Bidirectional Networking
Bryan Olson
fakeaddress at nowhere.org
Sat Dec 13 18:13:39 EST 2008
Emanuele D'Arrigo wrote:
> Hey Bryan, thank you for your reply!
>
> Bryan Olson wrote:
>>> Is it possible then to establish both a server and a client in the
>>> same application?
>> Possible, and not all that hard to program, but there's a gotcha.
>> Firewalls, including home routers and software firewalls, typically
>> default to disallowing connections in the 'wrong' direction. If the
>> client initiates all connections, you avoid a world of hassles.
>
> Ah yes, I can see that. Uhm. I have absolutely no idea right now how a
> firewall works from a programming point of view and what happens in
> normal "residential" circumstances. I.e. it's clear that firewalls are
> configured to allow http traffic because I can browse the internet. Is
> that done leaving a specific port open? Or does the browser request
> the firewall to open a specific port for it and the firewall trust the
> browser to handle safely anything that comes through?
Software firewalls will often simply refuse incoming connections. The
basic protection of the garden-variety home router comes from "network
address translation" (NAT), in which case TCP connections initiated from
the inside will generally work, regardless of port, and incoming
connections will fail.
Internet server farms often enforce the other side of the client-side
policy, with firewalls configured to disallow outgoing initiation of
connections.
If the application need to work in restrictive environments where
firewalls only pass known protocols, a popular approach to build the
application protocol on top of HTTP, with all the required standard
headers and a new content-type.
> I.e. in the case of the code in this thread, would it be the
> responsibility of the application to tunnel through the firewall and
> listen for connections
I'm not clear on what that means.
> or would it be the responsibility of the user
> to configure the firewall so that the application can receive a
> connection?
That can be a huge hassle. The first choice is for the application to
conform to popular firewall policies, so no special configuration is
required.
--
--Bryan
More information about the Python-list
mailing list