Networked program accessible on internet

[Guest]

How would one go about having their program accessible on the internet?

I am working on making a Connect 4 game with SFML & C++. They have sockets available to let you do some network coding. I asked in the SFML discord & they basically said

Quote

It's impossible unless you make your computer super unsafe which I won't help you do.

So, they were of zero help.

I logged into my router & set my desktop to have a static IP across the LAN. I also set a few ports to be open through my Verizon router.

 

I'm imagining I should just be able to have a program open a client socket, use my internet IP address & attach the socket ported to the WWW to the IP I'm connecting to.

 

Is there an easier way to do this?

Am I on the right track?

 

I haven't gotten things to work yet. What else am I missing? Did I do everything correctly & just mess up my code maybe?

 

Spoiler

I'm a student in CS & want to do network programming professionally. I think it'd help if I could actually have things work on the internet when I apply for jobs & work a job.

 

[svmlegacy]

8 minutes ago, fpo said:

It's impossible unless you make your computer super unsafe which I won't help you do.

Well, there is a point to be said here. You may want a cheap/used second machine to host this, so that if it does get compromised, the damage is limited.

[Guest]

2 minutes ago, svmlegacy said:

Well, there is a point to be said here. You may want a cheap/used second machine to host this, so that if it does get compromised, the damage is limited.

If I know how to open it, I know how to close it.

Takes 1 second to unplug the wifi adapter.

 

EDIT:
This isn't a thread on internet safety.

[DevBlox]

I imagine you'd like something that works like a P2P system, like torrents or a lot of video calling services. You have only one option really, the UPnP system in your router (it is likely to be turned off by default if it's an office router, because it's notorious for being insecure). You can use that for the application to port-forward itself.

 

The issue with NAT is that if neither peer is able to connect to the other one (closed ports on both, and no UPnP), you need a third party to negotiate a connection for the two peers. So if UPnP is off, that's the only other option, you'd still need a server.

[Guest]

4 hours ago, DevBlox said:

I imagine you'd like something that works like a P2P system, like torrents or a lot of video calling services.

I’ve considered it but I was thinking more so client server. Everyone connects to the guy hosting the game first. 

However, either should be fine. 

4 hours ago, DevBlox said:

You have only one option really, the UPnP system in your router (it is likely to be turned off by default if it's an office router, because it's notorious for being insecure). You can use that for the application to port-forward itself.

I’m guessing every client will need to turn this off? 

If that’s the case, then the technical bar for using the application is too high for an end user. 

4 hours ago, DevBlox said:

The issue with NAT is that if neither peer is able to connect to the other one (closed ports on both, and no UPnP), you need a third party to negotiate a connection for the two peers. So if UPnP is off, that's the only other option, you'd still need a server.

So I’ll need to write a separate program that’s connected to before connecting to the other users? 

How would I expose this server to the internet? 

[Franck]

To have access to a software from outside a LAN network it's just a matter of doing a port forward from your router to the computer that is running the socket listener. If it's a server you SHOULD forwarded directly to that server IP so it doesn't access anything else.

 

Them saying it make the computer "super unsafe" this is just bullshit. The guy that answered you was very likely an intern or someone with no programming / networking background.

 

So in short your solution was excellent. Setting a static IP for that computer ensure you are redirecting that that specific computer. If you had been on a domain you could have redirected by the hostname but IP like you did is still better as if your DC is down or have issue for any reason the Hostname do not resolve to the IP.

[DevBlox]

42 minutes ago, fpo said:

I’ve considered it but I was thinking more so client server.

 

33 minutes ago, Franck said:

So in short your solution was excellent.

this

 

In that case, yes, you're all good with that solution. It is probably a better place to start anyway, P2P is a way more complicated, especially when you introduce that third-party. You can minimise the possible damage in case of break-in by segmenting/firewalling (basically DMZ'ing) away that machine from the rest of the LAN, making it more difficult to pivot over it. Not really necessary, but that's an option.

 

50 minutes ago, fpo said:

I’m guessing every client will need to turn this off? 

I'm not sure about this one, can possibly be a router feature to expire automatically. At least my router does not display any such option. It sounds silly that it would just remain open if an application would crash for example. But I suspect it's good hygiene to close it after.

 

56 minutes ago, fpo said:

So I’ll need to write a separate program that’s connected to before connecting to the other users? 

How would I expose this server to the internet? 

Pretty much yeah, both peers check in to that third party server with their addresses and ports. The peers' respective NATs get new mappings and thus new 'holes' in the firewall. The server then gives you the peer's info on request and you use that info to traverse it's NAT to the peer. The server should be publicly addressable by both peers too, that's the only requirement for it (you could port-forward that in your LAN for example). I'm still in the dark on some of the details, like how that NAT mapping, only intended to work for the server, works with the peer, etc. I've not implemented such a thing to try yet, I hope I'll get around to. A fair bit of applications use this method almost exclusively as I'm aware, it means you're not dependant on UPnP that may or may not be there.

[Guest]

I logged back into my router to make sure I port forwarded.
My static local network IP is 192.168.1.165 (different from my public IP by googling "What's my IP?")
I opened the port "42069" just to go through the motions again & make sure I did all the steps correctly.

Spoiler

Spoiler

 

 

My desktop. Should be the static IP as configured in "IPv4 Address Allocation"

 

Franck

Spoiler

Spoiler

 

3 hours ago, Franck said:

To have access to a software from outside a LAN network it's just a matter of doing a port forward from your router to the computer that is running the socket listener. If it's a server you SHOULD forwarded directly to that server IP so it doesn't access anything else.

So there's a third setting I need to tick to make sure that port is accessed by my PC every time the router is being told to send something to said port?

What is this setting called? I was under the impression that the router would send a message to all PCs on the network saying "Does anyone have this port open?" and my PC would respond "I do!" to then get the data.

Quote

Them saying it make the computer "super unsafe" this is just bullshit. The guy that answered you was very likely an intern or someone with no programming / networking background.

From the way these people phrased things, it was quite obvious. How else would minecraft & Garry's Mod servers be hosted? (I'm going to look into those now that I think of it & see if those will provide any information in addition to what you guys are helping me with.)

Quote

So in short your solution was excellent. Setting a static IP for that computer ensure you are redirecting that that specific computer. If you had been on a domain you could have redirected by the hostname but IP like you did is still better as if your DC is down or have issue for any reason the Hostname do not resolve to the IP.

 Does my program need to tell the host's LAN which static IP to access?

IE:
1. program starts

2. Connect to public IP fpo.com

3. Tell fpo.com to access server on local IP 192.168.1.165

4. connection to server is complete

Or is step 3 not necessary?

 

 

 

DevBlox
 

Spoiler

 

2 hours ago, DevBlox said:

In that case, yes, you're all good with that solution. It is probably a better place to start anyway, P2P is a way more complicated, especially when you introduce that third-party. You can minimise the possible damage in case of break-in by segmenting/firewalling (basically DMZ'ing) away that machine from the rest of the LAN, making it more difficult to pivot over it. Not really necessary, but that's an option.

Yeah, I want to practice the client-server style first. I would do the P2P but that seems like work on top of the Client-Server workflow where I'd need to learn Client-server anyway from the way you phrased this.

Quote

I'm not sure about this one, can possibly be a router feature to expire automatically. At least my router does not display any such option. It sounds silly that it would just remain open if an application would crash for example. But I suspect it's good hygiene to close it after.

I meant that if I did do a P2P system, every peer that wanted to join would have to turn off the setting to enable P2P usage? Doesn't make much sense as torrenting programs don't require the end user to do such a thing.

Quote

Pretty much yeah, both peers check in to that third party server with their addresses and ports. The peers' respective NATs get new mappings and thus new 'holes' in the firewall. The server then gives you the peer's info on request and you use that info to traverse it's NAT to the peer. The server should be publicly addressable by both peers too, that's the only requirement for it (you could port-forward that in your LAN for example). I'm still in the dark on some of the details, like how that NAT mapping, only intended to work for the server, works with the peer, etc. I've not implemented such a thing to try yet, I hope I'll get around to. A fair bit of applications use this method almost exclusively as I'm aware, it means you're not dependant on UPnP that may or may not be there.

For the time being I'm going to focus on the Client-Server process before getting into that.

I'm hoping to get into game development, so P2P might be nearly entirely out of the question anyway. (Unless I use the Photon API & service which is much higher level-I've used it before.)

 

 

[Franck]

6 minutes ago, fpo said:

So there's a third setting I need to tick to make sure that port is accessed by my PC every time the router is being told to send something to said port?

What is this setting called? I was under the impression that the router would send a message to all PCs on the network saying "Does anyone have this port open?" and my PC would respond "I do!" to then get the data.

 

No extra step needed, and no a message doesn't go to all computer within the network (unless your network is USB cable instead of ethernet). You have to tell the computer which one to connect to. Once this is done the message will have the proper header to know where it has to go but the initial call never know where it goes internally. You cannot port forward the same port to 2 different computer either with the same DNS.

 

the port the client connect from is not important. If the client A query your server at X.X.X.X:5454 it may have used port 1234 to send on his side. you server will answer him going out his port but going in his port 1234 which he is waiting for a response and will therefore know it goes to his specific computer behind his router. His own computer firewall may block in/out on the port he will be using to send, but that can be requested to add during install of your application.

 

6 minutes ago, fpo said:

From the way these people phrased things, it was quite obvious. How else would minecraft & Garry's Mod servers be hosted? (I'm going to look into those now that I think of it & see if those will provide any information in addition to what you guys are helping me with.)

 

The role of a router is to block every port THEN you unblock ports you want. Typically port 80, 25, 8080, 21 are unblock and a couple standard others. Putting aside implementation failure, knows security flaws of certain models it is supposed to be bullet proof.

 

6 minutes ago, fpo said:

 Does my program need to tell the host's LAN which static IP to access?

IE:
1. program starts

2. Connect to public IP fpo.com

3. Tell fpo.com to access server on local IP 192.168.1.165

4. connection to server is complete

Or is step 3 not necessary?

 

Okay from this example it's easier to give you a good process flow

1 - client program starts

2 - client program open socket connection to fpo.com

3 - Message goes to his router, to his modem, to the internet

4 - the provider for fpo.com receive th message from the client and redirect it to your modem at let's say 1.2.3.4 (your public IP)

5 - Your modem receive the message and send it to your router saying [Client public IP] send X message to port [your selected port]

6 - Your router receive the message and check his port forwarding rules and see's "Hey if i get call for [your selected port] i need to send it to [192.168.1.165]"

7 - [192.168.1.165] receive the message on the correct port and check if it has a socket listener (a socket server) listening to that port and the socket receive the message

8 - message delivered and can be treated.

 

return is easier as the server knows the client public IP and the port he has used to send and the message will find it's way back to his computer easily.

[Guest]

5 hours ago, Franck said:

snip

 

5 hours ago, Franck said:

Okay from this example it's easier to give you a good process flow

1 - client program starts

2 - client program open socket connection to fpo.com

3 - Message goes to his router, to his modem, to the internet

4 - the provider for fpo.com receive th message from the client and redirect it to your modem at let's say 1.2.3.4 (your public IP)

5 - Your modem receive the message and send it to your router saying [Client public IP] send X message to port [your selected port]

6 - Your router receive the message and check his port forwarding rules and see's "Hey if i get call for [your selected port] i need to send it to [192.168.1.165]"

7 - [192.168.1.165] receive the message on the correct port and check if it has a socket listener (a socket server) listening to that port and the socket receive the message

8 - message delivered and can be treated.

 

return is easier as the server knows the client public IP and the port he has used to send and the message will find it's way back to his computer easily.

Oh okay, so then it's totally working. Sounds good.

I was reading a GMod guide & they told me to go into these settings:

Spoiler

Portforwarding.com was referenced & they tell you to do a lot of settings in these menus from control panel.

I didn't confirm any settings on the right window because I wasn't sure if I needed them, nor if those were even correct.

 

TL;DR

The only important part is the router's configuration? or do I need to add the other settings in the spoiler too?

[Franck]

14 hours ago, fpo said:

I was reading a GMod guide & they told me to go into these settings:

that thing you posted what it does is you force your computer to ASK the router to give him a specific IP you want. You see, a DNS in the router give random IP to computer that connect to it within it's IP range. Giving and IP to a computer comes with a TTL (time to live) typically home router this number is pretty high so that IP is somewhat reserve for your specific computer while it's powered off until that timer (TTL) ticks down. That timer reset everytime the computer powerdown and start counting down. Typically those timer are set to something ridiculous like 3 months by default so as long as you turn on your computer every 3 months it will keep the same IP and the router wont give that IP to someone else.

 

The setting you showed what it does is in the event of the timeout happened and the router give you a new IP your computer will ask the router to GIVE him that IP you set if it free. That IP CAN be given to another computer. To really FORCE that computer to have a specific IP you have to do this on the router and tell it to give the IP X.X.X.X to the MAC address of the computer in question. Then the IP will never be given to any other computer ever. This setting is different on each router brands and model. Refer to the router manufacturer user guide to see how to set this up.