Emanuele D'Arrigo wrote:
Hey Bryan, thank you for your reply!
Bryan Olson wrote:
Is it possible then to establish both a server and a client in the
same application?
Possible, and not all that hard to program, but there's a gotcha.
Firewalls, including home routers and software firewalls, typically
default to disallowing connections in the 'wrong' direction. If the
client initiates all connections, you avoid a world of hassles.
Ah yes, I can see that. Uhm. I have absolutely no idea right now how a
firewall works from a programming point of view and what happens in
normal "residential" circumstances. I.e. it's clear that firewalls are
configured to allow http traffic because I can browse the internet. Is
that done leaving a specific port open? Or does the browser request
the firewall to open a specific port for it and the firewall trust the
browser to handle safely anything that comes through?
Software firewalls will often simply refuse incoming connections. The
basic protection of the garden-variety home router comes from "network
address translation" (NAT), in which case TCP connections initiated from
the inside will generally work, regardless of port, and incoming
connections will fail.
Internet server farms often enforce the other side of the client-side
policy, with firewalls configured to disallow outgoing initiation of
connections.
If the application need to work in restrictive environments where
firewalls only pass known protocols, a popular approach to build the
application protocol on top of HTTP, with all the required standard
headers and a new content-type.
I.e. in the case of the code in this thread, would it be the
responsibility of the application to tunnel through the firewall and
listen for connections
I'm not clear on what that means.
or would it be the responsibility of the user
to configure the firewall so that the application can receive a
connection?
That can be a huge hassle. The first choice is for the application to
conform to popular firewall policies, so no special configuration is
required.
--
--Bryan
--
http://mail.python.org/mailman/listinfo/python-list
