1. Home
  2. Networking Firewalls
  3. How to develop streaming tcp application to be used by many users -- pass thru most firewalls

How to develop streaming tcp application to be used by many users -- pass thru most firewalls

My situation:

Upgrading the TCP port of an application with an installed base of thousands of users, all uncontrolled users(anonymous, individuals, or businesses) from different locations across the globe.

The application used port 2222 to pass traffic. This was cumbersome because every day people would call "the software doesnt work!" and it had to be explained to each and everyone to open up port 2222 for tcp traffic. This was difficult with the newbies who didnt know what a firewall was. And Windows Firewall just makes it even worse (hate that windows firewall)

Next we had a great idea -- let's use port 80 since everyone has port

80 open to the world. Well this worked great but now we have users calling in saying "it will connect but I get nothing back". This is because their firewall or ISP is acting as some form of a proxy server or is not allowing persistent socket connections.

So I am given the task to figure out how AOL instant messaging and all these big boys are getting around firewalls. Or not so much to "get around the firewall", but how to best work with the firewall.

Do I just create two different policies:

  1. connect via port 80.
  2. if it fails, connect via 2222

Is there a better design? Has anyone encountered this and done extensive research? I cant find any documentation on how "big boys" are handling this

Reply to
stevehunter_1
Loading thread data ...

If the client-side of the application needs to accept incoming TCP traffic to a port (with the server initiating the conncetion), switching that port to port 80 will NOT allow it to "pass through" most firewalls, if the client has or is behind a firewall that restricts different types of outbound traffic setting your server to listen on port 80 would likely help (assuming the client is allowed to have outbound http traffic).

If your client is behind a firewall that restricts certain types of outbound data that is their problem.

The proper way to deal with this is to use a passive connection scheme (research how passive ftp works).

the client connects to a port on the server. the server tells the client what port to reconnect on. the server opens the port it told the client to reconnect on. the client connects to the servers newly opened port.

also, not everyone has port 80 open to the world.. I dont know where you got that idea, the only people who have port 80 open to the world (usually) are ones who are hosting HTTP servers, and if you require your server to connect back to a client on port 80 you will prevent anyone who has an http server running from using your software.

As a suggestion, get some developers who know a little more about networking. Or, use rentacoder.com.

OxDEADBEEF

Reply to
0xDEADBEEF

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.