New to firewalls, portforwarding and am building an inventory system

Hi everyone! 

Over the last two months, I built a GUI inventory system consisting of a server app and a client app. The aim is to have a digitalized recordkeeping system for manufacturing companies. I built it in python and used FTP_TLS library for the communication protocol. I have finished building all the features and both apps runs perfectly on different computers at my place where I have only 1 router. I have worried nothing about firewalls and portforwarding, which I think is important for real world usage. 

We can assume that the server app(which I think should have a static IP) and the various client installations will be connected to the internet via different ISPs. A client app could be anywhere in the world but would need to be able to connect to the server. 

What do I need to know about firewalling and port forwarding specifically related to the server?

Sorry if this is a very basic question. If someone could provide me brief overview, I would appreciate it very much.

You would be using a VPN, the host software would be at the client end not on some remote server, what about the SQL dbase to keep track of records, etc.?

Redo the networking to use openssl and https

I built it with openssl and FTP_TLS. I think the encryption is fine. I ran a lot of test today with my friend who is located away. The system was not able to make a connection. I helped him set up the server node because he owned his router, unlike me(organization router). We setup an address reservation, and then setup port forwarding rules for 1) Default ftp, then 2) ports 60000-65000 and 3) Port 990. I tried connecting with the client app, and it didn't work. I am feeling very dismayed, because I worked more than a hundred hours on this project and it is not coming to fruition because of one last thing.

With https you wouldn't need to worry about any firewalls cause https uses port 443 and is already operational on networks.

Thank you for your reply! I will try that.

But wouldn't other services be blocked from using that port while the server is running? 

We weren't able to port forward on 443 because of an error saying that that port is reserved for remote management. Should I consider trying SFTP which uses port 22? It's not too much change to my program code. 

Edited by settingupasystem, 19 April 2024 - 12:10 PM.

I spent many hours trying to convert the code bases to https, but it didn't work because chatgpt wasn't working hard. I have finals week next week, so I am pausing this project for a bit. 

edit: btw I am not a cs major.

Edited by settingupasystem, 20 April 2024 - 10:41 PM.

What is "organization router"?

If you setup a server for your services, it needs a known Internet route for your clients.  If this is a business you are starting, you should consider purchasing web hosting.  Some prices are really affordable.

If you want to piggy-back on your employer's equipment, forget it.  It's ground to kick you out of your job.  Better yet, ask the permission to your boss, and if he accepts, he will do the required Internet wirering stuff.

You could try to do this at home.  Often, ISP don't allow servers, so if they find out (and they can find out), they will terminate your Internet subscription.  If tolerated but your are on a changing IP Internet service, you can use a dynamic DNS service so your clients can reach you whatever your IP is, but you will need to configure your home router properly.

But my recommendation, go with web hosting solution.

Hello again, I spent a lot of time setting up a basic https system (for the first time ever). I used pythons request library and http.server. For all functional purposes, I have pretty much completed my client-server system. Only one problem remains- I am struggling with securing the connection. Everything works fine when response.(url, headers,  verify=False). I am using self signed certificate. I have set the certificate as a trusted certificate through windows cert manager. When I attempt to do a secure connection with verify=pathtopublickey.pem, I keep getting error "HTTPSConnectionPool(host='192.168.1.71', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2423)')))"

Much appreciate any help!

Hello again, I spent a lot of time setting up a basic https system (for the first time ever). I used pythons request library and http.server. For all functional purposes, I have pretty much completed my client-server system. Only one problem remains- I am struggling with securing the connection. Everything works fine when response.(url, headers,  verify=False). I am using self signed certificate. I have set the certificate as a trusted certificate through windows cert manager. When I attempt to do a secure connection with verify=pathtopublickey.pem, I keep getting error "HTTPSConnectionPool(host='192.168.1.71', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2423)')))"

Much appreciate any help!

The end of file error was because my server script was expecting the clients certificate. The cert requirement line slipped in due to chatgpt. The bane of AI-coding. So I built the entire transport system now. When I showed the completed product to the people running the inventory, they highlighted the neccessity for more features and described the same to me in detail. So I am building those currently. 

Thank you cryptodan for your guidance. This project might become successful.