I am testing an application which communicates to a server via a UDP port, and I need to block this port to make sure the application can handle it.
The Problems:
1. It has to be done in an automated test (which is controlled by VBScripts).
2. It has to be done in Windows XP, without using a firewall.
I have tried this:
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colPorts = objPolicy.GloballyOpenPorts
Set objPort = colPorts.Item(9999,6)
objPort.Enabled = FALSE
but it did not work.
This may be of interest:
How to block specific network protocols and ports by using IPSec
http://support.microsoft.com/kb/813878
Related
I have a dedicated windows 2012 server with 12 dedicated IPs.
I want to be able to make connections simultaneously from two different ips that I choose.
This will be used for two different browser applications.
I have tried the following:
ForceBindIP %IP_ADDRESS% %APP_EXE%
But the IP doesn't change, the browser always displays the lowest IP from my added range.
I have also experimented with a script that removes all the ips, and then just adds one.
netsh interface ipv4 delete address "Ethernet" 104.251.111.110
netsh interface ipv4 delete address "Ethernet" 104.251.111.111
netsh interface ipv4 delete address "Ethernet" 104.251.111.112
netsh interface ipv4 delete address "Ethernet" 104.251.111.114
....
netsh interface ipv4 add address "Ethernet" 104.251.111.115 255.255.255.0
This changes the address BUT I end up having only one IP for both applications.
If the applications you intend to use doesn't support binding to interfaces/ip (true, it's uncommon), you can use SOCKS or Proxy software (which is a lot more common, especially browsers).
For instance you could install WinGate or Squid http://www.squid-cache.org (which is the one I know most).
Squid-Cache have the ability to bind to different outgoing addresses based on rules (http://www.squid-cache.org/Doc/config/tcp_outgoing_address/ ).
Basically what you need to do is:
install Squid
add ACL for loopback IP mapping, such as:
acl IP110 src 127.0.0.1/32
acl IP111 src 127.0.0.2/32
[...]
tcp_outgoing_address 104.251.111.110 IP110
tcp_outgoing_address 104.251.111.111 IP111
[...]
And the default, which is just formally needed:
tcp_outgoing_address 104.251.111.110
Each application will then need to be configured with a Proxy (or SOCKS, if you go that way), which is a configuration option most commonly available. On the proxy configuration set the corresponding local IP:
for outgoing connection using IP .111, use proxy on 127.0.0.2
for outgoing connection using IP .110, use proxy on 127.0.0.1
.. and so on.
Make sure Squid (or WinGate) bind to localhost 127.0.0.1/24, so you shouldn't have big security concerns, but if this is exposed on internet you may want to proceed to security assessment anyway.
This way if you decide to offload some application remotely, to other server, you can still manage to use the same outgoing IP(s), you just need to change squid configuration to allow external connection, which could be a big plus for scaling.
It looks like you're searching for a fix involving little rework of the browser applications. Assuming that you're using IIS to serve the applications, you should:
Using File Explorer or command line, soft-link the application configuration in another root folder for each instance of the browser application.
Using IIS, recreate the application as a site for each of the above browser application folders.
Using IIS, bind each instance of the browser application to the IP address you wish to serve it with.
Caveat: It's tempting to use the same app pool for all instances, but evaluate your hardware before! Remember that (depending on the application requirements) you create a single point of failure when using a single app pool. Create separate app pools with identical parameters to reduce this risk.
I am splitting an application into a tray application and a Windows Service and I want to use TCP to communicate between the two*. They will both be running on the same machine.
My question is do firewalls block TCP communication between applications running on the same machine? I want to know whether firewalls are something I need to worry about when testing.
(*note that I want to use TCP instead of named pipes for communication because the apps might one day run on separate computers but that will be far in the future)
The primary objective of the firewall is to control the incoming and the outgoing network traffic! Firewall's are designed to work on IP or PORT basis.
So yes, it is 100% capable of blocking connection on same machine.(I guess you are using Class A IP [127.x.y.x] address used mainly for loopback testing and interprocess communication on the local computer).
Some firewall are preconfigured not to block local machine connection while other are configured to block them. But either way a firewall can be configured to allow/deny such connection.
I made a custom http server using java. It runs properly on XP machines and when I open connection to that server from a different machine using its IP address and port it used to work. But in windows 7 it is not working. When I see the firewall it shows several rules. It would be great if someone lets me know which rule I should enable to allow incoming connections.
Regards,
Lalith
Please go through http://windows.microsoft.com/en-US/windows7/Allow-a-program-to-communicate-through-Windows-Firewall
in Visual Basic 6
How can i check that communication to port 443 is opened for network requests?
I must NOT use any 3rd party controls / activeX / OCX, so I'm looking for ways to send / receive an https or just make a connection to a server which is serving on 443,
using windows (2k/2k3/xp/7/vista) API calls.
There is a known server I can check against.
(or, for that matter, https://google.com/accounts)
Thanks.
There are a couple of ways that I can think of. One being to use WinInet, specifically the InternetOpenUrl function. Another way is to use WinHttp. You can use the function WinHttpOpenRequest. You can also use it as a COM object. Here are a few examples:
http://www.ex-designz.net/apidetail.asp?api_id=72
http://msdn.microsoft.com/en-us/library/Aa384072
I've done similar for ping in the past, perhaps you can modify it to use telnet to post a http get on 443. This code calls the ping command and directs the output to a file
Set objShell = CreateObject("WScript.Shell")
Call objShell.run("%comspec% /c ping 127.0.0.1 > c:\ping.log", 0, False)
'code to read results from ping.log here
You may also want to look at the winsock control. It may already be installed on the client computers.
I have a local server written in C++ listening to inbound TCP connects using plain socket ::accept() and UDP recvfrom(). I have two problems with this that I wish to solve:
Can I programatically make Windows let me open the accept socket without it automatically being blocked by the Windows (software) firewall?
Are there any ports I can use that will allow my packets to pass through both Windows firewall and external firewall? Port 80 is often taken by things like Skype, but are there others? Will most external firewalls typically by default allow incoming UDP and TCP connects on port 80?
Thanks!
In general, network routers need Port Forwardng enabled for the listening port, and firewalls need the listening port opened. If you are using a uPNP-enabled firewall/router, then you can dynamically set up those settings programmmably via the uPNP API. But more times than not, uPNP is either disabled or unavailable, requiring manual settings by the firewll/router admin.