Lab 8: Servers, Ports, and Firewalls

 

Objective

To learn about ports and firewalls.

 

Guess the Number Server

For this lab, we will be setting up a "guess the number" game server on our Virtual machine. To do this, we can use the following Python program as the server:


#!/usr/bin/python3

import socket
import threading
import random

# host (internal) IP address and port
HOST = "10.40.88.78"
PORT = 5221

# handle one client in a thread
def handle_client(connection, address):
    connection.sendall("Welcome to the guess the number game!\n".encode())
    connection.sendall("Think of a number 1 to 1000!\n: ".encode())
    secret = random.randint(1, 1000)
    while True:
        try:
            number = int(connection.recv(1024).decode())
            if number == secret:
                connection.sendall("Correct! Goodbye!\n".encode())
                break
            elif number < secret:
                connection.sendall("Too low, try again\n: ".encode())
            else:
                connection.sendall("Too high, try again\n: ".encode())
        except:
            connection.sendall("Invalid input.  Goodbye!\n".encode())
            break

    connection.close()


def main():
    # listen on the port specified
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.bind((HOST, PORT))
    sock.listen()

    # wait forever gathering clients
    while True:
        connection, address = sock.accept()
        print("Received a connection from", address)
        t = threading.Thread(target=handle_client, args=(connection,address))
        t.start();

main()

To run this, you will need to replace the HOST constant with the IP address of your virtual machine. You can optionally change the port to any number between 1024 and 65,535. Leaving the value unchanged should cause no problems.

You could use the material we covered in Lab 2 to make this server constantly run. But that's optional for this lab.

 

Firewall Configuration

We should be able to connect to this server from our VM itself, but the Google Cloud firewall will filter out external traffic attempting to connect to this server. In your local computer (not your VM), you can try connecting using the following command:

$ nc IP 5221

Where we replace "IP" with the external IP address of our VM. Since we have not yet configured the firewall to allow this traffic, it will not connect. This will mean the nc command will not connect and just hang.

If you are using Windows on your local computer, you may have to use Windows Subsystem for Linux to be able to run the nc command.

So in order to create a server, we must first open a port in the firewall. A firewall is a system that monitors network traffic coming into or out of a machine. It has a list of rules on what sort of traffic is allowed. If we don't tell the firewall to allow traffic on a port, none will get through.

Now we need to configure the Google Cloud firewall to allow this traffic:

  1. Navigate to http://console.cloud.google.com/.
  2. Go to "Compute Engine" and then "VM instances" from the navigation menu.
  3. Click the "⋮" next to your VM, and select "View network details".
  4. Choose "Firewall" from the menu on the left.
  5. Click "Create Firewall Rule" from the top of the screen.
  6. For name put anything you like. Maybe "guess-the-number".
  7. Leave "Logs" off, and the Network on "default".
  8. Leave "Direction of traffic" on "Ingress", and "Action on match" as "Allow".
  9. Change "Targets" to "All instances in the network".
  10. Set "Source filter" to "IP Ranges".
  11. Put in "0.0.0.0/0" for "Source IP Ranges" which will allow any IP to connect on the port.
  12. Leave "Second source filter" on "None"
  13. Set "Protocols and ports" to "Specified protocols and ports".
  14. Check "TCP", and put the port you are using in the field next to it.
  15. Finally, click "Create".

If everything was filled out, you should be back at the list of firewall rules. You should see a row for the rule we just added, alongside rules for allowing HTTP and SSH.

 

Connecting

Now that we have the firewall setup to allow incoming traffic on port 5221 (or another port if you changed it), then we should be able to connect with the nc command:

$ nc IP 5221
Welcome to the guess the number game!
Think of a number 1 to 1000!
: 500
Too low, try again
: 750
Too high, try again
: 625
Too low, try again
: 712
Too low, try again
: 736
Too low, try again
: 742
Too high, try again
: 739
Too high, try again
: 737
Too low, try again
: 738
Correct! Goodbye!

The nc command allows us to connect to servers on specific ports and send data back and forth. It's very helpful for debugging networked applications and here, can serve as the "client" for our guess the number game, because the protocol is so simple.

 

Submitting

When you're done, take a screenshot of your terminal running the nc command attached to the server running on your VM, and submit that to Canvas.