Firewall problem: SocialVPN can bypass the firewall, but apps cannot
JustDoIt Ly
(The server, in short). Quickly on my netbook, I found the server
online. And I could ping each other.
Then I installed a web server NGINX on the server, but I couldn't
access it from my netbook. In the reverse direction, from the server
I could access the web server of my netbook via SocialVPN.
When I turned of the firewall of the server, I could access the web
server of the server now.
It shows that the firewall caused the problem.
I am confused. Yes, SocialVPN can bypass the firewall. But I still
cannot access the web server due to the firewall.
Is there a simple way to make sure the applications on SocialVPN can
bypass the firewall also?
Any comments are welcome.
Pierre St Juste
--
You received this message because you are subscribed to the Google Groups "acis.p2p.users" group.
To post to this group, send email to acisp2...@googlegroups.com.
To unsubscribe from this group, send email to acisp2pusers...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/acisp2pusers?hl=en.
--
Pierre St Juste
JustDoIt Ly
Which port is using by SocialVPN to bypass a firewall? Why don't use
this port(ports maybe) to as a bridge to other service ports, such as
80?
Or leave the user to config how to bridge?
Sorry, I have only basic network idea.
On Dec 16, 10:34 pm, Pierre St Juste <pton...@gmail.com> wrote:
> Basically, SocialVPN cannot override your operating systems' firewall. For
> example, you are running a Web server on port 80, if your OS is blocking
> that port, all IP traffic sent to the virtual NIC to port 80 will be blocked
> by the OS. Maybe we should be have a better definition of what we mean by
> firewall. Thank you for pointing that out.
>
> On Wed, Dec 16, 2009 at 5:16 AM, JustDoIt Ly <justdoi...@gmail.com> wrote:
> > Today I installed SocialVPN on a windows server 2008 of Amazon EC2
> > (The server, in short). Quickly on my netbook, I found the server
> > online. And I could ping each other.
>
> > Then I installed a web server NGINX on the server, but I couldn't
> > access it from my netbook. In the reverse direction, from the server
> > I could access the web server of my netbook via SocialVPN.
>
> > When I turned of the firewall of the server, I could access the web
> > server of the server now.
>
> > It shows that the firewall caused the problem.
>
> > I am confused. Yes, SocialVPN can bypass the firewall. But I still
> > cannot access the web server due to the firewall.
>
> > Is there a simple way to make sure the applications on SocialVPN can
> > bypass the firewall also?
>
> > Any comments are welcome.
>
> > --
>
> > You received this message because you are subscribed to the Google Groups
> > "acis.p2p.users" group.
> > To post to this group, send email to acisp2...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > acisp2pusers...@googlegroups.com<acisp2pusers%2Bunsubscribe@google groups.com>
JustDoIt Ly
of firewall?
Can we stop the firewall rules to the virtual NIC by a general method?
If so, in SocialVPN, you just call the general method. Or can you
offer a general instruction to avoid firewall rules to the virtual
NIC?
> > acisp2pusers...@googlegroups.com<acisp2pusers%2Bunsubscribe@google groups.com>
Pierre St Juste
To unsubscribe from this group, send email to acisp2pusers...@googlegroups.com.
--
Pierre St Juste
P. Oscar Boykin
administration is probably windows, maybe we can look into adding code
that will automatically check the firewall status of the virtual NIC
and will prompt the user to disable it.
--
P. Oscar Boykin http://boykin.acis.ufl.edu
Assistant Professor, Department of Electrical and Computer Engineering
University of Florida
David Isaac Wolinsky
1) Many different firewalls for each operating system. I've even
encountered one machine that had two firewalls running, it wasn't fun
trying to get something trivial like windows file sharing on a LAN
working. I think the best approach is to not support any firewalls
directly, but perhaps we could create some abstract class, which would
allow users to implement firewall detection and enable / disable
switch. Which leads me into the second issue...
2) Generically discovering if a firewall exists: it's not a trivial
problem as a firewall may for example allow pings but block a service.
If we consider Linux, the firewall might block avahi traffic but allow
ssh. Windows may allow ping but not samba. So how do we do this? In
IPOPp ick a fake IP address and ping your local machine, if you get a
response, move to step 2, pick a random tcp port and send a syn. If you
don't get a response, its probably firewalled. If you get a port
unreachable, then the service is probably turned off might not have a
firewall. If you get a syn-ack, then assume no firewall. At the end of
the test, we can have a value the notifies user's of the expected state
of the system. Of course, if we are too intrusive a intrusion detection
system may be triggered having undesirable effects.
At the minimum, we should include in the FAQ that if ping messages are
unidirectional or not working at all, they need to ensure that they
don't have a firewall running on the virtual network device.
Cheers,
David