unknown
1970-01-01 00:00:00 UTC
To have this working, there must be a static NAT on our border firewall for each bridge to client combination for ports between 50000 to 52000.
This is not something that is scaleable nor easily maintainable.
Regards,
Neil Wood
Computer Support Officer
SECTE
Faculty of Informatics
University of Wollongong NSW 2522
T + 61 2 4221 4412
W www.uow.edu.au/informatics<http://www.uow.edu.au/informatics/index.html<http://www.uow.edu.au/informatics%3chttp:/www.uow.edu.au/informatics/index.html>>
[cid:***@01CE4A6C.045BC6D0]
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
accessgrid-tech mailing list
accessgrid-***@lists.sourceforge.net<mailto:accessgrid-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/accessgrid-tech
--_000_71A22A7D1F867D4DA0751D8880FDAB8826EFC79643CQUMAILstaffa_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoPlainText>Neil<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>You mentioned that you were using the APAG AG Bridge. I assume you have tried other bridges? <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>In regards to your "firewall" rules, would it be possible to have something like <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Source 130.102.78.178 (This is the IP Address for the AGAP Unicast Bridge)<o:p></o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Destination 10.*.*.* (Basically allow access to any system in the 10.x.x.x range)<o:p></o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Port Range 50000 to 52000<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>If this would be possible, it would be good to add another AG bridge for failover purposes.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Regards,<o:p></o:p></p><p class=MsoPlainText>Jason.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><span lang=EN-US style='mso-fareast-language:EN-AU'>-----Original Message-----<br>From: David Allingham [mailto:***@newcastle.edu.au] <br>Sent: Wednesday, 15 May 2013 10:30 AM<br>To: accessgrid-***@lists.sourceforge.net; Neil Wood<br>Subject: Re: [AG-TECH] FW: Access Grid use from behind a NAT firewall on privateaddress.</span></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Hi Neil,<o:p></o:p></p><p class=MsoPlainText> the way we do this at Newcastle is to run a unicast bridge server on a public addressed machine, and point the internal machines at that. However, this really only works due to an artefact of our network set-up, in that one of our internal networks (10.1.x.x, say) is "closer" to the public machines that others (10.2.x.x, say), so we move any PC that needs to reach the bridge to the 10.1.x.x network.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText> I guess that the proper way to do it is as your network people say, and open ports 50000-52000 on a per-machine basis; this could probably be done for a single machine that was running a bridge server, and the data thus distributed internally. Maybe :)<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText> David<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>>>> Neil Wood <<a href="mailto:***@uow.edu.au"><span style='color:windowtext;text-decoration:none'>***@uow.edu.au</span></a>> 15/05/2013 9:55 am >>><o:p></o:p></p><p class=MsoPlainText>Greetings,<o:p></o:p></p><p class=MsoPlainText> I am having difficulty in running Access Grid from behind a Firewall on a Private IP Address.<o:p></o:p></p><p class=MsoPlainText>The PC works fine on a public address from behind the same firewall, but as soon as I put the PC on a 10.x.x.x IP Address I can no longer see other nodes in both RAT and VIC, I can see my own there by nothing else.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>I have checked the firewall network activity and while on the Public address can see at the firewall traffic coming back from the bridge in to the address.<o:p></o:p></p><p class=MsoPlainText>But while on the public address there is no return traffic from the bridge (APAG for both tests) to the firewall even, so nothing.<o:p></o:p></p><p class=MsoPlainText>It does not seem to matter if I put in Proxy settings in Access Grid same issue.<o:p></o:p></p><p class=MsoPlainText>It is as if the bridge isn't even trying to return traffic to the private address at all.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Can anyone please advise on how the Access Grid protocols work for setting up a session, we are only using unicast here.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Our network guys comments below.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>>
This is not something that is scaleable nor easily maintainable.
Regards,
Neil Wood
Computer Support Officer
SECTE
Faculty of Informatics
University of Wollongong NSW 2522
T + 61 2 4221 4412
W www.uow.edu.au/informatics<http://www.uow.edu.au/informatics/index.html<http://www.uow.edu.au/informatics%3chttp:/www.uow.edu.au/informatics/index.html>>
[cid:***@01CE4A6C.045BC6D0]
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
accessgrid-tech mailing list
accessgrid-***@lists.sourceforge.net<mailto:accessgrid-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/accessgrid-tech
--_000_71A22A7D1F867D4DA0751D8880FDAB8826EFC79643CQUMAILstaffa_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoPlainText>Neil<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>You mentioned that you were using the APAG AG Bridge. I assume you have tried other bridges? <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>In regards to your "firewall" rules, would it be possible to have something like <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Source 130.102.78.178 (This is the IP Address for the AGAP Unicast Bridge)<o:p></o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Destination 10.*.*.* (Basically allow access to any system in the 10.x.x.x range)<o:p></o:p></p><p class=MsoPlainText style='margin-left:36.0pt'>Port Range 50000 to 52000<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>If this would be possible, it would be good to add another AG bridge for failover purposes.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Regards,<o:p></o:p></p><p class=MsoPlainText>Jason.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><span lang=EN-US style='mso-fareast-language:EN-AU'>-----Original Message-----<br>From: David Allingham [mailto:***@newcastle.edu.au] <br>Sent: Wednesday, 15 May 2013 10:30 AM<br>To: accessgrid-***@lists.sourceforge.net; Neil Wood<br>Subject: Re: [AG-TECH] FW: Access Grid use from behind a NAT firewall on privateaddress.</span></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Hi Neil,<o:p></o:p></p><p class=MsoPlainText> the way we do this at Newcastle is to run a unicast bridge server on a public addressed machine, and point the internal machines at that. However, this really only works due to an artefact of our network set-up, in that one of our internal networks (10.1.x.x, say) is "closer" to the public machines that others (10.2.x.x, say), so we move any PC that needs to reach the bridge to the 10.1.x.x network.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText> I guess that the proper way to do it is as your network people say, and open ports 50000-52000 on a per-machine basis; this could probably be done for a single machine that was running a bridge server, and the data thus distributed internally. Maybe :)<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText> David<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>>>> Neil Wood <<a href="mailto:***@uow.edu.au"><span style='color:windowtext;text-decoration:none'>***@uow.edu.au</span></a>> 15/05/2013 9:55 am >>><o:p></o:p></p><p class=MsoPlainText>Greetings,<o:p></o:p></p><p class=MsoPlainText> I am having difficulty in running Access Grid from behind a Firewall on a Private IP Address.<o:p></o:p></p><p class=MsoPlainText>The PC works fine on a public address from behind the same firewall, but as soon as I put the PC on a 10.x.x.x IP Address I can no longer see other nodes in both RAT and VIC, I can see my own there by nothing else.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>I have checked the firewall network activity and while on the Public address can see at the firewall traffic coming back from the bridge in to the address.<o:p></o:p></p><p class=MsoPlainText>But while on the public address there is no return traffic from the bridge (APAG for both tests) to the firewall even, so nothing.<o:p></o:p></p><p class=MsoPlainText>It does not seem to matter if I put in Proxy settings in Access Grid same issue.<o:p></o:p></p><p class=MsoPlainText>It is as if the bridge isn't even trying to return traffic to the private address at all.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Can anyone please advise on how the Access Grid protocols work for setting up a session, we are only using unicast here.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Our network guys comments below.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>>