Previous Next Up FAQ Table of Contents

10.3 NAT/Firewall/Proxy

Using a NAT router, Firewall, or Proxy server in front of either the client or the server can pose unique problems. However, this equipment can be set to allow connection to the VolanoChat server in any of these circumstances.

VolanoChat applets create a dedicated socket connection back to the VolanoChat server, so it works like a Telnet or FTP connection and does not tunnel through HTTP proxies.

NAT

If the client is behind a NAT router, the connection should work just fine. If the server is behind a NAT router, it is important that you set the VolanoChat server to run on the internal address of the server. This address should come up automatically in your support.log file if you don't specify a server.host in your properties.txt file. If your machine is multihomed (more than one IP), the VolanoChat server will attempt to bind to the base IP. If this is not the correct IP address, you will need to specify the internal IP address on the server.host line.

You will also want to make sure that your NAT router is set to forward traffic on port 8000 back to the machine hosting VolanoChat. VolanoChat's default port is TCP 8000, but if this port is in use it can be modified with the server.port line.

Firewall

Most companies employ a firewall for security. Since VolanoChat requires a dedicated socket connection on port 8000, users behind a firewall likely will not be able to connect. If you have users attempting to connect from behind one, you will need to instruct them to request that their system administrator open port 8000 to outgoing TCP traffic. VolanoChat does not tunnel over port 80 through an HTTP connection.

If you're running the VolanoChat server behind a firewall, you will need to set it to allow incoming connections on TCP port 8000. You will also need to allow bi-directional traffic on TCP port 8080 if you're using the servlet runner to serve remote banner ads.

Proxy

If the VolanoChat server is behind a firewall you can simply forward port 8000 to the actual host. In the case of a client connection, though, the proxy server must be completely bypassed via a SOCKS proxy agent. Proxy agents vary widely so we have included one sample setup below. Please see the instructions that came with your software for more information on how to set this up on your own system.

Configuring Microsoft Proxy Server

VolanoChat applets create dedicated socket connections back to the VolanoChat server, so it works like a Telnet or FTP connection and does not tunnel through HTTP proxies. If you're using the Microsoft Proxy Server instead of a more general firewall router, you'll need to allow SOCKS traffic on the port and domain for whatever VolanoChat server you're trying to connect to.

The default server port is 8000. The port numbers are defined in the following properties files of the VolanoChat server:

In the conf directory of your VolanoChat server installation:

  properties.txt
     server.port=8000 (default)
     admin.port=8001 (default)
     servlet.port=8080

In the webapps/ROOT/vcclient directory of your VolanoChat server installation:

  english.txt (and/or other language files used)
      server.port=8000 (default)

Introduction

To enable VolanoChat to work properly though the Microsoft Proxy Server, you need to configure both the proxy server and your client machine so that a direct socket connection can occur between the client machine and the VolanoChat server. (Note: This is only an issue if traffic is crossing the proxy server. If you have installed VolanoChat internal to your network and you have no need for clients outside of your network to connect in, you should not enable socks access for this application to avoid unnecessary holes in your security.)

Client Configuration

You need to either be using a browser that supports SOCKS services or need to have a separate socks client. If you're using the latest version if Internet Explorer, you should be fine. Otherwise connect to the /Msproxy share on your proxy server to download the Microsoft Proxy Client:

http://hostname/msproxy/

For more information on configuring the proxy, see your proxy documentation on your server. If you set up proxy server correctly, though, it should be ready to go like it is.

If you're using IE 5.0 or higher, just click Tools, Internet Options, Connections tab, Lan Settings button, advanced, and put the proxy server address in for any traffic items you would like to allow. Exit out and you should be set. Netscape 6 has a similar setup area under Edit, Preferences, Advanced, Proxies.

Proxy Server Configuration

VolanoChat applets create dedicated socket connections back to the VolanoChat server, so it works like a Telnet or FTP connection and does not tunnel through HTTP proxies. You will need to enable SOCKS traffic on your server for VolanoChat to work correctly. Microsoft proxy, by default, disables all SOCKS services.

  1. Open the Internet Services Manager and select the computer your proxy server is on. If you are connecting remotely, click the network button, then type in the name of the proxy server.
    Interent Services Manager
  2. Double click on the SOCKS proxy service.
    SOCKS proxy service
  3. Click on the Permissions tab.
    Permissions tab
  4. Click the Add button.
    Click the Add button
  5. Select the action allow and complete the IP address to indicate your local network under IP address. It's better to use an IP address than a domain or zone because that will just require a reverse lookup which takes more time to get the same process.

    Then select the destination box and provide the IP address of your chat server with its subnet mask.

    Finally select the port box and enter the port of your VolanoChat server. Make sure the setting under port reads "EQ".

    Select the port
  6. Click the OK button and you will be taken back to this screen with your new filter showing. To finish, click OK, then close the Internet Services Manager.
    Click the OK button
  7. Please note that these settings may not provide adequate security for your network. If you need further assistance please consult your documentation or a certified professional.

Previous Next Up FAQ XHTML 1.0 Table of Contents

2014-07-11 — An updated version of the VOLANO chat server that supports the latest Java 8 Plug-in is now available. More…

The VOLANO® chat software for the Java™ platform lets you build on-line communities and add real-time social networking to your Web site. More…

John Neffenger <john@status6.com>
More…

A PROJECT OF STATUS:6®