Hi Neil,
the way we do this at Newcastle is to run a unicast bridge server on a public
addressed machine, and point the internal machines at that. However, this
really only works due to an artefact of our network set-up, in that one of our
internal networks (10.1.x.x, say) is "closer" to the public machines that
others (10.2.x.x, say), so we move any PC that needs to reach the bridge to the
10.1.x.x network.
I guess that the proper way to do it is as your network people say, and open
ports 50000-52000 on a per-machine basis; this could probably be done for a
single machine that was running a bridge server, and the data thus distributed
internally. Maybe :)
David
>>> Neil Wood <nw...@uow.edu.au> 15/05/2013 9:55 am >>>
Greetings,
I am having difficulty in running Access Grid from behind a
Firewall on a Private IP Address.
The PC works fine on a public address from behind the same firewall, but as
soon as I put the PC on a 10.x.x.x IP Address
I can no longer see other nodes in both RAT and VIC, I can see my own there by
nothing else.
I have checked the firewall network activity and while on the Public address
can see at the firewall traffic coming back from the bridge in to the address.
But while on the public address there is no return traffic from the bridge
(APAG for both tests) to the firewall even, so nothing.
It does not seem to matter if I put in Proxy settings in Access Grid same issue.
It is as if the bridge isn't even trying to return traffic to the private
address at all.
Can anyone please advise on how the Access Grid protocols work for setting up a
session, we are only using unicast here.
Our network guys comments below.
>From the packet captures and documentation regarding Access Grid, I am certain
>that the external bridge is establishing a new connection back to the AGR
>client.
To have this working, there must be a static NAT on our border firewall for
each bridge to client combination for ports between 50000 to 52000.
This is not something that is scaleable nor easily maintainable.
Regards,
Neil Wood
Computer Support Officer
SECTE
Faculty of Informatics
University of Wollongong NSW 2522
T + 61 2 4221 4412
W www.uow.edu.au/informatics<http://www.uow.edu.au/informatics/index.html>
[cid:image001.png@01CE4A6C.045BC6D0]
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
accessgrid-tech mailing list
accessgrid-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/accessgrid-tech
