I'm faced with a problem when trying to access the GCM from a controlled environment that restrict me to a few websites that I can access. In this environment I need to specify what websites I would get access. At first time, I allow the https://android.googleapis.com/gcm/send to free access, but it does not work. Only when I allowed the whole http://google* (notice the asterisc) that worked fine, but I don't can let that mode.
Anybody knows the whole list of websites that are accessed by GCM, in order to register them in my firewall whitelisting?
From the GCM Http Connection server documentation, it states that:
Note: If your organization has a firewall that restricts the traffic to or from the Internet, you need to configure it to allow connectivity with GCM in order for your GCM client apps to receive messages. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169.
So you need to configure you ports for 5228, 5229, and 5230.
Related
Google Chrome scheduled for M74 release that the mDNS support for local ICE candidates will be involved in the browser to increase privacy.
This feature is controlled by the feature flag -enable-webrtc-hide-local-ips-with-mdns ;
I am trying to test the effect of mDNS support for WebRTC users on Google Chrome. I am testing with my custom WebRTC App and execute below test steps before making call;
1- WebRTC clients are logged in with using identical mDNS broadcast domains,
2- mDNS in Google Chrome Canary is enabled via -enable-webrtc-hide-local-ips-with-mdns flag on both party,
After the call has been generated, I saw that WebRTC agents are replaced their private IP's with anonymous local IP's which are followed by ".local";
Also I detect that the call signaling is generated and the media stream is performed successfully, but the ICE candidates are chosen from relay candidates(used TURN Server), not host candidates;
I think the parties cannot resolve their anonymous IP's and select to establish communication on existing TURN Server (use relay candidates).
I am sure that the clients are under the same subnet, but why they cannot resolve each other's anonymous IPs? I know that the nodes are broadcasted their anonymous IPs via 5353 port of mDNS and I expected that they will resolve the IPs easily. Is there anything that I missed during testing?
Your assistance would be highly appreciated. Thanks a lot
Android.googleapis.com-
We send notification to the device when a content is pushed in the system, this is the google server which is responsible for sending the notification to the corresponding devices, Our both Sync Server and web portal send notifications to device using the GCM Server.
firewall at my organization is blocking the "android.googleapis.com". I need IP addresses for this URL so, that it can be allowed from firewall.
Pl. help
Run a cmd, then ping android.googleapis.com you can see in the answer IP of the URL.
Instead of getting the IPs only once, it's better to have a local DNS server and then record the IPs corresponding to the domains that you want to be allowed.
If you use Linux as the router & DNS server, dnsmasq allows adding IPs for specified domains into ipset. Then you configure the firewall to allow that ipset.
The ipset entries can be configured to expire after some duration.
I am implementing push notifications for mobile banking application using GCM. According to IBM Document we have to open ports 5228,5229,5230 and 443. And our firewall should allow all the IP ranges specified in ASN15169 specification. Because of security reasons Security team not giving access to IP ranges of ASN15169. Please suggest me if we have any other way to access gcm services for application instead of allowing all the ip blocks.
This is related to Google.
If your banking environment does not allow these ports then you need to either convince the security managers of the bank to allow it. Or, create a separate network from the banking systems where you will install a server and connect a device to test the notifications.
I have developed an IOT module which can connect to the Wi-Fi and send data to the internet, the module can send data (string) to specific IP address on the specific port.
The internet server should store that information to the data base and display that information to the user via HTTP (web page).
When I set the port to the 9081 (any random number) and my local computer IP address as IP address that module should send data to, I can see data on my local computer terminal.
My question is that how can I send that data to the internet?
What I have in mind is that I can purchase domain name, host and develop a web site (HTTP) which by default listen to port 80. The service provider only give me a basic services such as HTTP, HTTPS and FTP which make it possible to upload website and I don’t have access to other protocols and ports.
Should I purchase virtual private server or I should use any specific cloud services or the module can send data to the server on port 80 without getting conflict with web pages and web contents?
Please give me some suggestion.
I did something similar with an IoT module. There are two options that I also considered. Before we describe, there is no need to buy a domain name. You can comfortably use the IP address to connect to. If you have some spare cash go for it.
Send everything to the web server on your local computer. To have access to the local computer you must enable port 80 to be accessible over the internet. You do this on a router. This is called port forwarding. You setup a rule such that all the requests made to your IP address on port 80 should be redirected to your local computer on whatever port the web server is listening to. This is the cheapest method available. Also, there is an important limitation: you're local computer needs to be switched on all the time if you want to access the data.
Buy a droplet (virtual private server). The workflow is the same as 1, but you don't need to port forwarding anything. These are usually setup and ready to use. However, this is usually expensive. Most of these providers offer pay-as-you-go services (e.g., Digital Ocean is the one that I used). There are other providers which offer free but limited versions. These are usually developer trial versions. If you go over a number of transactions, or space, you will have to pay (have a look at Parse).
internally, our organization limits what servers and applications can send emails. I would like to be able to have scripts that could be run on any server send an email when done. Is it possible to install IIS SMTP on a single server and have that relay all mail the servers send to our standard relay servers? All the advice I see on the internet talks about configuring relays for outbound connectivity, but this would be for internal use only. the flow would be something like this, I believe
[any server] --> My SMTP relay --> corporate SMTP relay --> Internal Mail system
Is this doable? if so, any links on how to configure? I have nearly zero SMTP knowledge.
Doable, you should search for "SMARTHOST SMTP" in google. If your mail server limits relaying to specific HOSTS/IP address, you'll still need to add the new server to the relay list. Setup will be a little different depending on you mail server/version (Exchange, IIS SMTP).
SMART HOST for Exchange:
http://www.dnsexit.com/support/mailrelay/exchange/setup.htm
I have a similar setup to what you have described. You might want want to check if your SMTP server allows relaying for authenticated users, since this might allow you current script to send emails using a domain/email user account.