What things need to be considered if I want to run my network application from behind a firewall?

Created May 7, 2012

Finlay McWalter

One of the biggest issues that you will face is that most firewall configurations prevent inbound connections (i.e. from the public internet into your network) to arbitrary machines (and on arbitrary ports).

In practice, this will often mean that no-one from the "outside" will be able to connect to your application (in java terms, your java.net.ServerSocket instance will never see any connections).

Possible fixes for this include:

run your application only outside the firewall, or in your network's DMZ
run a small relay proxy in the DMZ. Your main application connects to it, and it relays the contents of incoming streams over to your main application.
reconfigure your firewall to permit access to your application from outside the firewall - generally this will consist of telling it "allow connections to machine X on port Y"

You can also sometimes get some communications to work if you assume that at least one party is not behind a firewall - Napster and GNUtella both work if either party can accept connections - but if both parties are behind firewalls, then you won't get a connection. In java terms, this means making your program simultaneously try to establish outgoing (Socket) connections while listening for incoming connections too (ServerSocket).

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.