Saturday, April 23, 2016

firewall - Unable to connect to APNS with java-apns



I've got a Java program running on a firewalled server that is intended to send push notifications to my iPhone app by using java-apns. Problem is, whenever I try to send a notification the library fails to connect to the APNS server. From the stack trace, it seems that when creating the required SSL connection, the connection is being refused at some point (a java.net.ConnectException with a detail message of "connection refused" is being thrown when the library calls SSLSocketFactory's createSocket method).



It would not surprise me at all if the firewall is blocking the connection, but unfortunately as I do not manage the server I am unable to verify that that is indeed the case. The fact that the program works fine from my (non-firewalled) desktop seems to support the theory.



My question is, does anyone know of any method by which I can find the root cause of the problem, and/or can anyone tell me what I should tell the server admin to change to get things to work (if it is indeed the firewall that's the problem)? My understanding of such things is a bit limited, but it should be as simple as unblocking outgoing connections on port 2195 (the port used by the APNS servers), right?



For reference, the server is a Linux box and I'm using version 0.1.2 of java-apns.


Answer




Well, you should start by simply asking him/her to unblock port 2195 outgoing.



Here's an example:



iptables -A OUTPUT -o eth0 -p tcp --dport 2195 -j ACCEPT



The above assumes that eth0 is the external, internet-facing interface.



You may also have to add a line for incoming (assuming the source is also port 2195 on the other end):




iptables -A INPUT -i eth0 -p tcp --sport 2195 -j ACCEPT



If the source port for the return communication is randomized, you will have to use the state module in iptables to track the connection:



iptables -A OUTPUT -o eth0 -p tcp --dport 2195 \ 
         -m state --state NEW, ESTABLISHED, RELATED \
         -j ACCEPT

iptables -A INPUT -i eth0 -p tcp \
         -m state --state ESTABLISHED, RELATED \

         -j ACCEPT


That's very basic. The administrator is responsible for this kind of thing, not you, so modification of the above is likely necessary. HTH.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...