HOWTO: Use CAOs behind a firewall
When using CAOs on the internet in configurations where the server machine sits behind a firewall, some issues have to be taken care of at the server side.
First, let's assume you have a configuration like the following:
-
Firewall
- name: firewall.yourdomain.com
- external IP-Address 1.2.3.4
- internal IP-Address 192.168.10.254
-
Remoting Server (HTTP-based)
- internal IP-Address 192.168.10.1
And let's further assume that your (internal) HTTP server is listening for .NET Remoting requests on port 5555 and that the firewall is configured to forward any request from external clients to port 5555 (i.e. the firewall's port 5555) to the same port at your internal server.
What now happens is the following: When the CAO is created, the server sends a distinct "endpoint URL" to the caller. The client will then use this URL to place further calls onto the CAO. (every instance of a CAO gets a different endpoint URL, so that's the way how different object instances are mapped to their clients)
Unfortunately, the .NET Remoting server doesn't know about the firewall and returns an endpoint URL that starts with its private IP Address: "http://192.168.10.1:5555/....". This URL won't be accessibly from your client.
Nevertheless, there's of course a solution for this: in the configuration section for <channel ref="http" port="1234"> you can specify the machineName property to return a specific "base address" for your URL.
In the above example, you would use the following snippet in your configuration file:
<channel ref="http" port="5555" machineName="firewall.yourdomain.com" />
This setting will configure the remoting server so that it returns a CAO endpoint URL starting with "http://firewall.yourdomain.com:5555/..." which can then be used by external clients to call methods on those objects.
Keep in mind though, that the port number has to be consistent for the firewall and the "real" host.
Architecture Briefings