next up previous contents
Next: Security Up: Sharing data Previous: Sharing data   Contents

Firewalls

If you do not know what a firewall is it is probably safe to skip this section. If you are aware that your computer is shielded from the rest of the active network, usually the internet, by a firewall some extra steps have to be taken to be able to run the atomsnet server.

There are two possible problem when a server is started from behind a firewall. Both problems can be dealt with and more often than not they exist simultaneously.

Firstly, it is possible that your computer does not have an internet wide IP address. This is made up for by having a firewall that acts as a masquerading server. Explaining how masquerading works is outside the scope of this document, but many good information sources can be found on the web. In short, masquerading makes your computer look like the masquerading server to everyone at the other side of the firewall. Since your IP address is unknown to people on the wide network they cannot access your computer. To circumvent this your server should make himself known by supplying the closest point on the wide network: the masquerading server. This is precisely where the 'local IP' option is for in the settings dialog.

Let me give a small example. Say your computer is behind a masquerading server. Your IP address is 10.0.0.2 and the server has address 100.0.0.1 on the wide network and 10.0.0.1 on the local network. While the addresses seem alike, 100.0.0.1 is a valid internet address, while everything in the range 10.X.X.X is reserved for local use. Anyone try to access 10.0.0.2 will therefore fail to reach you. If, however, you supply the internet address 100.0.0.1 others can find your masquerading server and all that needs to be done by this computer is to resend the data to your computer. This leads to the second problem.

Firewalls allow users behind the firewall to access computers outside their local network, but restrict strangers to access local computers. To allow users to access your atomsnet server you need to alter the firewall so that it allows others to access part of your computer, namely the atomsnet server. This can result in a serious security breach and has to be done with the utmost care. Ask permission from the firewall administrator before changing anything in the firewall! Since atomsnet listens on one port, namely the one configured in the settings window, you will only have to allow the firewall to forward data destined to this port to go through. Everything else should stay blocked.

In case of a masquerading firewall, remember that data is actually sent to the firewall, not to your computer. In this case the data should not only be allowed to travel through the server. You have to explicitly tell it that data destined for the firewall (in our example 100.0.0.1) on the same port as the one your computer is expecting it (for instance port 80) should be redirected to your computer. This means redirecting all requests going to 100.0.0.1:80 to 10.0.0.2:80 .

The portnumbers on the firewall and the atomsnet server have to be the same. This means that you should set your local port to a value acceptable for the firewall. Again, ask your firewall administrator for a suitable port, usually this will be a number greater than 2000.

Allowing external accesses to your computer can cause security breaches. Especially the configuration of the firewall is very important. Since atomsnet can only deal with security on its designated port all other open connections are the user's own responsibility. How atomsnet deals with network security is dealt with in the next section.


next up previous contents
Next: Security Up: Sharing data Previous: Sharing data   Contents
2002-08-28