > extensive research? I cant find any documentation on how "big boys"
    > are handling this




+ Reply to Thread