Possible to ssh tunnel Bonjour traffic across different subnets?

Similar Messages

• Is it possible to cluster appliances across different subnets?

  We are attempting to cluster two appliances across different subnets in order to provide greater survivability. Although we were able to cluster the appliances, the manageability of the appliances has become somewhat impaired. We've opened ports 443, 22 and 2222 between the two appliances. The appliances are C350s running AsyncOS 7.1.3-010. Are we missing something?
  Thanks,
  Rob

  Rob,
  Are these appliances communicating using IP addresses? If yes, in order to a join cluster,using IP addresses there must be a reverse DNS  (PTR) record configured in DNS server for the Cisco IronPort appliance.Please check that if the the reverse lookup works. If not, it might be another issue.
  Regards,
  Jyothi Gandla
  Customer Support Engineer

• Communication across different subnets using DatagramSocket class

  Hi All
  I've written a simple client-server program to send broadcast messages across the network and receive them back after some processing. The problem is that the messages sent by the program are not received across the subnets i.e. my program broadcasts messages only on the one subnet. I am using DatagramSocket class. Is there any way to communicate across the subnets using DatagramSocket class or will I've to use the some other class like MulticastSocket?
  Thanks in advance
  Neeraj

  neejain wrote:
  The problem is that the messages sent by the program are not received across the subnets
  Your router/gateway is probably set up to drop udp. This is usually done by network administrators to prevent things like broadcast storms across large networks. If you have admin access to the router, you should be able to change it to allow routing of udp.
  God bless,
  -Toby Reyelts

• Mobility groups, failover across different subnets

  I've been reading up on 5.1 and am wondering how and if actual failover across subnets is an option.
  I understand the roaming of clients from controllers in the same MG on diff subnets.
  How does it work if your primary "anchor" isn't alive to replicate the DB entry to the off-subnet controller? Say if my local WIsm's die and the backup is in the next state, how will the AP's maintain connectivity?
  thanks!

  Yes, but tha ap's will take the new configuration from that WLC. Also... users will get tunneled back to that wlc and be dumped off in that subnet. So make sure you understand the ssid and what ip's clients will get when they associate to different wlc's. That should do it.

• Sharing across different subnets

  I have successfully connected a remote PC to my WRV54G using QuickVPN.  That remote PC can ping computers across the VPN and those computers can likewise ping the remote PC.  I have even successfully connected with Remote Desktop from that remote PC and controlled a computer across the VPN.
  I can not, however, access shared resources on the computers across the VPN from the remote PC.  (For the sake of discussion, assume that no firewalls exist in my scenario.)  The remote PC has a local IP address of 192.168.1.4 and the computers behind the VPN have a local subnet of 10.109.220.0.  I attempted to use the "run" command in windows and typed "//10.109.220.100/" from the remote PC to open the shared resources on the computer with that address.  This did not work; I only received an error message.  I didn't expect to be able to "see" computers across the VPN since the subnets are different, but I did expect to be able to access shared resources if I knew the IP addresses beforehand.
  Can anyone help me?

  Is the remote computer in the same Workgroup as the local computer? It might help if they are.

• How DLNA Across different Subnet???

  Hi all,
  I have a NAS storage for media server on my VLAN subnet 10.10.30.0 and i have two more VLAN 10.10.10.0 and 10.10.20.0 i want to access my media server on these two VLANs as well. how i can allow broadcast for DLNA(Media Sever) on my router.

  I got this working by using "ip multicast-routing" and adding "ip pim sparse-dense-mode" under the relevant VLAN interfaces.
  I did have to activate the advipservices license on my 881W. Otherwise my device does not support "ip pim".

• RV320 Bonjour Discovery across VLANs?

  Hi
  I have a network consisting of 2 VLANs - one for the "main" network and one for a "guest" network setup using an RV320 router. I have a couple of Apple TVs and a Sony smart TV setup on the main network VLAN. I would like these devices to be discoverable and usable on the guest VLAN as well. After reading various articles about Bonjour, it seems that this is not easily done.
  Can anyone confirm whether or not it is possible to provide this functionality on the RV320 router? Any advice would be most appreciated.
  Regards.

  Hi Richard,
  My name is Andrew and I am a content developer for the Cisco knowledge base.
  There is bonjour discovery on the RV320. According to the admin guide, page 61, under the System Management tab. " When this feature is enabled, the device
  periodically multicasts Bonjour service records to the LAN to advertise its
  existence." According to the photo I provided, it does allow you to enable bonjour on different VLANs.
  From there, you can enable or disable bonjour for specific VLANs.
  It seems like your configuration would be similar to this topology below,
  Where the RV320 can route traffic across different VLANs (with bonjour enabled). You might want to check your Port Management tab if inter-vlan routing is enabled.
  I hope this answers your question.

• Can ARD 3 now share a screen across 2 different subnets

  We have one central office. Clients access that office via a VPN. We can then share our screen with them as we work on a proof of a project.
  It's a great solution, however, we can't with ARD 2.2 get it to work with two clients at once over the VPN.
  An old Kbase article said that it wasn't possible to route screen sharing to two different subnets in the 2.2 version. But rather required all clients be on the same subnet.
  Does anyone know or have the ability to test to see if this is different is 3.0. I'm hopeful that it is, as I can no longer find the old Kbase article saying that it wasn't possible.
  Thanks,
  Greg

  Still no reply as to if this was resolved. I'm not so much worried about the move on the client side. As once we upgrade we have the luxury of upgrading everyone at once. I think that will be a smooth process.
  However, our motivation to upgrade is dependant on wether or not the ability to route traffice over multiple subents is fixed or not. So we'll wait and see. If anyone can easily test this. I'd love to know. Sounds like a few other people are hoping to hear something as well.
  Thanks in advance,
  Greg

• Joining domain - different subnet

  I currently have a 2012 server (AD) at our company's office (office1).
  I would like to setup a hardware vpn connection between our main office and a new department (office2). This requires different subnets for each router.
  Is it possible to join the domain from office2?
  What would be the required dns setttings?

  No, you do not need a DC in the remote office.  I thought you were asking if it were possible to create a domain on a different subnet in a remote office, since you said you had another department there.  Departments often have other servers,
  and then there would be a benefit for a DC there.  But if there are no servers there, no need for a DC.  If it required a domain in every remote office, it would be next to impossible to have any remote users as every remote user would need
  to run a domain controller - which obviously is not a requirement.
  The simplest way is VPN with two routers.
  Or, Windows Server comes with a capability call Direct Access which would allow people to have access to the corporate information over the internet - no need for a VPN.  It even allows users with mobile laptops to have access to corporate from wherever
  they have access to the internet - nothing special is required on their machines other than Windows 7 or later.
  .:|:.:|:. tim

• Tunnelling web traffic through ssh

  for tunnelling web traffic through ssh, it says here
  http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
  that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
  to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
  btw, is it possible to view streaming video like youtube.com while using a proxy? if so, then how would i go about it?

  jordi wrote:
  ssh -D 4444 (or any other port number) youruser@yourserver
  see the manual:
  -D [bind_address:] port
                Specifies a local ''dynamic'' application-level port forwarding.  This works by
                allocating  a  socket  to listen to port on the local side, optionally bound to
                the specified bind_address.  Whenever a connection is made to  this  port,  the
                connection  is  forwarded over the secure channel, and the application protocol
                is then used to determine where to connect to from the  remote  machine.   Cur‐
                rently  the  SOCKS4  and  SOCKS5 protocols are supported, and ssh will act as a
                SOCKS server.  Only root can forward privileged ports.  Dynamic  port  forward‐
                ings can also be specified in the configuration file.
  streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...
  I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.
  1) I already know the ssh part, im talking about the configuration in firefox, sorry if i didn't make this clear.
  for tunnelling web traffic through ssh, it says here
  http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
  that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
  to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
  2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?
  ok it says here for vpn
  http://searchsecurity.techtarget.com/sDefi...213324,00.html#
  An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
  3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?
  4) btw, is ssh tunnelling an implementation of vpn?
  5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?
  Last edited by unregistered (2008-05-11 08:39:19)

• Attach ethernet port to SSH tunnel

  Anyone know if I can setup one ethernet port on a Mac Pro to provide DHCP/NAT and direct all traffic on that port to an SSH tunnel?
  What I want to be able to do is create an SSH tunnel to a proxy server and then have any device I plug into one of my ethernet ports go through that tunnel/proxy.
  I have the tunnel/proxy working by creating a network location with a SOCKS proxy server at 127.0.0.1 port 2001 and then doing ssh -D 2001, but not sure how/if I can connect it to the physical ethernet port plus provide DHCP/NAT as well.
  I have OSX Server 10.6.4 if that helps.

  Hin j.v.,
  It is possible to iChat Bonjour over a Virtual Private Network , yes.
  2:33 PM Thursday; May 4, 2006

• How do I fix colour picker to work across different colour-managed monitors?

  Hey everyone!
  I'm assuming this problem I'm having stems from having colour-calibrated monitors, but let me know if I'm wrong!
  To preface, this is the setup I have:
  Windows 7
  3 monitors as follows, all have individual colour profiles calibrated using the Spyder 3
  Cintiq 12WX
  Dell U2410
  Dell 2409WFP
  Photoshop CS6 - Proofed with Monitor RGB, and tested with colour-managed and non-colour-managed documents
  I usually do most of my work on the Cintiq 12WX, but pull the photoshop window to my main monitor to do large previews and some corrections. I noticed that the colour picker wouldn't pick colours consistently depending on the monitor the Photoshop window is on.
  Here are some video examples:
  This is how the colour picker works on my Dell U2410: http://screencast.com/t/lVevxk5Ihk
  This is how it works on my Cintiq 12WX: http://screencast.com/t/tdREx4Xyhw9
  Main Question
  I know the Cintiq's video capture makes the picture look more saturated than the Dell's, but it actually looks fine physically, which is okay. But notice how the Cintiq's colour picker doesn't pick a matching colour. It was actually happening the opposite way for a while (Dell was off, Cintiq was fine), but it magically swapped while I was trying to figure out what was going on. Anyone know what's going on, and how I might fix it?
  Thanks for *any* help!
  Semi-related Question regarding Colour Management
  Colour management has always been the elephant-in-the-room for me when I first tried to calibrate my monitors with a Spyder colourimeter years ago. My monitors looked great, but Photoshop's colours became unpredictable and I decided to abandon the idea of calibrating my monitors for years until recently. I decided to give it another chance and follow some tutorials and articles in an attempt to keep my colours consistent across Photoshop and web browsers, at least. I've been proofing against monitor colour  and exporting for web without an attached profile to keep pictures looking good on web browsers. However, pictures exported as such will look horrible when uploaded to Facebook. Uploading pictures with an attached colour profile makes it look good on Facebook. This has forced me to export 2 versions of a picture, one with an attached colour profile and one without, each time I want to share it across different platform. Is there no way to fix this issue?
  Pictures viewed in Windows Photo Viewer are also off-colour, but I think that's because it's not colour managed... but that's a lesser concern.

  I think I've figured out the colour management stuff in the secondary question, but the weird eyedropper issue is still happening. Could just be a quirk from working on things across multiple monitors, but I'm hoping someone might know if this is a bug/artifact.
  Going to lay out what I inferred from my experiments regarding colour management in case other noobs like me run into the same frustrations as I did. Feel free to correct me if I'm wrong - the following are all based on observation.
  General Explanation
  A major source of my problems stem from my erroneous assumption that all browsers will use sRGB when rendering images. Apparently, most popular browsers today are colour-managed, and will use an image's embedded colour profile if it exists, and the monitor's colour profile if it doesn't. This was all well and good before I calibrated my monitors, because the profile attached to them by default were either sRGB or a monitor default that's close to it. While you can never guarantee consistency on other people's monitors, you can catch most cases by embedding a colour profile - even if it is sRGB. This forces colour-managed browsers to use sRGB to render your image, while non-colour-managed browsers will simply default to sRGB. sRGB seems to be the profile used by Windows Photo Viewer too, so images saved in other wider gamut colour spaces will look relatively drab when viewed in WPV versus a colour-managed browser.
  Another key to figuring all this out was understanding how Profile Assignment and Conversion work, and the somewhat-related soft-proofing feature. Under Edit, you are given the option to either assign a colour profile to the image, or convert the image to another colour profile. Converting an image to a colour profile will replace the colour profile and perform colour compensations so that the image will look as physically close to the original as possible. Assigning a profile only replaces the colour profile but performs no compensations. The latter is simulated when soft-proofing (View > Proof Colors or ctrl/cmd-Y). I had followed bad advice and made the mistake of setting up my proofing to Monitor Color because this made images edited in Photoshop look identical when the same image is viewed in the browser, which was rendering my images with the Monitor's colour profile, which in turn stemmed from yet another bad advice I got against embedding profiles .  This should formally answer Lundberg's bewilderment over my mention of soft-proofing against Monitor Colour.
  Conclusion and Typical Workflow (aka TL;DR)
  To begin, these are the settings I use:
  Color Settings: I leave it default at North American General Purpose 2, but probably switch from sRGB to AdobeRGB or  ProPhoto RGB so I can play in a wider gamut.
  Proof Setup: I don't really care about this anymore because I do not soft-proof (ctrl/cmd-Y) in this new workflow.
  Let's assume that I have a bunch of photographs I want to post online. RAWs usually come down in the AdobeRGB colour space - a nice, wide gamut that I'll keep while editing. Once I've made my edits, I save the source PSD to prep for export for web.
  To export to web, I first Convert to the sRGB profile by going to Edit > Convert to Profile. I select sRGB as the destination space, and change the Intent to either Perceptual or Relative Colorimetric, depending on what looks best to me. This will convert the image to the sRGB colour space while trying to keep the colours as close to the original as possible, although some shift may occur to compensate for the narrower gamut. Next, go to Save for Web. The settings you'll use:
  Embed Color Profile CHECKED
  Convert to sRGB UNCHECKED (really doesn't matter since you're already in the sRGB colour space)
  and Preview set to Internet Standard RGB (this is of no consequence - but it will give a preview of what the image will look like in the sRGB space)
  That's it! While there might be a slight shift in colour when you converted from AdobeRGB to sRGB, everything from then on should stay consistent from Photoshop to the browser
  Edit: Of course, if you'd like people to view your photos in glorious wide gamut in their colour-managed browsers, you can skip the conversion to sRGB and keep them in AdobeRGB. When Saving for Web, simply remember to Embed the Color Profile, DO NOT convert to sRGB, and set Preview to "Use Document Profile" to see what the image would look like when drawn with the embedded color profile

• Ssh tunnel how to set up in SL?

  I have a server running SL with the firewall activated.  I want to tunnel in to it from outside my own network, while on the road.  I have used SSH Tunnel Manager to do so in the past (like for 4 years) but can not get it to work today.
  On my SL Server 10.6.8 I can not find anywhere to open ports, but I understand that if I activate File Sharing and Remote Management it will open port 22.  Correct? 
  On my router I opened port 3283 and 5900.  Correct?
  Where I get stuck is what to put in to SSH Tunnel Manager.  I can not find any clear novice instructions for it anywhere.  And I am confused as to what to put where.
  Can anybody help?  Thanks.

  Thanks Bob, it is raining cats and dogs so good time to check.
  I got it all up and running. 
  I am testing from a real slow connection (on purpose as this what I have often being on the road) and the screen update is (too) slow.  I tried all your methods and can not see any different in speed (read slowness).
  BobHarris wrote:
  The reason I do this is because Chicken allows me to use reduced colors (like 8-bit colors), and the Vine Server both honors my reduced color request and it actually plays nice with reduced colors (the Mac OS X Screen Sharing server does not alway play nice with anything less then 32-bit colors, which needs a lot more bandwidth).
  Where or how do you implement this?  I can not find it anywhere.  I am on 10.6.8 btw.
  And what is more my connection over Mac's Screen Sharing client, having Vine Server server turned on or not on the remote Mac makes also no difference.  I can get in either way and speed is the same.
  Here is the setting of my remote Mac just in case I should not turn both, the last two, on:
  Than there is an other problem.
  I suppose this is not a problem as I am tunnelling in over SSH, but would like to make sure.
  I also tried to follow the instructions on the alert screen, but no such settings are to be found on the remote computer.  Must be an out of date message text.  Or am I blind?
  Looking forward to your wisdom.
  Message was edited by: ChangeAgent. 
  Had an external link for the images as they refused to upload.  Sometimes, when this happens, you can upload images after you post.  That worked so removed links.

• Advanced Network Question - SSH tunneling through time capsule

  Hi!
  I have a small question. I just got a time capsule the other day and things are working great with it. At home, internet speeds are what they should be and everything is fine. I replaced it with a linksys, which I consistently got 6.5/1 up. After replacing it, I'm now getting 7.5 down/1mbps up, which is what I am subscribed to.
  I used to ssh into my linux box and tunnel web traffic over SSH so when I'm on the road, other's can't sniff my traffic. Basically, I setup firefox to use a socks server, then ssh into home with a dynamic port mapping.
  On the linksys (wrt54g), this worked great, and the speeds were acceptable (about 1mbps down/1mbps up). However, after switching the linksys with the time capsule, it seems like the speeds have slowed down tremendously. I'm now getting about 200k down and 1 mbps up when I ssh and tunnel web traffic through my home.
  I know that this isn't anything people normally do, but it works great and prevents people from spying on my web traffic when I'm away from home. I was just wondering if anybody has any ideas on why it might be slower now that I replaced it with the time capsule.
  Thanks!

  Hello H Salk. Welcome to the Apple Discussions!
  Enabling NAT on any Internet router, not just the AirPort & Time Capsule, will affect data transfer rates (in both directions) to devices connected either by wire or wireless to that router.

• Jconsole - remote connection thru ssh-tunnel

  Hi all,
  I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
  I have walked thru various posts and blogs, but finally couldn't get it running.
  On the linux-server, I have set the following JAVA_OPTS:
  export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
  On the client I run the following ssh-command to create the tunnel:
  ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
  debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
  debug1: channel 1: new [direct-tcpip]
  debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
  On the server I see the following using netstat:
  tcp        0    168 myserver:ssh    mywindowsbox:3381  VERBUNDEN  
  tcp        0      0 myserver:ssh    mywindowsbox:1317  VERBUNDEN  
  tcp        0      0 myserver:44625  myserver:8888   TIME_WAIT  
  tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
  Furthermore, it seems that the ssh-tunnel has been establised.
  Why the hell, jconsole still can't connect?

  Hiya.
  JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
  Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
  Cheers,
  Hugp