tags:

views:

50

answers:

2
+2  Q: 

Web Application Nat Traversal

We are deploying web applications in java using tomcat on client machines across the country.

Once they are installed, we want to allow a remote access to these web applications through a central server, but we do not want our clients to have to open ports on their routers.

Is there a way to tunnel the http traffic in a way that the central server can access the web application that is behind the firewall ?

The central server has a static ip address and we have full control over it.

We don't need to access the filesystem, we only want to access the web application itself through a browser.

A: 

For NATs what you usually have to do is get the web applications to make a request to your central server - which opens a "hole" in the NAT. Then your central server can take over this connection and access the web app.

This essentially becomes a persistent connection (since they're now way to "summon" web apps on demand, they always have to be connected to you). That is, the web apps have logic built in to them that periodically says "am I connected to home base? No? Then phone home". This will get around NAT issues since it's client initiated.

This technique is used by Skype, Buildbot, and others.

rlotun  2010-04-07 21:59:54
How would you proceed for the connection to be opened and routed back to the webserver's port ?
pbreault  2010-04-08 13:53:39
I'm not quite sure what you're asking. Here's a basic example: let the web app make a request to your central server on port 80, but set the connection to keep-alive. You can layer a protocol on top of HTTP. The server response will say "OK I own this connection now". Then you can do whatever you need to over *that* connection without closing it (or immediately re-establishing client-side if it does). The key is that this connection is *client initiated*. The one assumption is that the web apps can make requests *out* of the firewall of course.
rlotun  2010-04-08 15:54:16
A: 

Yes - but the question is very generic. Without knowing what OS you use / your clients use, its impossible to advise on what would work.

I'd suggest running ppp on top of ssh or stunnel if you've got POISX/BSD/Linux at both ends. Have a google for lots of examples.

C.

symcbean  2010-04-09 12:26:03

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.