How to tranfer files over router firewall
Download as PPTX, PDF0 likes8 views
Tranfering files over router firewall
![import asyncio
import aiortc
from aiortc import RTCIceCandidate, RTCSessionDescription
from aiortc.contrib.signaling import SimpleWebSocketSignaling
# Configure STUN and TURN servers
STUN_SERVER = "stun:stun.l.google.com:19302"
TURN_SERVER = {
"urls": ["turn:<your-turn-server-address>:<port>"],
"username": "<your-username>",
"password": "<your-password>",
}
# Create an asyncio event loop
loop = asyncio.get_event_loop()
# Create a peer connection
pc = aiortc.RTCPeerConnection()
# Add STUN and TURN servers as ice servers
pc.addIceServer(STUN_SERVER)
pc.addIceServer(TURN_SERVER)
SOLUTION #2 :
# Signaling setup (this can be WebSocket or any other signaling method)
signaling = SimpleWebSocketSignaling(pc, loop=loop)
@pc.on("datachannel")
def on_datachannel(channel):
@channel.on("message")
def on_message(message):
# Handle incoming messages (file transfer)
pass
# Signaling loop (replace with your signaling logic)
async def run():
await signaling.connect()
await signaling.create_offer()
if __name__ == "__main__":
loop.run_until_complete(run())
loop.run_forever()
Client Configuration in Python using aiortc:](https://image.slidesharecdn.com/tranferingfilesoverrouterfirewall-250521123135-e8dfc226/85/How-to-tranfer-files-over-router-firewall-10-320.jpg)
How to tranfer files over router firewall
- 2. the purpose of these slides is to summarize how to make pdf files available to a third party who has received a link. GOAL
- 3. ARCHITECTURE Local network 1 ex: 10.5.2.0/23 Local network 2 ex: 172.16.2.0/23
- 4. Customer SP WEBHOOK APP Send message Broadcast SERVER The customer client on a link from the message https://file.toto.com/webhookpdf= <ID> file.toto.com As a response of the https request, the expected file is redirected over the https request SOLUTION #1 : The PDF generated is pushed to the file server
- 5. SOLUTION #1 : Deploy a pdf on server (eg: aws) using an instance of linux + webdav
- 6. SOLUTION #2 : Using the link provided by the webhook, it request a pdf file on the lamp server then download it over STUN/TURN locally before to redirect the file to the customer !
- 7. SOLUTION #2 : Keep the pdf on the SP and offer a way to download it through the firewall ! For that purpose we need to deloy on aws To transfer files over NAT (Network Address Translation) using STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays around NAT), you can set up a combination of these protocols to help establish a direct connection between peers behind NAT. Here's how you can achieve this: Prerequisites: STUN/TURN Server: You'll need access to a STUN/TURN server. You can install one or use a publicly available service. Steps: 1. Set Up a STUN Server: ○ A STUN server helps peers discover their public IP and port information. You can set up a STUN server or use a publicly available one. Many STUN servers are freely available, such as stun:stun.l.google.com:19302. 2. Set Up a TURN Server: ○ A TURN server acts as a relay when direct peer-to-peer connections are not possible due to NAT or firewall restrictions. You can use Coturn or another TURN server software. 3. Client Configuration: ○ On the client-side (behind NAT), configure your application to use the STUN and TURN servers for NAT traversal. Provide the STUN server's address and the TURN server's address, port, and credentials (if required).
- 8. Coturn TURN server Docker image The TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server and gateway, too. $ docker run -d -p 3478:3478 -p 3478:3478/udp -p 5349:5349 -p 5349:5349/udp -p 49152- 65535:49152-65535/udp coturn/coturn https://hub.docker.com/r/coturn/coturn SOLUTION #2 :
- 9. File Transfer: with the client and server configured to use STUN and TURN, your application can now establish a direct connection between peers. When initiating a file transfer, the application should use the discovered public IP and port (via STUN) or relay through the TURN server if a direct connection cannot be established. Here's a simplified example of how you might configure a STUN/TURN server and a client application in Python using the aiortc library: Set Up a STUN/TURN Server: You can use publicly available STUN servers, but for TURN, you may need to set up your own server (e.g., Coturn). SOLUTION #2 :
- 10. import asyncio import aiortc from aiortc import RTCIceCandidate, RTCSessionDescription from aiortc.contrib.signaling import SimpleWebSocketSignaling # Configure STUN and TURN servers STUN_SERVER = "stun:stun.l.google.com:19302" TURN_SERVER = { "urls": ["turn:<your-turn-server-address>:<port>"], "username": "<your-username>", "password": "<your-password>", } # Create an asyncio event loop loop = asyncio.get_event_loop() # Create a peer connection pc = aiortc.RTCPeerConnection() # Add STUN and TURN servers as ice servers pc.addIceServer(STUN_SERVER) pc.addIceServer(TURN_SERVER) SOLUTION #2 : # Signaling setup (this can be WebSocket or any other signaling method) signaling = SimpleWebSocketSignaling(pc, loop=loop) @pc.on("datachannel") def on_datachannel(channel): @channel.on("message") def on_message(message): # Handle incoming messages (file transfer) pass # Signaling loop (replace with your signaling logic) async def run(): await signaling.connect() await signaling.create_offer() if __name__ == "__main__": loop.run_until_complete(run()) loop.run_forever() Client Configuration in Python using aiortc:
- 11. Customer SP WEBHOOK APP Send message Broadcast COTURN Registering SERVER Registering The customer client on a link from the message https://iceproxy.toto.com/webhoo kpdf=<ID> iceproxy.toto.com The server download the pdf file from the SP suing a TURN relay Once the file is downloaded, the expected file is redirected over the https request SOLUTION #2 :
- 12. SOLUTION #2 : This example uses the aiortc library, which allows you to establish WebRTC-based peer connections. The client is configured with STUN and TURN servers for NAT traversal, and you can handle file transfer logic in the on_message callback. Please replace <your-turn-server-address>, <port>, <your-username>, and <your-password> with the actual information for your TURN server. Additionally, adapt the signaling setup to your specific use case, as this example provides a simplified signaling mechanism.