tags:

views:

246

answers:

2
Q: 

TcpListener.AcceptTcpClient and Firewall

I have a TcpListener object that is operating behind a firewall on port 4000. Obviously, in order for outside clients to connect to the TcpListener, port 4000 needs to be opened in the firewall; otherwise, no outside connection request would get through.

My question has to do with what happens when I accept the connection request like so:

TcpClient client = server.AcceptTcpClient();

The TcpClient is opened on the local interface with a system-assigned port number. Does this port number have to be opened within the firewall in order for the outside client to communicate with this TcpClient instance? If so, is it possible to specify a range of port numbers to use so they can be opened in advance? Or does the firewall automatically allow communication on this system-assigned port number because something behind the firewall (my server, in this case) established, i.e., accepted, the connection?

+1  A: 

  • On the server machine, the firewall needs to allow incoming connections from the port the client is connecting from, to the port the TcpListener is listening on.

  • On the client machine, the firewall needs to allow outgoing connections to the port the TcpListener is listening on, from the port the client is connecting from.

Most firewalls (e.g., Windows Firewall) are configured to allow any outgoing connections to any destination, so you just have to create a rule that allows incoming connections on your port 4000 from any source.

If you want to restrict this more closely, you can bind the TcpClient to a specific port instead of the system-assigned port, and create firewall rules on the server and the client to allow connections only from/to this port.

dtb  2009-09-12 17:44:34
A: 

Giving range of ports in windows firewall is not easy but you can grant entire program, when you add new entry in windows firewall, choose program instead of port and grant your program to receive all connections then regardless of which ports you choose, it will always be allowed.

Akash Kava  2009-09-12 18:35:51
Yes, that's true. Worst case, that may be the route we go. But I think our IT folks would prefer to lock it down more closely than that if possible.
Matt Davis  2009-09-12 18:59:05
We prefer same too, but Microsoft Firewall does not allow you to specify port range, thats absolutely strange, I think they want us to buy their product IAS, i dont know if that has range facility or not, I agree other firewalls do give such support and its the best.
Akash Kava  2009-09-12 20:14:53

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?