CJ Keist wrote:
I guess this is where I don't understand how you get a DTU on one VLAN
to connect to a FOG on a different VLAN network?
By connecting your VLANs with routers, which is how VLANs normally work.
I'm assuming you're saying that you have two disconnected subnets, with
servers on each, and you are trying to forward a Sun Ray to another
subnet, by using one Sun Ray server as a router?
There's nothing about VLANs that requires NAT - a VLAN is simply a
partition of a switch into separate subnets.
Although we don't test it, you could probably simply turn on
ipforwarding in your Sun Ray server and let it be the router, but that's
probably not optimal from a performance perspective - that's what
routers are for (which is why we don't test it). You might confuse the
Group Manager, however.
-Bob
Just enabling IP forwarding on my test server didn't allow my DTU to
goto the FOG-A VLAN network. So I used the IP NAT rules to solve that
problem.
On my TEST-A server network config:
ce0: 192.168.129.1 (connected to TEST-A VLAN network)
ce1: 192.168.100.3 (connected to FOG-A VLAN network)
eri0: 129.xx.xxx.xxx (connected to our regular network)
I even tried setting the host ip to 192.168.129.1, but that didn't
work either. But it did work echoing the the host IP address as my
eri0 network address!?!? But not sure that is the correct way of
making this work?
Bob Doolittle wrote:
If your DTU is presenting the address of 192.168.100.3, then you
can't redirect the DTU to connect to 192.168.100.3.
Also, an SRSS server cannot operate behind a NAT firewall, although a
DTU can.
-Bob
CJ Keist wrote:
Bob,
Yes the FOG-A servers see my test DTU as coming from
192.168.100.3. The only way I was able to get my DTU to get out of
the TEST-A VLAN to my FOG-A VLAN was with IP forwarding and IP NAT
enabled on my TEST-A server. My IP NAT config is:
map ce1 192.168.129.0/24 -> 192.168.100.3/32
Bob Doolittle wrote:
I don't see how your can get the debug output in your FOG-A script
that you state, given the addresses you are quoting.
The problem is this line:
if [ "$username" = "" -a "$terminal_ip_addr" = "192.168.100.3" ]
terminal_ip_addr will be the IP address of your *DTU*, not your
*Server*.
You say that your server IP address is 192.168.100.3, so this test
should always fail, but in your debug output you show "Send Use
First", which should never happen if the test fails.
Are you sure you are quoting your addresses correctly in the mail
you sent?
If 192.168.100.3 is in fact your DTU address, then you shouldn't be
returning "host=192.168.100.3" since that should be a server address.
If this doesn't help, please resend your data, clearly labeling
your server and DTU addresses separately.
If you are using DHCP, you probably should never be comparing
terminal_ip_addr directly since you don't know the addresses your
DTUs will be getting.
That value was supplied so you could mask it appropriately before
comparing to a subnet address, if you wished to make some decision
based on a subnet on which a Sun Ray resided. It can't be usefully
used without masking in a script unless you use fixed addresses for
DTUs. If you want to make a per-DTU decision, you can use the
terminal_cid, which is a constant based on the MAC address of the
DTU (e.g. IEEE802.080020010203 for a MAC of 080020010203).
-Bob
CJ Keist wrote:
I'm still working on getting this work. Here is what I'm running
up against now.
I have a test sunray group, TEST-A, setup in kiosk mode running
just a web broswer. I have it setup with AMGH so that when you
insert a smart card it will connect you to our main sunray server
group, FOG-A. That part works fine. The problem is that when I
remove my card the DTU remains connected to the FOG-A servers. My
setup:
TEST-A -
Network:
VLAN 192.168.129.0 (test kiosk network)
VLAN 192.168.100.3 (Connection to our FOG-A network)
129.xx.xxx.xxx (regular network)
Server is configure with out dedicated interconnects.
IP forwarding is enabled
FOG-A -
Network:
VLAN 192.168.100.0 (FOG-A network)
129.xx.xxx.xxx (regular network)
Servers are configured with dedicated interconnects to
the
192.168.100.0 VLAN.
Here is the AMGH script on my test kiosk server:
#!/bin/sh
DBFILE=/opt/SUNWutref/amgh/back_end_db
OUTPUT=/opt/SUNWutref/amgh/out.txt
# parse the args into shell vars
while read A
do
eval "$A"
done
touch $OUTPUT
echo "UserName: $username">>$OUTPUT
echo "Token: $token" >>$OUTPUT
echo "Terminal CID: $terminal_cid">>$OUTPUT
echo "Terminal IP: $terminal_ip_addr">>$OUTPUT
echo "Insert Token: $insert_token">>$OUTPUT
echo "Display: $display">>$OUTPUT
# if a username is provided
if [ -n "$username" ]
then
echo "host=192.168.100.1"
exit 0
fi
exit 0
This works as I said. I can put in my smart card and it does
connect to our FOG-A servers and finds my session.
On our FOG-A servers here is the AMGH script they run:
#!/bin/sh
OUTPUT=/opt/SUNWutref/amgh/out.txt
# parse the args into shell vars
while read A
do
eval "$A"
done
touch $OUTPUT
echo "UserName: >>$username<<">>$OUTPUT
echo "Token: $token" >>$OUTPUT
echo "Terminal CID: $terminal_cid">>$OUTPUT
echo "Terminal IP: $terminal_ip_addr">>$OUTPUT
echo "Insert Token: $insert_token">>$OUTPUT
echo "Display: $display">>$OUTPUT
if [ "$username" = "" -a "$terminal_ip_addr" = "192.168.100.3" ]
then
echo "Send Use First">>$OUTPUT
echo "host=192.168.100.3"
#echo "use_firstserver=true"
fi
exit 0
This doesn't work. I have tried both the setting host ip and
the use_firstserver flag. Here is the debug output of the server
my test DTU connects to after I pull my card:
UserName: >><<
Token: pseudo.00144fb1d1ef
Terminal CID: IEEE802.00144fb1d1ef
Terminal IP: 192.168.100.3
Insert Token: pseudo.00144fb1d1ef
Display: :39
Send Use First
It is the same if I use the "use_firstserver" flag as well. The
DTU is not connecting back to my test kiosk server for some
reason. Any ideas why? Is it that the DTU is suppose to pickup
the echo statements and know what to do?
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
