Firewall - 2005/12/23 02:17Palabre server is great, with many useful functions. However, I am facing a slight problem for deployment.
I couldn't configure the Palabre server to pass through my firewall. Has anyone had this problem before?
It runs fine on a local host or on a local area network however once I run Palabre on my server, I can't seem to connect to it. Ports and interface have been bound as well.
Re:Firewall - 2005/12/23 08:47Just open the ports in your firewall.
My Palabre app is running on a Debian Sarge server with an iptable based firewall and as long as the right ports stay opened it works fine.
However, the flash client needs to be connected to exactly the same address as the server ( because of the cross domain security ).
For example, if your flash applet is in a virual host ( vhost.mysite.com ), you need to connect to vhost.mysite.com ( and not simply mysite.com ).
I hope it helps :-)
By the way, I'm working on a set of AS 2.0 classes to easily use Palabre. They are at 75% but I can only work on them half an hour per day on the train back from my job. I hope I can give you a glimpse soon.
Re:Firewall - 2005/12/27 01:44Thanks for the reply LeMagu.
Yeah, at the moment I do not have access to the server firewall as it is under maintenance so we can't set the ports to allow. I've tried connecting through ports 80, 8080, 6969 which is normally opened for various programs but that has not been successful. Still, hopefully when I do get access to the firewall settings, I should be able to contact. I just needed to double confirm that I didn't miss anything out on the scripting side.
I'm interested in taking a look at your AS2.0 classes. I've customized a few classes on the client and server side of Palabre as well but they are all just very basic. I find Palabre very flexible with very minor limitations. However, I'm just a beginner so the coding which I wrote is very simple. The majority of it is running on the functions provided in the sample FLA client.
Re:Firewall - 2005/12/28 01:55Okay, it doesn't seem to be working.
I have a domain of XXX.XXX.XXX.XXX which the client connects from. It is an external IP. My internal IP is YYY.YYY.YYY.YYY. My firewall is between the external IP and internal IP. My firewall on the other hand has its own IP ZZZ.ZZZ.ZZZ.ZZZ and port 1024 is open.
Palabre server is running on the internal IP.
I have a few questions.
1) Which IP would the client connect to? 2) Should the IP in the server config be bound or accept all interfaces? 3) The port is open, which type should be allowed? TCP or UDP?
I can't seem to get the client and the server connected to each other and honestly I'm not too sure what the problem is. When I run the server and client on a local machine with a local host it works fine. Even over a network workgroup it still works.
In your case, the sever hosting Palabre is behind a firewall, so it doesn't have a public IP. If you configured Palabre to run on port 1024, you must forward (and not "open" ) all incoming connections on the firewalls TCP port 1024 to the server hosting Palabre. (via NAT rules)
And in your actionscripts you must specify the Public IP of the firewall.
For example if your domain is erwin.com(201.201.201.201) The public (internet) IP of the firewall is 201.201.201.201 And the Private IP of the firawall is 192.168.0.1 And the Private IP of your server with Palabre is 192.168.0.2
You must create a rule on the firewall to forward any connection received on interface 201.201.201.201 on TCP port 1024 to IP 192.168.0.2 port 1024
And then you can take for example a PalabreTest.exe and test the connection on the IP 201.201.201.201
If this is working,
To summarize :
> 1) Which IP would the client connect to? The public IP of firewall XXX.XXX.XXX.XXX
> 2) Should the IP in the server config be bound or accept all interfaces? Either Bound to the private IP (YYY.YYY.YYY.YYY) or All interfaces will work
> 3) The port is open, which type should be allowed? TCP or UDP? TCP but don't forget to forward the port in the firewall rules
The problem is not in the firewall or anything of that sort. The problem lies in the fact that the flash client has to go through an apache server to masks the ip and use a sub-domain. If I'm not mistaken Apache is changing the port settings.
Anyway, now I am able to connect to the server using the static IP instead of the domain name (masked ip).
Re:Firewall - 2005/12/29 01:40Currently my flash is embeded into a php page. I currently cannot connect to the server by using the domain name, it is only possible by using the IP.
For example, my domain name is www.erwin.com and the file is chat.php
I cannot connect if i load the swf from www.erwin.com/chat.php however i can connect if I use 201.201.201.201/chat.php
Re:Firewall - 2005/12/29 09:47Yes this is a known restriction of the flash player When playing in a webpage, you must connect to the exact same name. So i guess that in your flash scripts you specify a connection to the IP address instead of the domain name so if you use : http://www.erwin.com/flash.php you must use :
Code:
xml.connect('www.erwin.com',1024);
and not erwin.com nor 201.201.201.201 even if thoose are all the exact same address.
Re:Firewall - 2005/12/30 03:10Ah okay.. I have come across teh cross-domain-policy xml during my search for a solution but I didn't think it would apply to a domain which is exactly the same.
Either way, I have found another solution which works just the same although you would need to go through a little bit more hassle. It is possible to load the swf in an iFrame using php which ties it down to the static ip although it is being loaded in the domain.
Thanks for all your help. I look forward to future enhancements in the project. It has a lot of potential.
Re:Firewall - 2006/01/03 16:48I'm not really qualified in ip maskering and forwarding so I won't help you in this case.
However I know that when you try to connect to a server-side application with a flash client app that is on another ip/domain, your script will die in silence. This is because of the Macromedia Cross-domain Security Policy. You must write an xml file in the root directory of the domain on which the palabre server is.
If you are using a sub-domain, your xml must be in the root of this sub-domain.
If your a using Flash Mx 2004 or above, you can specify the location of your file like this :
Re:Firewall - 2006/02/16 04:15LeMagu(s) wrote: When you are using XMLSocket object, you need to set the xml file on the port of your httpd server ( usually the port 80 ).
I understand what you mean and have read the articles on cross-domain policy files. However I don't get what you mean about setting the xml file on the port of my httpd server.
I need to load the swf from www.erwin.com for some javascript purposes. Previously my solution was to use an iframe to load the swf using ip (201.201.201.201). The parent of the iframe is loaded from www.erwin.com
However, for my javascript from the iframe to communicate to its parent, they need to be on the same domain. Therefore, I am now trying to load my swf directly from www.erwin.com which means that I require this cross-domain-policy to be sorted out.
At the moment, I'm not sure what my mistake is. Any help or suggestions would be greatly appreciated.
Re:Firewall - 2006/04/04 03:09ah yes, I'm back again.. and so is the issue about firewalls. Here's an update on the current issue I'm having.
Because palabre and flash's xml socket connection requires an ip connection to be established between the server and the client, firewalls would block unauthorized ips. If i'm not mistaken, we are unable to form a connection using DNS. So far, an ip address must be provided to connect.
Anyway, a common issue with connecting applications is because the client's proxy/firewall prevents most socket connections. Most firewalls prevent any kind of communication, except for HTTP. This is done to protect the internal infrastructure; users can still browse the Web, but cannot connect to other networked applications.
Now with Java applications, it is possible to connect to the server using http. This is sometimes called firewall tunneling. In java, servlets are created on the server side to wrap all client messages in HTTP requests. This would allow us to 'tunnel' through the firewall.
I am not familiar with python so Celio, it would be helpful if you could give an insight on this problem.
First, it's strange that you have to access directly through the IP and not via the Domain name. I can connect without any problem to a DN if the SWF is hosted on the same domain (if it's not, crossdomain policy files are working great).
And for Port restrictions, it depends on the Network structure of the client.
If the admin only allows the port 80 (http), the fastest solution is to configure palabre to run on the port 80 of the server. This means that you must have at least two IPs one for the web server that serves your web pages and flash client, and one for palabre (and you will definitely need a crossdomain policy file)
For Http tunneling you would need a specific client and server solution, and i think this would really add some latency ...
So I don't think there is anything else to do in Palabre or Flash to solve this problem sorry :(
But if someone has a solution ... you're really welcome :)
Re:Firewall - 2007/06/29 15:59Erwin wrote: LeMagu(s) wrote: When you are using XMLSocket object, you need to set the xml file on the port of your httpd server ( usually the port 80 ).
I understand what you mean and have read the articles on cross-domain policy files. However I don't get what you mean about setting the xml file on the port of my httpd server.
Palabre on Facebook
DOWNLOAD
FORUM
FAQ
WHAT IS IT
