Hello,
I've just received public, static IP from my mobile provider.
I'd like my mobile phone to have all ports closed and block all new incoming connections.
So basically I need it to be invisible from the Internet.
I can't find any info about this topic.
I don't want to root it, so I don't have access to iptables/AFWall.
1) Does Android have any built-in firewall?
2) Does it have any ports open?
3) Does it block, by default, all new incoming connections?
Related
Hi
I am new to this form.
I had a look at the tsril.zip example as it seems from this forum that to make/receive a data call the ril is the only option. Unfortunately the documentation for ril is nonexistent and I want to ask if someone has done an example of a client/server data call, data transfer between to XDA's.
Thanks in advance.
Anton
It all depends on what type of data you want to transfer. I have never used RIL so I don't know the advantages of it, over the normal programming interface. I say normal, not thinking there is anything wrong with RIL but the little I do know is that RIL is operating system level and is normally hidden from the application programmer. There must be times when RIL must be used if Microsoft forgot functions in the normal APIs.
However I would say that for a data link between 2 devices then RAS seems the way forward. One device would be the Server and the other the Client. I have only ever programmed RAS from the client side, making a Telnet link to an already running server.
I just had a look at the help on Embedded Visual C++ 3.0 and under 'Creating a TCP Stream Socket Application' it explains the server side and then links to the client side. Have a read there.
RAS is not an option as it is a server consept, which I think does not even exist as a service on the desktop windows os let alone on a Pocket PC.
What I am looking for is something similar that you would be able to do with a landline modem or a gsm modem connected to a serial port of a pc (even a usb modem) which is to send AT commands to make/accept a call and then to make use of the serial port as if it is an io stream. This is possible on windows, linux using either c#, c++ or java. I can even do this with an embedded gsm module like the siemens TC45 java module.
What I can not understand is why Microsoft and the XDA suppliers (I am using a Qtex running Pocket PC 2002) is making it so difficult to make/answer a data call and let you run your own protocol over the connected stream.
RAS (Remote Access Services) is built into all Windows Operating Systems, including Windows CE. Did you look up the help example I pointed to ? What you do with RAS on an application level is for you to code but the connection itself is handled by the operating system.
As to making a connection similer to a modem and using AT commands. Then no you can't use AT commands directly, but you don't need to. To get that type of connection you need to use TAPI. Once Tapi has made a DATA_MODEM type connection, you use the TAPI callback connect event to then ask for a file handle that you can use with the normal WriteFile and ReadFile commands.
I already have something on this forum about that see:-
http://forum.xda-developers.com/viewtopic.php?p=7857&highlight=#7857
The problem is not so much making the data call but it is accepting/answering the data call that I can not get working on the XDA
Not sure if this is your problem, but in Australia they have a seperate "data" phone number for the same SIM. If yo call one number you get voice, if you call another number you get data on the same sim. Not sure if this may be effecting you.
I just looked into all this ras stuff a bit deeper, and yes I think I may of been talking rubbish. Although RAS does exist in PPC2002, it can't see any functions that allow the device to answer the line. I can see that PPC2003 has a Ras Server and RasIOControl that looks like the answer there.
Also looking into Tapi, I can't see how you answer a data call using that.
So I now understand your problem. It seems PPC is made as a client device.
Is GPRS the answer ? With that the link is always present and then you can use the built in Ras functions on seperate devices. Since you only pay for data actually sent then would it matter if the network link was always present ?
I have only worked out Tapi and Ras from the client side so I have never had this problem, but I agree it is an interesting one. I will have a bow out of this thread for a bit and see if anybody else knows how to Answer a Call.
Thanks for trying.
GPRS is also not the answer as you need a server in between that both XDA's can connect too and use as a router as the XDA's do not get fixed IP adresses but actually a NAT adres from the APN so you can not connect directly between the two.
Now that's an interesting thought, how about using some free web space to act as a pigion hole for your data ?
Believer: A seperate number? How do you know this, and what would the number be?
I can actually make two XDA connecting to each other using TCP. The trick is that I have one client always connect to a server to register it IP address with an ID. Then the caller send a query to the server to look up the callee's IP address.
In this way, accept() and connect() work fine.
I am using AT&T network and not sure about if other networks behave the same.
I wrote two application using TAPI. One is ModemDial and the other is ModemWatch, if I make a voice call the ModemDial dials the number successfully and ModemWatch reports that an incoming call exist. But when I change the behavior of call to DATAMODEM, the ModemWatch couldn't track any incoming call.
Is there any one, had some experience with pick a call for DataModem?
Best regards,
A. Riazi
riazi said:
I wrote two application using TAPI. One is ModemDial and the other is ModemWatch, if I make a voice call the ModemDial dials the number successfully and ModemWatch reports that an incoming call exist. But when I change the behavior of call to DATAMODEM, the ModemWatch couldn't track any incoming call.
Is there any one, had some experience with pick a call for DataModem?
Best regards,
A. Riazi
Click to expand...
Click to collapse
In your ModemWatch application make sure you are calling lineOpen with dwPrivileges (the 7th parameter, 1 based) equal to LINECALLPRIVILEGE_OWNER and dwMediaModes (the 8th parameter) equal to LINEMEDIAMODE_DATAMODEM.
If you're able to answer a voice call successfully, making these changes to the ModemWatch application should allow you to answer a data call.
hi, my dear friends
I am a freshman to XDA dev, I am using ms vs2003 to develop an application on XDA II.
The application is about dispatching a job to a driver's XDA, the senario likes the following: (1) The dispatch server sends a job to driver's XDA thru GPRS. (2) The driver then view the job on the XDA application and Accept it.
The question is how to send a job from the server side to an XDA application, what need I to do with the server programs and what need I to do with the XDA applications? Do we need some develop toolkit from the SP?
Thanks in advance, your suggestion and help are very appreciated!!!
If your network gives you an ip that others can see from outside then you just need to write a small server on your xda using sockets to accept the messages over gprs. Unfortunately, most phone networks do not do this. I think the easiest thing for you would be to make it sms based.
Otherwise you could make a page on your (pc) server and have your xda check it at regular intervals to see if any new jobs are there. The down side of this is the cost of all that checking.
Thanks ORD for you help.
Re: If your network gives you an ip that others can see from outside then you just need to write a small server on your xda using sockets to accept the messages over gprs. Hi ORD, do you mean the Public IP for each XDA phone? Do you know if the SP O2 in British provides this kind of service?
Thanks again!
I don't know what you mean public address? The phone network will have a server address and your phone will get assigned a client address. I can't tell about o2 as I only have tried vodafone in Australia. I think that most IP's given are only useful from within the private network of the provider. I am no expert with the internet, but I think if the ip starts with 10.XXX.XXX.XXX its no good. Perhaps if you post the first half of your IP some of the other network wizez here can tell you if its accessible from outside.
Even if your ip is good, it probably would not be static so I think its not worth the effort. Still... if you go that way, the implementation of sockets on ppc works 100%. In fact I have cut and pasted code straight from ppc apps to desktop apps and had no problems!
Why not just have your phones connect as clients to a small custom coded server on your pc periodically. You could streamline the transmition to only transfer as few bytes as possible each time. The only time a large transfer would be needed is when a job is accepted and the details are needed. my network charges by the kilobyte and when i transfer in only the tens of bytes it dose not even register it on my bill (i don't know how big the handshake is).
Thanks, ORD, yes, we can check the server every XX seconds, the only thing I am worrying about is if I have more than 1 thousand XDA units to connect and check the server, if the server can afford to this load?
This sound like a real world problem you have (like taxis?). If you want the best solutuion (ie sending jobs to xda's) start checking the service providers. 1000 units is a lot. I think there must be a carrier out there willing to provide
usefull addresses. Also try connecting two devices from within the same network. If all your devices are within the same private network they may be able to communicate. You PC server could be connected to the internet via a gprs card and send out jobs to all the xda's within service provided by the same carrier. I have been wanting to try this for a while but I do not have two gprs connections with the same provider.
I have a couple of small apps that may help you test this if you have multiple gprs connections with the same provider.
The following is a ppc program to attempt to connect to another one of itself over a network using sockets:
http://odeean.veritel.com.au/serv/testSocketServer.exe
the next program is for the PC so you can show that the program at least works in the direction of ppc to pc via gprs then internet:
http://odeean.veritel.com.au/serv/ORDsocketUserPC.exe
Do the following:
-Turn on your internet connection and gprs
-On your pc run the ORDsocketUserPC.exe
-to simplify things just turn off any firewalls etc (my app dose nothing bad, but sometimes even if you open a port, firewalls cause it to fail)
-On you xda run testSocketServer.exe
-On the pc server function side enter the desired port details. Because you are first testing if it works at all change the ip to 0 as this causes it to listen for all incoming ip's in my app.
-On the pc server side press listen
-On the xda set the port on the client side to the same as on your pc. Enter the pc's ip (ie from your connection status).
-On the xda press connect
-Now the xda should attempt to connect. It says waiting to read when connected at first
-Now on the pc it should say blocking-listening with some code.
-Two way data transfer is now possible. The desktop version is self explanitory. The ppc version has a lack of screen space so to elliminate some buttons I replaced the get button with ..... make data edit box clear, press send, this generates a dialog with the read data so far.
-This is only a very raw app some things malfunction but I get reliable two way communication. If something goes wrong just close the program and start again.
If all that works you are ready to test the ppc to ppc connection. Make sure you get gprs on each from the same provider run the testSocketServer.exe on both xda's at once. One with server side only and one with client side only. In the client enter the ip of the server (my app dose not find this for you - you may need some third party program for this), make sure the server ip was set to 0 before you press listen.
Please post to tell if it works within the same network as I am very interested. If it dose your problem is solved, otherwise I see no way to help because of the volume of units to communicate to.
Thanks ORD, it is too complicated for me, frankly. Can I push an email to the XDA then let the driver knows that he has a job? He can click an button to request the job. The question is how to push an email to the XDA unit.
Sorry, I can't help with emails.
Its a pitty you could not try it. If anyone else cares to try gprs device to device communication with both ends within the same phone network I am still interested in the result. I just do not want to get yet another sim. vodafone sales people in Australia do not seem to understand their own network and I have wasted enough money buying products from them that do not do what they claim.
Sending of string message over O2
Hi ORD!
Im interested in this and I am using a VPN approach to get both of the devices talking!
I am using your programs but I also wish to view the source code on how u coded this, as when I click connect I recieve an error stating the socket is not writable??? I think it doesnt even start the 3G/GPRS service on the XDA? Could you send me the code?
If it does start GPRS in the background i do apologise!!! But Im uncertain that this is the case!
Thanks!
AJ.
possible solution
All pockets pcs are using private internet addresses, i.e. they can access other external sites, but no one can directly access them as no external connections are allowed to access them without the XDAs initiating the connection.
So all of your 1000 xdas initiate the connection and connect to a central server (on server use asyncrhonous sockets for scaleability).server should be able to handle this easily.
when a job is ready for dispatch the server simply sends it to the appropriate XDA(possible because that XDA initiated the connection, so the phone operator will allow it through their firewall).
No polling needed on the XDA, just the need to monitor the connection and keep it open to the server.
XDA to XDA commmunication. Easy. The server acts as an intermediary.
Imagine XDA1 (vodaphone) wants to talk to XDA2(02) and both are on different networks. They cannot talk directly to each other.
XDA1 sends it message to the server already connected. The server (with a connection already set up) forwards it on to XDA2.
XDA2 replies back to the server, which then forwards it to XDA1.
The server acts as a gateway between the two networks and is able to do so because it is XDA1 and XDA2 initiateed the connection to the server.
For a more technical explanation of how private IP address are assigned by phone operators read up on NAT (Network Address Translation).
This solution would also work if both XDA1 and XDA2 had public IP addresses. All logic can be kept on the server and there is no need for XDA1 to find XDA2s public IP address, which with a 1000 XDAs could become messy very quickly.
cheers
Steve Jubb
I posted a response to this thread that ended up in its own thread.
Please read this: http://forum.xda-developers.com/viewtopic.php?t=55255
Hi guys
I know many people have had one way voice issues using the various cabs for enabling the WM6 VoiP client but I don't think this issue is related to that.
I'm connected to a SIP PBX over an OpenVPN connection and everything connects but I the other party cannot hear me. I've done a packet capture and although the SIP INVITE is coming from the correct source address if you drill down into the SIP packet the owner creator etc is the original IP of the device (not the VPN one).
As a result the RTP stream is being directed towards the wrong IP and I'm getting one way voice. This issue doesn't happen with 3rd party SIP clients but I haven't found a good one yet (fring doesn't work on our PBX).
Has anyone came across this issue before?
After further investigation the WM6 client works perfectly when used over a wireless access point. The problem only occurs when using OpenVPN as the original IP address of the wireless adaptor is sent in the invite packet (rather than the VPN IP address), this causes the audio to be streamed to the wrong IP and as such one way voice is experienced. If I find a workaround I'll post it up.
shippyt said:
Hi guys
I know many people have had one way voice issues using the various cabs for enabling the WM6 VoiP client but I don't think this issue is related to that.
I'm connected to a SIP PBX over an OpenVPN connection and everything connects but I the other party cannot hear me. I've done a packet capture and although the SIP INVITE is coming from the correct source address if you drill down into the SIP packet the owner creator etc is the original IP of the device (not the VPN one).
As a result the RTP stream is being directed towards the wrong IP and I'm getting one way voice. This issue doesn't happen with 3rd party SIP clients but I haven't found a good one yet (fring doesn't work on our PBX).
Has anyone came across this issue before?
Click to expand...
Click to collapse
This is a known SIP issue. As SIP had been designed to work over end-to-end connections. As SIP is a self routing protocol, the SIP server and user agents use the source IP stated in the SIP header instead of the source IP stated in the IP header for their routing
Most 3rd party SIP clients use a technique called STUN to discover their global IP (behind the NAT, or as in your case the VPN local IP) and they put that IP in the source IP in SIP header.
Tokko said:
This is a known SIP issue. As SIP had been designed to work over end-to-end connections. As SIP is a self routing protocol, the SIP server and user agents use the source IP stated in the SIP header instead of the source IP stated in the IP header for their routing
Most 3rd party SIP clients use a technique called STUN to discover their global IP (behind the NAT, or as in your case the VPN local IP) and they put that IP in the source IP in SIP header.
Click to expand...
Click to collapse
is there any workaround? I do not want to install STUN server on a local pc. I connect to my router openvpn (dd-wrt firmware). mega version has also a milkfish sip server. I have been thinking maybe I could use it as proxy to resolve this one-way voice problem?
Hey, I had the same issue recently and I have found a solution: do not enable VoIP calls over 3G/GSM when using SIP Config Tool. I was actually able to make and receive VoIP calls over an OpenVPN connection - the sound was a little choppy at the callee's side, but in general it was quite good. The only problem I have so far is that the phone unregisters itself from server when going to standby mode and registers back when turning on, so I can receive calls only in the latter case.
shurik_1 said:
is there any workaround? I do not want to install STUN server on a local pc. I connect to my router openvpn (dd-wrt firmware). mega version has also a milkfish sip server. I have been thinking maybe I could use it as proxy to resolve this one-way voice problem?
Click to expand...
Click to collapse
Not to mention native SIP client you are using probably doesn't support STUN anyway.
Proxy idea sounds doable, but then WM device is still going to use the ip of its wireless interface in the INVITE message. Unless this is fixed by the router, milkfish will still be unable to encapsulate incoming RTP traffic into the VPN.
Perhaps you can mangle SIP INVITEs with sip_conntrack available at http://www.iptel.org/sipalg/?
Hi,
From Internate search I found this forum which is having very useful research and Discussion. I have one question and need solution and reply setp by step for the following issue:-
That I am trying to send voip call by using IP 192.168.0.20 using Port:6800 as SIP port to the Gateway from VPS (softswitch). At the destination we are using a Router (Dlink) for connectivity of internate and Gateway.
When I configure GW with IP 192.168.0.20 SIP port 6800 with username and password, and tried to connect Gateway as SIP client from Softswitch, the messages comes "The GW/Registrar Client does not register as SIP client". Thats means switch is not reaching to Gateway.
As I understand from some study that SIP-based communications cannot reach LAN users behind firewalls and NATs automatically because firewalls are designed to prevent inbound unknown communications.
I would much appreciate if any colleague from this forum may guide me step by step and let me know how this scenario can works.
Thanks
Sameel
I've Googled it and there are two ranges of ports you need open for it to work. Usually though ICE/Stun can get past that. Have you tried that?
Hi
I'm wondering if it possible to block the NSTV from using the internet if I not want it to. It looks like it uses much data I background that I can't find.
Is it a way to block it, but still have access to my LAN?
And a simple way to turn it on or off?
I use cable, no WiFi to my router.
Petter
Can't you either;-
Block access by device on your router
Or
Give the Shield a static IP address with no gateway / the wrong gateway
That can be an option. But it's not an easy way to manage.
Is there an way to code or an app that can change these network settings?
(So it's get a little bit easier to change it)
Asks again.
Is there an app for this now?
Tried an app for this that's made for phone, but that app was not usable for NSTV.
Don't remember the app name, but found in xda.