23 Mar Linket and a Firewall
Here is a simple question: How can a computer find its Internet address?
This assumes:
a) The computer is already on the Internet, of course.
b) The computer can be mobile (a cellphone or laptop) or a PC.
You might think the question is simple. Since the device is assumed to be on the Internet, then it uses its own pre-programmed low-level language to directly ask “What is my address?” Problem solved? Yes!
But consider the same question when the computer is behind a firewall.
a) On the other side is the Internet.
b) The firewall makes a subnet and the computer sits in this subnet.
The firewall hands out Internet addresses to machines in its subnet. So our computer gets the address 2.3.4.5,
say. This address is made using the rules of the Internet. It is an Internet address.
Is the problem solved? No!
The firewall handed out Internet-formatted addresses to computers in the subnet. Those addresses might already be used by other machines on the true Internet. So our mobile phone got 2.3.4.5. But another computer on the true Internet may already be using this address.
WHY?
1. THE FIREWALL TRANSLATES ADDRESSES OF ALL INCOMING AND OUTGOING MESSAGES.
For Example:
1. A device sends a message to xyz.com, which is on the Internet.
2. The message goes to the firewall from the device.
3. The firewall changes the source address inside the message header from 2.3.4.5 to, say,10,11.12.13:200, where we assume that the firewall has the Internet address 10.11.12.13. The notation means the firewall assigned the port 200 to the device.
4. When xyz gets the message, it thinks it is coming from 10.11.12.13:200. It does some things and makes a reply that
goes to 10.11.12.13:200.
5. The firewall gets this reply, rewrites the header destination address to 2.3.4.5 and sends the message to our device
Now suppose our device is a cellphone with an app. Often, an app is started when the user is in a coffeehouse, using the shop’s WiFi to get to the Internet via a hot spot. Or the phone might be using its carrier to access the Internet. Either way, the above happens. Users simply see it work.
1. When that app is started, it calls home to its app server, which we take here to be xyz.com.
2. Many apps have app servers.
Consider when Linket’s Registry is used. (It sits at an Internet address like xyz.com.)
1. When the linket owner runs an app, it sends a message to the Registry.
2. The Registry makes a deep link that has the owner’s address on the Internet.
3. The address is taken from the source field of the Internet header coming from the app inside the firewall.
Later when a second phone sends the linket to the Registry, the Registry replies with the deep link in its database. In general, the second phone is in a different subnet, at a totally different location from the first phone. The message to the second phone has in the body of the message the deep link. And the deep link contains the address 10.11.12.13:200, which is the outward facing address of the first phone. The second phone can now send to that address. The first phone’s firewall will translate that into the internal address of 2.3.4.5 and forward the message to the first phone.
No Comments