Jetty Server Security – How to Access Jetty Server from Outside LAN

connectionhttpjavajettySecurity

I originally posted this question on stackoveflow but was advised that it would be more suited to this site.

I am trying to access a Jetty Server deployed on one machine from another machine outside LAN but it's not working. I've read this thread and followed the advise offered by @Joakim Erdfelt however it did not work. My code is below:

Server server = new Server();
    

    
// HTTP connector
ServerConnector serverConnector = new ServerConnector(server, 1, 1);
serverConnector.setHost("0.0.0.0"); <-
serverConnector.setPort(8080);
serverConnector.setIdleTimeout(30000);
    
    
 
 // Set the connector
 server.addConnector(serverConnector);

I tried accessing the server from another remote server with the following code:

String postUrl = "http://" + myIP + ":8080"; // myIP is set to the public IP address of Jetty Server

System.out.println("Post URL: " + postUrl);

RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(120 * 1000).build();



try (CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultRequestConfig(requestConfig).build();) {

HttpPost httpPostRequest = new HttpPost(postUrl);

...

However, this throws the following exception:

HttpPostConnectException: Connect to 123.4.56.78:8080.. failed: Connection refused: connect

What is causing this error? I allowed Firewall access when prompted so I don't think it is a Firewall issue. The port 8080 is also not being used for any other process. I tried multiple ports to no avail.

Thanks

Best Answer

I'll move some of my recommendations to an answer. You are missing basic networking knowledge, please try to read up a little bit on it (here for example). Some basics:

local IPs (networks 192.168.x.x, 10.x.x.x, etc) are not reachable from the internet, only the device which is directly connected to your internet provider (your home router) is directly reachable from the internet.
when you are connected to your home router, and browse the internet, several things happen: as your local IP is unreachable from the internet, your home router hides your local IP, and replaces it with your public IP. After doing this, the router takes note of the connection to be able to handle a reply. When a reply arrives, the same process is reversed: If the router finds a matching connection inside its table for the incoming packet, the public IP is replaced with your private IP, and the reply is being forwarded to the correct device inside your network. This process is called NAT (network address translation)
NAT is a protection for your devices inside your home network (your devices can reach the internet, but the internet is not able to reach your devices!) - but it also makes it difficult if you want a device from your home network to be reachable from the internet. This is because your router must know for every incoming data packet what to do with it. And the default is: If no device inside your home network opened that connection, the incoming data packet is being dropped!

Now it should be clear, why you have several IPs: Google is only able to see your public IP. In order for your jetty server to be reachable from the internet, you need port forwarding. Basically, you will be creating a rule inside your home router "forward every TCP packet you receive on port 8080 to the internal device XY". You'll need to check your router manual on how to do this, most routers have a web interface for configuration. I hope this clears up your confusion...

Best Answer

Related Solutions

Security problem when connecting to SQL from Windows 7

IT Security – How to Search for Backdoors from Previous IT Personnel

Related Topic