crossing multiple IP address

[John J. Hughes II]

I have a system where my software sits on one server and interacts with
another server running MS SQL. My software recieves connects via a socket
layer on the internet and does it's thing with the SQL. This seems to work
fine.

The problem is now I have a situation where the internet connect is on
another server with firewall. When I listen to the ports on the server my
software is running on it seems I can not listen to the internet. I am
assuming this is because the internet connection has a different IP address
range then the interanet connection.

Currently I am using the CIS from MS for the firewall which I have tried to
open a port and set the host machine name to the name of the second server.

Note for testing I am using WinXP for all three computer... In concept the
production machines will be Win2K3...

/// diagram sort of

<---- 96.223.20.20 (internet) --- server 1 (firewall) ---- 192.168.0.1 ----

< --- 192.168.0.2 --- server 2 (my app) --- 192.168.0.3 ----> < ---

192.168.0.4 ---- server 3 (SQL)

/// Code use to listen for incoming sockets.
/// o is an IP address I read from the reg
IPAddress ipAddress = IPAddress.Parse(o.ToString());
IPEndPoint localEndPoint = new IPEndPoint(ipAddress,
Convert.ToInt32(SocketPort));
Socket listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream,
ProtocolType.Tcp);
listener.Bind(localEndPoint);
listener.Listen(Convert.ToInt32(SocketThreads));
this.ListenerList.Add(listener); /// array of listeners


Regards,
John

 

[Jeffrey Tan[MSFT]]

Hi John,

Based on my understanding, you want to use TCP socket to connect between
your Sql Server machine and your client application machine. But it failed
for firewall.

As you stated, your firewall should be on another machine between your
client machine and server machine. All the communication between these 2
machines must be passed through this firewall.

If you close your firewall, does everything works well?

If the application works well without firewall, it means the problem is due
to the firewall. Normally, we need not change C# for TCP/IP communication
with firewall between machines. What we should do is configure the firewall
to allow TCP/IP communication , i.e. open certain port on the server.

If your issue is firewall configuration fail issue, I think you should
paste your issue at some other group to get more useful help.

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[John J. Hughes II]

No I am not trying to connect to the SQL. A application not by me is run
somewhere out in the world. The user of that progam put an IP address of my
application in with a port number. Once we are connected my porgam access
the SQL server locally via normal means and is not a problem.

If the internet connection is on the server with my software with firewall I
just open the correct port in the firewall and it works fine.

The problem is if the internet connection is on another server then the
server with the my application.

Remote application -> (internet) <- internet server -> (lan) <- my
apllication server


Now my appliction can see the internet via the internet server but the
remote application can not see my appliction if the remote application
starts the connection.

My question is, is there a way for either my application to receive requests
from the remote application or for me to redirect the request to the server
with my application.

Regards,
John

 

[Jason DeFontes]

You need to look at the documentation for your firewall/router and
forward the port that you're using from the external IP to your internal IP.

-Jason

 

[Jeffrey Tan[MSFT]]

Hi John,

Thanks for your feedback.

Oh, let's me re-understand your issue.

There is a remote machine on the internet want to access your application
on your machine, while your machine access a local SQL server(Which is
fine, so has nothing to do with our problem.). Then there is a firewall
between the remote machine and yours application(yours server). If the
firewall is on the same machine as your application, once you open the
port, it works fine. But your problem is: the firewall is on another
machine, which is in the a LAN with your server(your application). In this
situation, your application has to communicate with the remote machine
through the firewall.

Hope I did not mis-understand you.

I think maybe your LAN use virtual IP internally, which remote machine on
the internet can not see. Just as Jason suggested, you should configure
your firewall/router, which will get the request of the remote machine, to
forward the incoming request to the correct internal machine(This senario,
to your server).

If you have any question about the configuration, I think you may look your
firewall/router product document for the configuration. Or you may consult
the vendor for these product. Then, your application should work well.

Hope this help you.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Jeffrey Tan[MSFT]]

Hi John,

Thanks for your feedback.

Based on your further feedback, your condition1 works well, but your
condition2 does not work. For your condition2, your server1 connect to the
internet(I suspect server1 is the only machine in your LAN can access
internet now), while your application stay on server2, I suspect your
server2 can not access internet direct, yes? First, have you configured
your LAN to enable the server2 access internet through server1?

Firewall only block the un-expected request from internet, but can not
dispatch the request to another machine. For your remote client machine,
how can it contact the server application(on server2) in your LAN? I think
it can not success Ping the server2 through your remote client machine,
yes?

So, if you configured your LAN to enable internet access your server2
through server1, your application should also be OK. To get this done, your
server1 must act as a router which can forward certain internet request to
server2. As I think, Windows 2000 Server version has the router software,
may meet your need. If you continue to use Windows XP, you may need to use
some other third party software to enable your server1 as router.

I hope this help you. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[John J. Hughes II]

Thanks for the response. My server 2 has no problem accessing the internet
via server 1.

You maybe correct that WinXp does not have this function. I will try
installing Win2k3 as time permit and test with that.

Regards,
John

 

[Jeffrey Tan[MSFT]]

Hi John,

Thanks for your feedback.

Yes, your server2 may connect to internet through server1, this only need
server1 as a proxy. But, I think the remote client machine can not see your
server1, yes? Because there is no way for the network to identify the
server1(There is no REAL IP address for server1 on internet). So what you
need is setting up a router on server1, which will give remote request a
way to identify and access the internal LAN machine(server2). I only mean
that Windows XP has no build-in router function.

Anyway, I will wait for your feedback. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[John J. Hughes II]

Server1 can see Server2 and Server2 can see Server1 via one network card but
the second network card in Server1 can not see Server2 because the IP
addresses are incompatible. I agree that the data needs to be routed in
some way and since the ICS firewall gives the option of setting the host
machine I was thinking it would work but test seem to say otherwise. When I
have time I will install Win2k3 and see if it has this functionallity. I
may also search the internet for a third party solution.

Thanks again for the response,
John

 

[Jeffrey Tan[MSFT]]

Hi John,

Thanks for your feedback.

As I think, the main concern on this issue is now on the network setting
and configuration of your LAN, it has nothing to do with the socket
programming, so I suggest you consult some network administrator for a
suitable and good configuration for this, you may get more help from them.
Also, if you have problem of using Win2003 router or WinXP firewall, I
suggest you paste your question in platform related group in Microsoft
newsgroup, you will get more professional help there.

Again, if you need further C# programming help, feel free to post here.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.