I have client server cocoa application. client communicate with server by using server's IP address. My questions are how can i check that my server IP address is changed in my cocoa application and how can i notify clients that server's IP address is changed (should i store IP address of client #server and notify to client). I am using Distributed object for communication between client and server.
Use DNS. It supports finding the current IP address of a server, which means that you can easily detect when the IP address changes (and have clients automatically use the updated address). If you envisage rapid changes of the server's address you can use a short time-to-live on your DNS responses.
Related
I have published an ASP.NET core Web API on IIS. The website is hosted on a Windows Server 2019 dedicated server with a number of IP addresses. In Plesk I have set the IP address which I want the website to be bound to (let's assume is it 10.1.1.1). When I ping the domain name I see the correct IP address.
In one of the API's endpoints, there is an HTTP Request made to an external API which has access restriction to pre-defined IP addresses. If a request is made to this external API from an unknown IP it returns an error with that IP address.
Our website's IP address is set properly at the external API. However, when our API tries to connect to the external API from code it doesn't use the website's correct IP Address. It uses the first available IP address on the server. Therefore, the connection to the external API is refused.
My question is, why the HTTP Request is not made from the same IP address as the website and what can I do to make things right?
When we bind sites to IIS, you are only binding the incoming IP address. Traditionally we would want to control and sanitize all outbound requests, it there are multiple NICs configured, the outbound traffic would be routed through the NIC that is configured with the gateway, or the NIC that is on the same subnet as the target.
If your server has multiple IP addresses defined in the same NIC, the outbound IP address from IIS hosted content is selected for you. I'm not sure if it is a round robin but I can tell you it is not in any way related to the incoming IP address that your site is bound to.
Outbound traffic is NOT associated with IIS at all, outbound traffic from IIS follows the normal pathway and rules as outbound connections from all processes on your PC/server.
The general standard to avoid this issue in IIS is to use SSL and Host Header Names. That way you can host multiple sites on the same IP address, or realy you are inbound address agnostic meaning your configuration can be easily ported to other hosts without having to mess around with multiple physical or virtual IP addresses.
Following this advice from Forcing Windows Server to Use a Specific Outgoing IP Address, you can use powershell to exclude specific IP addresses from being used as the external source.
Assuming the IP address you want to be primary is 192.168.33.129.
$primaryIP = "192.168.0.4"
Set-NetIPAddress -IPAddress $primaryIP -SkipAsSource $false
Get-NetAdapter | Get-NetIPAddress | ? { $_.IPAddress -ne $primaryIP } | % {
Set-NetIPAddress -IPAddress $_.IPAddress -SkipAsSource $true
}
Now all IP addresses, except the one you are designating as "primary," will be excluded from consideration as primary. We can verify this using...
Get-NetAdapter | Get-NetIPAddress | Select-Object IPAddress,SkipAsSource
It must also be said that communications outside of your IIS host can be routed via VPNs and Firewalls, even if you manage to fix the internal IIS server outbound IP address, the external site will still register your network's external IP address, not the internal 192.168.0.4 on the NIC.
Most enterprise firewalls will have the ability to configure Source NAT (SNAT) rules or policies, sometimes referred to as Multipath Routing, that will allow you to bypass or negate any configuration on the IIS NIC as described above.
I am developing a .Net Core REST API for an Android app which is written in Dart/Flutter, both .Net Core and android app are connected to the same local network, right now I am sending requests to server by using it's IP address, however I want to make it easy for end users to use the app since they have limited knowledge of configuring stuff.
How can I link a local domain to the server or at least use server name instead of ip address for sending requests, in that case it would have saved me a lot of time and hassle with end users.
Do I need a DNS server for this and is it easy to implement this functionality?
According to your description, you should set up a DNS server in your local network. If you want to access the app by using domain, you should make sure the android app is also inside that local network.
A DNS server is a computer server that contains a database of public IP addresses and their associated hostnames, and in most cases serves to resolve, or translate, those names to IP addresses as requested.
More details about how to set up a DNS server and configure a DNS server , you could refer to below article: https://support.microsoft.com/en-us/help/814591/how-to-install-and-configure-dns-server-in-windows-server-2003
In the WebRTC signalling process, I have to find my own public IP address with my port by doing a request to a STUN server. But does it really need to be this complex?
Couldn't I just send a request to the router of my subnet and get its IP address and the port it opened for me? Or even better, I store directly my public address in my computer and the router notifies me whenever it changes. The browser would give an API to get this public address directly. No need to use a STUN server. Why don't we do this instead?
Thank you for your help.
These are all great questions.
Couldn't I just send a request to the router of my subnet and get its IP address and the port it opened for me?
There's an old protocol called uPnP that will dynamically open a port mapping for you - provided the router supports it. A lot of routers used to support it. Not sure how standard it is now.
Even if routers were intelligent and there was a standard signaling mechanism in place, STUN (or something equivalent for STUN is still needed) for the following scenario.
Carrier NAT is when your ISP is sharing a public IP address with multiple routers. That is, your router's public IP address as configured by the ISP when it starts, is really just another private IP address. Upstream, there's a "bigger router" that is sharing the public IPv4 address with multiple other customers. That is, your PC might think it's IP address is 192.16.1.2, and your router reports that it's own IP address is 10.0.0.2. And the actual public IP address, 1.2.3.4, is shared with other customers. STUN solves this problem because the outbound packet to the public STUN server will go through both NATs - creating port mappings along the way.
Or even better, I store directly my public address in my computer and the router notifies me whenever it changes
Because establishing an effective P2P/WebRTC connection is more than knowing your public IP Address. It also involves knowing what "port" to use as well. While most routers will attempt to preserve the local port of the socket the client PC is using in the mapping (e.g. 10.0.0.2:9876 maps to 1.2.3.4:9876). This isn't always the case - another node could be using port 9876 on your network and/or many NATs just pick a randomly available port for the mapping. At the end of the day, you have to signal to the other side of your P2P/WebRTC connection "which IP" and "which port" to use.
The browser would give an API to get this public address directly.
There are plenty of sites such as whatismyipaddress.com that will tell you your IP address. But if there's a HTTP proxy server involved (explicitly configured on the PC or silently deployed on the network), the web service will only see the proxy IP address. Further HTTP(S) is a TCP based protocol. STUN and WebRTC are UDP based.
I have developed an IOT module which can connect to the Wi-Fi and send data to the internet, the module can send data (string) to specific IP address on the specific port.
The internet server should store that information to the data base and display that information to the user via HTTP (web page).
When I set the port to the 9081 (any random number) and my local computer IP address as IP address that module should send data to, I can see data on my local computer terminal.
My question is that how can I send that data to the internet?
What I have in mind is that I can purchase domain name, host and develop a web site (HTTP) which by default listen to port 80. The service provider only give me a basic services such as HTTP, HTTPS and FTP which make it possible to upload website and I don’t have access to other protocols and ports.
Should I purchase virtual private server or I should use any specific cloud services or the module can send data to the server on port 80 without getting conflict with web pages and web contents?
Please give me some suggestion.
I did something similar with an IoT module. There are two options that I also considered. Before we describe, there is no need to buy a domain name. You can comfortably use the IP address to connect to. If you have some spare cash go for it.
Send everything to the web server on your local computer. To have access to the local computer you must enable port 80 to be accessible over the internet. You do this on a router. This is called port forwarding. You setup a rule such that all the requests made to your IP address on port 80 should be redirected to your local computer on whatever port the web server is listening to. This is the cheapest method available. Also, there is an important limitation: you're local computer needs to be switched on all the time if you want to access the data.
Buy a droplet (virtual private server). The workflow is the same as 1, but you don't need to port forwarding anything. These are usually setup and ready to use. However, this is usually expensive. Most of these providers offer pay-as-you-go services (e.g., Digital Ocean is the one that I used). There are other providers which offer free but limited versions. These are usually developer trial versions. If you go over a number of transactions, or space, you will have to pay (have a look at Parse).
In order to notify all computers within the same LAN about my existence, I want to broadcast my hostname and IP address.
How do I go about doing so without sending them as a string?
Avik, this is what DNS is meant to be used for. While "regular" DNS is meant to hold names and IP addresses for each machine (statically configured), there is a dynamic DNS protocol which allows machines to update their DNS entries in real time.
This sort of capability is used in some of the office environments for my clients where printers on a machine are shared but the machines they're attached to use DHCP (meaning their IP address can change).
See here and here for details and the Windows implementation with DHCP.
Lets call your machine that wants to advertise itself the SERVER and all the machines that can use it, the CLIENTS.
Of course, dynamic DNS only notifies DNS itself of the name/IP mapping and is useful if the CLIENTS are already aware of your SERVER so they can get the IP address from DNS. If you have no way for CLIENTS to discover that your SERVER has just been added, you'll still need to broadcast a packet occasionally indicating that your SERVER exists (this will only need the SERVER name since CLIENTS will use DNS to get the IP address).
This broadcast packet should be picked up by all CLIENTS and kept in a local table. If the communications from a CLIENT to your SERVER fails, the local table entry for your SERVER should be removed (it'll be re-added when your SERVER broadcasts again).
Basically re-inventing NetBIOS or ZeroConf, as popular with small embedded devices for discovery by a Windows or OS X based installer or setup utility.
You can try to use UPnP Discovery.