On premises chat server with Fix IP address
Implementing Ozeki Chat Server on-premises requires a network configuration to ensure seamless communication for both local and remote clients. Within the Local Area Network (LAN), direct access to the chat server is established for local chat clients, including web browser, Windows, and mobile clients, facilitating efficient communication channels without external routing. However, remote access presents challenges, necessitating additional network configurations. This article explores the integration of NAT firewall, fixed public IP, DNS, and HTTPS protocols to enable secure and reliable communication for remote chat clients. Leveraging these technologies optimizes connectivity, security, and accessibility, enhancing the functionality of Ozeki Chat Server in diverse network environments.
NAT firewall + Fix public IP + DNS + HTTPS
When implementing Ozeki Chat Server on-premises (Figure 1), we assume that the chat server is installed on a local server within the LAN. This setup enables seamless communication among local LAN chat clients, including web browser chat clients, Windows chat clients, and mobile chat clients. These clients can access the chat server directly by typing in the local host name of the chat server into the browser (or as the workspace name on Windows chat clients, Android chat clients or 7264), establishing communication channels without the need for external routing or intermediaries.
Local chat client connections
To let local chat clients access your chat server on your LAN, setup a DNS name, that points to the local chat client. e.g.:
localchat.mydomain.com -> 192.168.1.30
Type in the following URL into your webbrowser:
http://localchat.mydomain.com
Remote chat client connections
For remote chat clients accessing the chat server over the internet, an additional layer of network configuration is required. These remote clients, whether web browser clients, Windows clients, or mobile phones, need to traverse the company firewall to reach the chat server. If the company firewall has a fixed IP address, remote chat clients can access the chat system with ease withouth having any third party involved. By configuring the firewall to allow incoming connections to the chat server's private IP address, remote users can establish secure communication channels seamlessly by simply provideing the fix public IP address as their workspace name in the Ozeki Chat clients or by providing a DNS name pointing to this fix public IP address.
To configure your company firewall, you first need to identify your public IP address, next you need to find the local IP address of your chat server and finally you have to create a port forwarding rule to forward traffic from the public IP to the local IP.
Step 1: Find your public IP address
A fixed public IP address on a company firewall refers to a static numerical identifier assigned to the external interface of the firewall that connects to the public internet. This IP address is assigned to the company firewall by the Internet Service Provider.
Unlike dynamic IP addresses, which can change periodically, a fixed public IP address remains constant and does not fluctuate over time. This fixed IP address serves as the public-facing identity of the company's network, enabling external clients and services to locate and communicate with internal network resources securely. By assigning a fixed public IP address to the firewall, the company ensures consistent and reliable connectivity for remote chat clients. Additionally, configuring network security policies, such as access control lists (ACLs) and port forwarding rules, based on the fixed public IP address enhances network security and facilitates efficient traffic management. Overall, a fixed public IP address on a company firewall provides stability, security, and accessibility for internet-based communication and services. If there is such an option, a fix IP address should be used instead of a dynamic IP address on your company firewall.
If you have installed Ozeki Chat Server on the computer, where you are viewing this webpage from, your public IP address is:
Your public IP address is:
3.15.202.169
If you have installed it on a different computer, or in a different network, or you are viewing this webpage through a proxy server, your public IP address is different.
Step 2: Find your local IP address
Next you need to identify the local IP address of the computer running your chat server. The local IP address can be found in your operating system. The following guide gives you instructions on how to find it:
How to find the local IP address of my computer on Windows
How to find the local IP address of my computer on Mac
How to find the local IP address of my computer on Linux
In our example we will use 192.168.1.30 as your local IP.
Step 3: Find your local IP address
Once you have your public IP address and your local IP address, you need to setup firewall port forwarding to route traffic through the firewall to your webserver. You would likely route two ports: 80 and 443 to the LAN ip address of your chat server.
3.15.202.169:80 -> 192.168.1.30:80
3.15.202.169:443 -> 192.168.1.30:443
Step 4: Setup a DNS to point to the fix public IP address
To streamline access for remote clients, a public DNS record can be set up to point to the fixed public IP address of the company's firewall. This DNS record makes it possible to use a domain name instead of the public ip address as the workspace name of the company.
Step 5: Create a HTTPS certificate to secure communication
To ensure data security and integrity during communication over the internet, an SSL certificate can be created and installed on the chat server, that can be assigned to the DNS name. This certificate encrypts data transmitted between remote clients and the chat server, safeguarding against eavesdropping and unauthorized access.
Background information: Using network address translation (NAT)
The above steps will create a Network Address Translation (NAT) system in your company that allows remote clients to connect. Network Address Translation (NAT) is a technique used in computer networking to modify network address information in the IP header of packets while they are in transit across a traffic routing device, such as a router or firewall. NAT allows multiple devices within a local network to share a single public IP address for communication with devices on external networks, such as the internet.
When it comes to an on-premises chat server NAT is used to facilitate chat traffic from the internet into the local Ozeki chat server by translating external IP addresses to internal ones. This process enables seamless communication between remote chat clients and the server while maintaining network security and conserving public IP address space.
There are several types of NAT, including:
Static NAT: Maps a fixed private IP address to a corresponding public IP address, allowing external devices to initiate communication with a specific device within the local network.
Dynamic NAT: Dynamically assigns public IP addresses from a pool of available addresses to devices within the local network as needed. This allows for more efficient use of public IP addresses.
Port Address Translation (PAT) or Network Address Port Translation (NAPT): Maps multiple private IP addresses to a single public IP address by using unique port numbers to distinguish between different connections. PAT is commonly used in home networks to allow multiple devices to share a single public IP address.
For Ozeki Chat server a simple port forwarding is sufficient, so a static nat cofiguration is a perfect option.
Conclusion
The explained network configuration offers a reliable, secure, and scalable solution for Ozeki Chat Server deployed on-premises. By leveraging fixed IP addresses, public DNS records, and SSL encryption, organizations can establish robust communication channels that can handle high loads of traffic while ensuring data confidentiality and integrity. With Ozeki Chat Server, organizations can empower their teams with seamless communication tools that foster collaboration and productivity in both local and remote work environments.
One of the key advantages of having a fixed public IP address on the firewall for remote access to Ozeki Chat Server is the consistency and reliability it provides. With a fixed IP address, remote clients can easily locate and connect to the chat server without the need to update or maintain dynamic IP address configurations. This simplifies the connection process for users and minimizes potential disruptions caused by IP address changes. Additionally, network routes can be configured in the Network Address Translation (NAT) table of the firewall to efficiently route incoming traffic to the designated internal IP address of the chat server. By mapping external IP addresses to internal network resources, NAT enables seamless communication between remote clients and the chat server while maintaining network security and integrity. Overall, leveraging a fixed public IP address and configuring network routes in the NAT table streamline remote access to Ozeki Chat Server, enhancing connectivity and user experience for remote users.
More information
- Ozeki Air Gapped Chat System on LAN with local DNS
- Ozeki Chat NAT configuration with Fix public IP and DNS with HTTPS
- Ozeki Chat NAT configuration dynamic DNS with HTTPS
- How to setup port forwarind on a router for the chat server
- How to setup a Dynamic DNS (DDNS) client
- How to setup Ozeki Chat Server on a network where firewall port forwarding is disabled
- How to determine the local IP address of my computer