Java-Gaming.org Hi !
Featured games (90)
games approved by the League of Dukes
Games in Showcase (798)
Games in Android Showcase (234)
games submitted by our members
Games in WIP (865)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Tunneling a ServerSocket  (Read 9762 times)
0 Members and 1 Guest are viewing this topic.
Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Posted 2007-12-08 03:43:44 »

On my dedicated server I built a tiny app that squeezes all connections into 1, and at my local system, I turn it back into multiple connections again, and make it act like regular sockets that connect, perform I/O and disconnect.

The picture below (click for a bigger version) should clearify it a bit:




View the messy source


Now I can host some service on my LAN ip address, even when NAT tables can't be changed (which is not surprisingly the case here).


But ehm... does an application like this already exist? Smiley

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #1 - Posted 2007-12-08 08:07:48 »

Usually people just have a router in front that forwards to lan IPs?
It might solve some particular issue, but adding another single point of failure is rarely a good thing Smiley

Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #2 - Posted 2007-12-08 19:16:20 »

In these places I can't modify NAT tables:
 - at home
 - at work
 - at school

So just having a router in front doesn't solve it.



At school I can't even host a service on my LAN address, so the private server would be bound to 127.0.0.1 in this case, and still be accessible by my peers.
I'm doing Computer Science, and it's a bit 'funny' nobody can connect to my local services Smiley

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Mr_Light

Senior Devvie


Medals: 1


shiny.


« Reply #3 - Posted 2008-01-17 15:03:09 »

Wel in these cases I just setup a shh-tunnel but I suppose it might be annoying if you need a lot of ports. have you looked at PPPoe PPTP/ vpn stuff?

//edit don't mix stuff up. Grin

It's harder to read code than to write it. - it's even harder to write readable code.

The gospel of brother Riven: "The guarantee that all bugs are in *your* code is worth gold." Amen brother a-m-e-n.
Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #4 - Posted 2008-01-17 17:47:32 »

I didn't know SSH tunnels existed, which reveals my ignorance in this field, I guess.

Reading about them, I realize I created a very similair solution.



BUT, does a SSH-tunnel punch through unconfigurable NATs in routers? As that was the whole point of my app...

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline Mr_Light

Senior Devvie


Medals: 1


shiny.


« Reply #5 - Posted 2008-01-17 19:20:02 »

not really sure what part you want to punch through you need to be able to reach the end server:

so if you at school and you can connect to your server at home (you need a open port at your router)

school computer ->w/e network -> intenet -> router (port forwarded to 22 for ssh) -> home server / pc thats on

if your tunnel is like 8080 localhost:8080 -> then you can connect to localhost:8080 on your computer at school and data though that will end up at the other end of the tunnel(your home server/pc) reguardless of what's inbetween.

haven't tested the twowayness of the tunnel eg if you make your home pc connect on the port you specified. Then again I can't think of a good usecase where I would want my home computer connect to my pc at school/work.

Anyway the 8080 to localhost:8080 is actually going over port 22 I think, I should know I gues but come to think of it I'm pretty sure since some students also use it to circumvent the WOW-ports being blocked. I just never gave it too much though I gues.

It's harder to read code than to write it. - it's even harder to write readable code.

The gospel of brother Riven: "The guarantee that all bugs are in *your* code is worth gold." Amen brother a-m-e-n.
Offline sunsett

Senior Devvie




ribbit!


« Reply #6 - Posted 2008-01-17 20:20:56 »

The benefit of SSH tunneling is you can do things with programs like Putty to set local forwarding to remote addresses.

So you can set up a tunnel to port 6667 of irc.freenode.net (for example) and have port 6000 on localhost forward so you simply connect to localhost:6000 on your machine and it uses the SSH tunnel to push through (granting the machine you are SSH'ing to has the ability to connect to that port and hostname).  I have to do this at work since they block practically everything...fortunately not SSH though. Smiley
Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #7 - Posted 2008-01-17 20:22:27 »

I read a more detailed article about SSH tunnels now, and there are a couple of differences - but only in design, not so much technically.



SSH tunnel
 - config SSH Client to make 127.0.0.1:any_port <---> any_host:any_port (private/local service) traffic possible (using SSH Server at any_host:22)

=> To my understanding, each end-user has to run this SSH Client, to connect to the service which is not publicly available. (correct?)




My approach
 - config The Server to listen on localhost:any_port for incoming tunnel (The Client), listen on localhost:any_port for end-users
 - config The Client to connect to tunnel (The Server), and specify the 'real service' (any_host:any_port, not only localhost!)

=> End-user doesn't have to run anything, to connect to the service which is not publicly available: connect to hostname:port (The Server)




Please correct me if I'm wrong Undecided

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline broumbroum

Junior Devvie





« Reply #8 - Posted 2008-01-18 03:32:11 »

On my dedicated server I built a tiny app that squeezes all connections into 1, and at my local system, I turn it back into multiple connections again, and make it act like regular sockets that connect, perform I/O and disconnect.

The picture below (click for a bigger version) should clearify it a bit:




View the messy source


Now I can host some service on my LAN ip address, even when NAT tables can't be changed (which is not surprisingly the case here).


But ehm... does an application like this already exist? Smiley

For my game net.application I don't used to "squeeze" all TCP/UDP call-backs in one, but instead one port for one remote client to  a server. I really don't imagine why you would theorically rasterize multiple clients in one connected to a public server. That sounds like  a provider-like network structure. In your scheme I'd change the public server item with a ClientInterface directly connectin to your private server using FIREWALL, NAT, etc. addressing. that be much faster and easier to compile.
Let's say :  [Clients] <> ClientInterface <-----asynch------> RemoteServerAlgorithm (callback-loop()) <> net.Application [HOME-SERVER]  Tongue
or even : [Clients] <>ClientInterface <-------synch--------> RemoteServerAlgorithm [SERVER] <--asynch--> net.Application (call-back loop) [HOME]  Undecided
That can be depending where do you want to set up a web-server.  but as a matter of fact, all clients would be much more intersted in asynchronous connection stream than having all their stuff compressed in such a one-for-all stream.  Cool


::::... :..... :::::: ;;;:::™ b23:production 2006 GNU/GPL @ http://b23prodtm.webhop.info
on sf.net: /projects/sf3jswing
Java (1.6u10 plz) Web Start pool
dev' VODcast[/ur
Offline Mr_Light

Senior Devvie


Medals: 1


shiny.


« Reply #9 - Posted 2008-01-18 12:33:26 »

=> End-user doesn't have to run anything, to connect to the service which is not publicly available: connect to hostname:port (The Server)

Please correct me if I'm wrong Undecided

Accept for your client?  Wink

it's no different from ssh at a global point of view other then that the ssh is embedded in your application. I suppose you could just find some java implementation of a ssh-client and your in business too.

oh also please note the security issues, with allowing just anyone to set up tunnels to you server to about just everything.

It's harder to read code than to write it. - it's even harder to write readable code.

The gospel of brother Riven: "The guarantee that all bugs are in *your* code is worth gold." Amen brother a-m-e-n.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #10 - Posted 2008-01-18 14:52:24 »

Quote
Accept for your client?

Nah, the end-user (client) doesn't have to run anything to enable this tunnel.



As both approaches have *very* different definitions of Server and Client, I'll rephrase my architecture a bit:


FrontendServer: This is a server that is accesible from anywhere
BackendServer:  This is a server that is NOT accessible from anywhere
RealService:    Running on somewhere NOT publicly accessible, yet accessible from the BackendServer


The BackendServer connects to the FrontendServer (this will be the tunnel).
Any incoming sockets at the FrontendServer are sent through the tunnel, end up at the BackendServer, and connect to the RealService.

So clients connect to the FrontendServer, and for them it feels like they are doing I/O with the RealService.







Well, it's clear now what the differences are, and to be honest, I think my solution is both more secure, and less intrusive, as the client cannot know it's being tunneled.

Anyway, I learned a lot, and used my app at work successfully now. Thanks for your comments and explainations!

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline Mr_Light

Senior Devvie


Medals: 1


shiny.


« Reply #11 - Posted 2008-01-18 15:28:15 »

np, and if it works for you I'm happy too.

It's harder to read code than to write it. - it's even harder to write readable code.

The gospel of brother Riven: "The guarantee that all bugs are in *your* code is worth gold." Amen brother a-m-e-n.
Offline broumbroum

Junior Devvie





« Reply #12 - Posted 2008-01-20 05:05:34 »

ssh for Java is really expensive isn't ?http://www.google.com/aclk?sa=L&ai=BnXz4ddWSR6KtLYKMnQPDjOnVD_CEnwacvPyUAYz2hQewvRAIABABGAEguVQ4AVDCuqDjBWD15beBiATIAQHZAzoLael1_4jv&q=http://www.jscape.com/sshfactory/&sig=AGiWqtyqpWSt2ZpGbHtHdt6QAMZo3vEZCg

or the Netscape.org applet is sufficient for exisiting SSH services....
hence HTTPS is accessible for business purpose not free-hosted webservices. Undecided

::::... :..... :::::: ;;;:::™ b23:production 2006 GNU/GPL @ http://b23prodtm.webhop.info
on sf.net: /projects/sf3jswing
Java (1.6u10 plz) Web Start pool
dev' VODcast[/ur
Offline MKova

Senior Newbie





« Reply #13 - Posted 2008-01-20 16:30:15 »

I don't get one thing, if you have a computer (server) behind router, the router must forward the traffic on some port to the computer. Why not just use that port and connect to router (that will forward data to server) directly?

Someone give me my account back!! ChrisM, please? ....
Offline Riven
Administrator

« JGO Overlord »


Medals: 1369
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #14 - Posted 2008-01-20 19:39:39 »

Have you read the thread?


I cannot do port-forwarding, so I'm using a completely different computer (that either has has port-forwarding, or has a public IP), to make my own computer with inaccessible non-port-forwarding-supporting router, able to host services publicly available.

If it sounds vague, read some atricles describing why there are SSH tunnels and what-not.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline MKova

Senior Newbie





« Reply #15 - Posted 2008-01-21 20:17:04 »

Yes I've read it, but I did fast and did not catch all the stuff.  Well you explained it now, you're using a public computer that has port forwarding or some kind of public access and it's connected to backend server with no port forwarding and no public access.

Someone give me my account back!! ChrisM, please? ....
Pages: [1]
  ignore  |  Print  
 
 

 
Riven (28 views)
2019-09-04 15:33:17

hadezbladez (3957 views)
2018-11-16 13:46:03

hadezbladez (1434 views)
2018-11-16 13:41:33

hadezbladez (3955 views)
2018-11-16 13:35:35

hadezbladez (765 views)
2018-11-16 13:32:03

EgonOlsen (4079 views)
2018-06-10 19:43:48

EgonOlsen (4649 views)
2018-06-10 19:43:44

EgonOlsen (2748 views)
2018-06-10 19:43:20

DesertCoockie (3643 views)
2018-05-13 18:23:11

nelsongames (3834 views)
2018-04-24 18:15:36
Java Gaming Resources
by philfrei
2019-05-14 16:15:13

Deployment and Packaging
by philfrei
2019-05-08 15:15:36

Deployment and Packaging
by philfrei
2019-05-08 15:13:34

Deployment and Packaging
by philfrei
2019-02-17 20:25:53

Deployment and Packaging
by mudlee
2018-08-22 18:09:50

Java Gaming Resources
by gouessej
2018-08-22 08:19:41

Deployment and Packaging
by gouessej
2018-08-22 08:04:08

Deployment and Packaging
by gouessej
2018-08-22 08:03:45
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!