Develop Reference

websocket will not connect from remote server

I have a web page to control a thermostat on a raspberry pi, and I'm running into difficulties when trying to get websockets to work from a remote client. It seems to work fine when on LAN however. I'm obviously missing something (and likely something basic), but I can't seem to figure out what it is.
The pi's local ip is 192.168.1.134. The web page (served from apache server) has the URL http://192.168.1.134:8010/thermostat.html. The page starts up some javascript, which then tries to connect to the pi's main program using websockets via ws://192.168.1.134:9000. (the server on the pi is running libwebsockets). The websocket comes up, and it seems to work fine. I then tried to connect via a remote client (a cell phone, where wifi was turned off) from http:\\23.239.99.99:8010\thermostat.html. The html/js files load fine, but the web socket attempts to connect to uri ws:\\23.239.99.99:9000, and this fials.
As far as I can tell, the NAT seems to be configured properly:
name ext ext protocol int int ip addr interface
port port port port
start end start end
Thermostat3 8010 8010 TCP 8010 8010 192.168.1.134 eth3.1
Thermostat5 8000 8000 TCP/UDP 80 80 192.168.1.134 eth3.1
Thermostat_ws 9000 9000 TCP/UDP 9000 9000 192.168.1.134 eth3.1
I checked, and the router does not have any firewalls set up, neither does my modem. I didn't install a firewall on the pi (I checked, and there's no odd iptables rule). Does anyone know what I'm missing?
--- EDIT ---
I'm still stuck on this. I called my ISP and they assure me there are no firewalls on their servers. Is there any way to tell if port 9000 is being blocked, and by who?

Bind your apache server to 0.0.0.0 address to make it accessible from remote machines

Try this tool to determine if the port is inaccessible (use the custom port): http://www.whatsmyip.org/port-scanner/
Everything else looks fine. As a sanity check I would try putting the ws port to 8010 to see if that works. I would also recommend using a tool like Advanced Web Client to isolate networking issues.

This is interesting. I once had a similar problem. I set up a WebSocket (I was using a nodejs ws) and once I tried to access it from remote client I was not able to reach it with ws://yourip:port but instead I had to use http://yourip:port. I don't know if you have the same problem, mine was due to a proxy I was using.
I still have an advice for you how you might be able to solve your problem. I don't know how concerned you are about security but as far as I understood your idea you basically connect to your raspberry pi through a WebSocket and tell it to change the temperature.
Back when did a similar project I found it rather hard to secure my WebSocket connection. I was basically sending a password plus command through the WebSocket to my server which then checks wether the password is correct. Otherwise everyone on the internet could heat your house. Not cool...
But therefore, I had to tunnel the connection through https to prevent a middleware attack.
I quickly threw the towel and decided to go with a completely different solution. Basically I set up a nodejs express server (can easily be configured with a self signed certificate to use https or used behind a nginx/apache https server) and authenticated with username and password. When someone made a POST request to /api/thermostats?id=0 with a temperature request, the server checks if the user is authenticated and then executes a terminal command from within node.
Maybe this idea also fits your demands.

Failed to FTP upload using Windows ftp.exe: "PORT IP is not same as nnn.nnn.nnn.nnn"

I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?

The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)

Setting up domain name redirection on Mac OSX for all! domains

im trying to setup a redirection towards an app that im writing in Java. This app opens a port 8443 on my laptop (which is a MacOS 10.10 Yosemite) and offers a HTTPS service.
The big plan is to have another device connecting to an access point that im setting up on my laptop and when it connects to any ip/domain on 443 this traffic is redirected to my local machine on port 8443.
I need to redirect traffic that im getting on 443 to 8443. I kinda might have gotten a solution for this using the following guide: http://www.abetobing.com/node/81, and changed the rule to rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
But this rule only works locally if im right about that. So only traffic coming from my own laptop is redirected. if im trying to open https://192.168.178.25/ on another machine it doesn't work, but https://192.168.178.25:8443/ does.
Additionally i also was able to change a domain via the /etc/hosts file. That only works for local connections and for single domains if im right. So the second step would be to redirect ALL possible domain names to my ip. I think this should be possible with kinda of a proxy service, but since i am new to this topic I haven't found a solution that is working for me.
At the moment I am using 2 Wifi devices and the MacOS Internet share. My USB wifi card is connected to a router and internet. My internal wifi card opens an access point (it says hotspot) and offers the internet connection of the other device. This is annoying, since the USB wifi connection always has to work, otherwise MacOS will shut down the access point. The best solution would be a software opening a reliable access point with the internal wifi card (haven't had any success with the Mac OS ad-hoc network)
I would be so glad if someone would be able to help me out with any of the 3 single parts. Thank you already :)

Script to switch Local Area Connections according to website [not proxy]

Can I write a Windows Task or some kind of configuration script that will choose between two Local Area Connections according to the website I am visiting?
It may not be the best answer to my problem, but if it is possible, at least I know it will work.
The issue in full:
My main ISP currently has an issue routing me to my own websites (all hosted on the same server). It also has a 'sticky IP address' (note, not static) - it will only change your IP address once a fortnight, and they can't (won't) even force a change. Their second line support are working on the issue, but so far, no good, and I cannot access my own websites via their internet connection.
So, currently, I am switching from my main network to my mobile 3G network (tethered) any time I want to work on or view my own websites.
I would like to write a script that will make Windows automatically choose my mobile network for FTP, email and browsing my own websites, but use my main ISP for all other online activity.
Haven't a clue where to start - any help appreciated! Thanks,
Sarah

Well, that was simple, no scripting required. If you're using IPv4 (you can check here https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDoQFjAB&url=http%3A%2F%2Fwww.amiusingipv6.com%2F&ei=Bq4_UpakM4vv0gXboIDwCQ&usg=AFQjCNHiUnyKvVcUe8Z966YwoycLI28urw&bvm=bv.52434380,d.d2k)
Turn Windows features on or off.
Turn on RIP Listener.
Disable your internet connection that cannot connect to the website you are trying to access, and 'tracert' to the website: make a note of the IP address of the website, and the first IP address in the hop list ([FIRST IP]).
Type in 'route print' and make a note of the Interface number of your secondary internet connection.
Type in 'route add -p [WEBSITE IP ADDRESS] mask 255.255.0.0 [FIRST IP] IF [INTERFACE NUMBER] metric 1'
Reboot.
All traffic to the website IP address (be it mail, FTP, whatever) will go through the secondary connection, all other traffic goes through the main connection.
IPv6 instructions here:
http://windows.microsoft.com/en-gb/windows7/configuring-multiple-gateways-on-a-network
My setup is just an iPhone connected via USB as secondary connection and a Home Hub connected via ethernet as primary.
Hope this is useful to someone else - but of course, no one should ever think of using this to get around IP blocks on message boards...
Sarah

How to set up a ping tunnel without a host and a proxy

I have been reading about setting up a ping tunnel to access the internet when you can only send ICMP packets. Ptunnel seems to be a popular program and the instructions to use it can be found here http://www.cs.uit.no/~daniels/PingTunnel/. The instructions to this program say that you must have both a client and proxy computer.
I do not understand the benefit of a ping tunnel if you must have a proxy computer that can send TCP/IP packets. If I had a computer that could do that, I wouldn't need to set up the tunnel in the first place. Can someone please explain this to me, why is a proxy necessary and if it is how is ping tunneling useful then?
NSNolan

Well, let's assume you have a server (PC running linux for example) in your home where it has total internet access and now you are at work/airport/hotel with your laptop where you have no access to tcp without paying.By setting an icmp or dns tunnel you can "encode" your packets to appear as if they were pings/nslookup, those packets destination is always your server. When the server recieves those pings from you, it "decodes" them and totally understand what you are trying to reach (like a website or download a file as an example).
Then your server serves you and get the information you are seeking and "encode" them again into icmp/nslookup like packets. Those packets can reach you without any problem and once they do, your laptop can decode them back into useful information (just like the ones it would recieve with tcp). That encoding & decoding are what the Ptunnel do. Though I'm not professional I think that is the total point.