Firewall : is inbound required for getting response while outbound rule already there?

Question

1.00/5 (1 vote)

See more:

, +

I developed one MVC web application which have Web APIs and hosted in Amazon Instance and one windows application for calling those APIs for getting response from that server.

Both Web and Windows applications are developed in asp.net framework 4.5 using c# language.

Windows application is installed in more than 200 client's system which are highly secure servers it selves with all Inbound ports blocked in Firewall.

I am using HttpWebRequest with BindIPEndPoint for calling Web APIs using configured TCP port range [default 7777-7786].

API calls working fine from Windows Application if there are Allow Inbound and Outbound firewall Rules.

But the problem is clients are not allowing me any Inbound Firewall rules, they only allowing Outbound Firewall rules for those port range And Windows application is not working with blocked inbound rules for those port range.

Is it must I need to open Inbound Rule in Firewall for those port range for calling/getting request/response to/from APIs ? If no need of Inbound Firewall rule then please explain Why ?

What I have tried:

Below is the API call which use one static TCP port in my Windows Application :

C#

try
	{
		string address = RevWatchURL;
		address = address + "api/GetRevGuardLatestPatch";
		HttpWebRequest httpWebRequest = WebRequest.Create(address) as HttpWebRequest;
		httpWebRequest.ContentType = "text/json";
		httpWebRequest.Method = "POST";
		httpWebRequest.Timeout = 300000;

		httpWebRequest.ServicePoint.BindIPEndPointDelegate = 
			new BindIPEndPoint(CommonValues.BindIPEndPointCallbackRGPatch);

		string enRevGuardUniqueId = 
		Encryption.EncryptionTechnique(Convert.ToString(UniqueId), null, null);

		using (var streamWriter = new    StreamWriter(httpWebRequest.GetRequestStream()))
		{
			string json = "{\"UniqueId\":\"" + enRevGuardUniqueId + "\"}";

			streamWriter.Write(json);
			streamWriter.Flush();
			streamWriter.Close();
		}

		try
		{
			var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
			using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
			{
				returnVal = streamReader.ReadToEnd();
				streamReader.Close();
				httpResponse.Close();
			}
		}
		catch (WebException ex)
		{
		}
		finally
		{
			httpWebRequest.Abort();
		}

		Obj = JsonConvert.DeserializeObject<CommonValues.RevGuardPatchClass>(returnVal);
	}
	catch (Exception ex)
	{
		MessageBox.Show("Error", "API", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
	}

BindIPEndPoint Method:

C#

public static IPEndPoint BindIPEndPointCallbackRGPatch
       (ServicePoint   servicePoint, IPEndPoint remoteEndPoint, int retryCount)
{
    return new IPEndPoint(IPAddress.Any, 7777);
}

Posted 14-Oct-16 0:47am

Krunal Ifuturz

Updated 15-Oct-16 2:01am

Suvendu Shekhar Giri

v3

Add a Solution

Comments

Richard Deeming 14-Oct-16 10:00am

You shouldn't need an inbound rule, since the request is initiated by a computer within the network. An outbound rule should be sufficient. If it wasn't, the computers within the network wouldn't be able to access the Internet.

What happens if you remove the BindIPEndPoint code?

Krunal Ifuturz 15-Oct-16 1:13am

If I remove BindIPEndPoint, the client's system will take TCP port automatically but the requirement is to use particular port range which configured by client so I am using BindIPEndPoint to call APIs from that TCP port range only.

One more thing when I block that port range in Firewall as Inbound rule, the call goes to 'SYN_SENT' status [verified using netstat -b].

OriginalGriff 15-Oct-16 5:52am

Don't "bump" your question - it's rude and unnecessary.
By all means add information, but editing it just to get it back to the head of the list? That's just rude.

Krunal Ifuturz 15-Oct-16 7:44am

I edited just one tag nothing else question is as it was.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)