Unable to connect to server over internet

ashish_jain · September 19, 2023, 2:25pm

Hello Everyone,
cc: @dgudkov @ckononenko

I am following up from here
I have installed EM server and EM Desktop on two different machines and trying to connect the Desktop to the server but not able to do so.

I have checked that the Inbound connection is enabled for both Private and Public in the Windows Defender Firewall on Windows 11 Pro system.

I checked on the server machine the IPv4 through the command prompt (ipconfig command). On the server machine, using this IPv4 address and port 6330, I can visit the EM server page same as using the localhost:6330 URL. But this IPv4:6330 is not reachable through internet from the other desktop machine.
I did the same try using the Public IP address of the server machine and it was also unsuccessful.

Please suggest what is missing and guid on what steps can be taken to resolve this issue.

Thank you,
Ashish

olysak · September 19, 2023, 3:55pm

Hi @ashish_jain

When you mention connecting "over the internet," could you please provide more details about the configuration and what do you mean by it? Specifically, how is the server machine connected to the internet?

For instance, if you run a generic web server on the server machine, is it possible to connect to it "over the internet"?

ashish_jain · September 19, 2023, 4:13pm

Hi @olysak

The EM server is on a Windows 11 Pro PC which is connected to internet and browsers can open websites, the usual setting.

By 'over the internet' was meant specifically for case where the EM desktop is on a different machine and EM server on a different machine. I need to connect the desktop to the server which can happen only over the internet as these two machines are not on any network.

Please let me know if this clarifies.

Thank you,
Ashish

ckononenko · September 19, 2023, 4:14pm

Hi
Please check the firewall rule EasyMorph Server Incoming Connections.
It seems that you need to enable the Public profile for the rule.

ashish_jain · September 19, 2023, 4:17pm

Hi @ckononenko

I already referred to your other thread and enabled all the Profiles.

ckononenko · September 19, 2023, 4:36pm

Depending on what protocol you are using,
Try to specify the http/https scheme explicitly (like http://IPv4:6330).

Also, check the default behavior of Windows Firewall for incoming connections. It could be set to Block all connections, which could obviously block all incoming connections.

olysak · September 19, 2023, 4:43pm

I would like to understand the network architecture of your system. Specifically, I am interested in whether the machine running EasyMorph Server is accessible from the internet at all and it's not the case that it located behind a misconfigured default NAT or something similar, whether the gateway router is configured correctly to forward the incoming connections to the EasyMorph Server, etc.

Could you provide a more detailed description of how you established your network and routing? What does your physical network configuration actually look like? Are you leveraging a 'bare metal' colocation setup in some data center, or is it VPC or maybe something else entirely?

ashish_jain · September 19, 2023, 4:48pm

Hi @ckononenko - I have used http://... but as you can see it times out.

And also there is no default blocking on the firewall

ashish_jain · September 19, 2023, 4:50pm

Hi @olysak

There is no special architecture as such. It's a simple PC which is connected to internet through the home wifi like the regular setting we have at homes. No gateway or port forwarding done. I can open the browser and can access internet normally.

Thank you!

olysak · September 19, 2023, 5:27pm

Ah, that's exactly what I suspected.

Based on the setup you've described, it seems that you would not be able to connect to a PC on your private network from the outside world, not without additional network configuration.

The first reason is that when trying to connect from the outside world, you should use your public IP address in your browser, not the private IP address you're currently using.

Additionally, it's important to note that your router (the one providing your wifi) functions as a NAT device.

When you try to establish a connection from inside your network to the internet, the router sees the connection being initiated and creates an association between your device's private IP and the destination IP. It then substitutes your private IP in the packet with its own IP and sends the packet up the link. When the destination site responds, the response packet is sent back to the router, which then uses the association to forward the packet to your device on the local network.

However, when the connection is initiated from the outside world (e.g. trying to connect to your local network server from outside), even if you use the public IP address, the router won't know where to forward the packet since there is no existing association.

It's worth noting that this issue is not specific to EasyMorph but rather a fundamental aspect of how the internet functions.

One way to mitigate this issue is by setting up port forwarding on your router and having a static IP (ISPs usually charge for that extra).

However, it's important to note that your Internet Service Provider (ISP) may have a carrier-grade NAT that you, as a consumer, wouldn't be able to configure. In such cases, there may not be much that can be done, unless you explore alternative solutions like ngrok.

Lastly, exposing your EasyMorph Server to the internet may not be the best solution in terms of security.

ashish_jain · September 20, 2023, 5:15pm

Thank you @olysak!

I am looking into these suggestions.