0

I originally posted this question on stackoveflow but was advised that it would be more suited to this site.

I am trying to access a Jetty Server deployed on one machine from another machine outside LAN but it's not working. I've read this thread and followed the advise offered by @Joakim Erdfelt however it did not work. My code is below:

Server server = new Server();
    

    
// HTTP connector
ServerConnector serverConnector = new ServerConnector(server, 1, 1);
serverConnector.setHost("0.0.0.0"); <-
serverConnector.setPort(8080);
serverConnector.setIdleTimeout(30000);
    
    
 
 // Set the connector
 server.addConnector(serverConnector);

I tried accessing the server from another remote server with the following code:

String postUrl = "http://" + myIP + ":8080"; // myIP is set to the public IP address of Jetty Server

System.out.println("Post URL: " + postUrl);

RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(120 * 1000).build();



try (CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultRequestConfig(requestConfig).build();) {

HttpPost httpPostRequest = new HttpPost(postUrl);

...

However, this throws the following exception:

HttpPostConnectException: Connect to 123.4.56.78:8080.. failed: Connection refused: connect

What is causing this error? I allowed Firewall access when prompted so I don't think it is a Firewall issue. The port 8080 is also not being used for any other process. I tried multiple ports to no avail.

Thanks

Bradford Griggs
  • 103
  • 2
  • please tell us something about your server network infrastructure. Is your jetty server directly in posession of the public ip you are using, or is there a router in between? The error "connection refused" means in most cases, that there is no service listening on that specific port you are addressing (8080 in this case). – Martin Sep 01 '21 at 15:45
  • @Martin The "servers" are just two Windows machines running on my home network. Right now, they are both using the same internet connection (connecting to the same router) but once I am able to connect locally I plan on connecting to local machine from a remote server. However, I cannot even connect when both machine are behind the same IP address (using the same internet connection/router). I'm not sure I understand what you mean by ' Is your jetty server directly in possession of the public ip you are using' I believe it is as I am simply connecting to the internet using my home WiFi.. – Bradford Griggs Sep 01 '21 at 16:19
  • What I meant with "in posession": If I would try opening a connection to your public IP, I would end at your home router. If you would like that connection to end at your jetty server, you would have to install a port forwarding from your home router to your windows machine in your private network. But I would suggest you try connecting locally first - are you using the correct IP ? find out the IP of your windows machine running the server (```ipconfig /all``` for example) and check that you are connecting using the correct ip. – Martin Sep 01 '21 at 16:43
  • @Martin Wow! You are brilliant! I `ipconfig /all` and grabbed the IP address from: `IPv4 Address. . . . . . . . . . . : 188.XXX.XX.XXX(Preferred)` and it worked! Until now, I was connecting using the **public IP** which I obtained from Google after Googling _What is my IP address_. I guess this is the wrong IP to use? Now that I want to connect from a remote server to my local machine (instead of from two machines running on the same network) should I use the IP displayed in Power Shell or the one displayed on Google? In general, why are there two different IPs being displayed? Thanks so much! – Bradford Griggs Sep 01 '21 at 17:24

1 Answers1

0

I'll move some of my recommendations to an answer. You are missing basic networking knowledge, please try to read up a little bit on it (here for example). Some basics:

  • local IPs (networks 192.168.x.x, 10.x.x.x, etc) are not reachable from the internet, only the device which is directly connected to your internet provider (your home router) is directly reachable from the internet.
  • when you are connected to your home router, and browse the internet, several things happen: as your local IP is unreachable from the internet, your home router hides your local IP, and replaces it with your public IP. After doing this, the router takes note of the connection to be able to handle a reply. When a reply arrives, the same process is reversed: If the router finds a matching connection inside its table for the incoming packet, the public IP is replaced with your private IP, and the reply is being forwarded to the correct device inside your network. This process is called NAT (network address translation)
  • NAT is a protection for your devices inside your home network (your devices can reach the internet, but the internet is not able to reach your devices!) - but it also makes it difficult if you want a device from your home network to be reachable from the internet. This is because your router must know for every incoming data packet what to do with it. And the default is: If no device inside your home network opened that connection, the incoming data packet is being dropped!

Now it should be clear, why you have several IPs: Google is only able to see your public IP. In order for your jetty server to be reachable from the internet, you need port forwarding. Basically, you will be creating a rule inside your home router "forward every TCP packet you receive on port 8080 to the internal device XY". You'll need to check your router manual on how to do this, most routers have a web interface for configuration. I hope this clears up your confusion...

Martin
  • 2,194
  • 7
  • 16
  • Thanks for your reply. I'm going to try forwarding the port and accept the answer a little later. Just curious, does opening a port for Jetty Server expose me to any security risks? Meaning, is it possible for an attacker to compromise my network with the open port or since it is only open to a Jetty Server at most he will gain access to the functionality of the server but nothing more? Thanks. – Bradford Griggs Sep 01 '21 at 21:32
  • opening a network port to the internet is *always* a security risk. Every software has bugs, and if your jetty server has some, the attacker might break out of the software, taking over your windows machine. You might consider opening the port to the internet only when needed, and take a non-standard port for that purpose... this doesn't make your server more secure, but less likely to be discovered. – Martin Sep 02 '21 at 07:22