RMI game behind a router
Hey all,
I have developed a two player game in Java. I use RMI to run it as a client server game... The problem arises when I try to connect two computers behind different routers. I can manually configure both routers to forward data on port 1099 to each ip... But ip's can change and I can't configure everyones router... Is there a way in Java to accept incoming requests? Really, my question is, how do other online games get through, such as Battlefield 1942? Is there a way to allow access like that??? Or do they "piggy back" on another port? And which port.
Thanks
Dave
Unfortunately for a client-server application you are going to have to do a significant rewrite. Not only that the Server will have to be hosted on a Servlet Container web server application like Tomcat. This server machine needs to be accessible over TCP/IP communication.
Here is a tutorial on Servlets to get you started.
I made similar games on this concept and I warn you that it is not easy but extremely rewarding if you can pull it off.
A servlet just basically 'serves' data. It waits for a request from an application, whether that application be a Java app, an internet browser, whatever... and 'handles' the request, does some processing, and then returns a 'response'.
In the case of a java app, you can send actual Java objects as a request to the servlet, and have the servlet return Java objects as a response. The servlet would keep track of all information pertaining to a game session. Eg. (client app keeps sending requests to the server to see if it is his turn yet. If true then stop sending requests and begin your turn).
This is not to say that you need to scrap what you have right now... many games have an online aspect as well as a LAN based network for multiplayer games. Perhaps you can allow the user to select what kind of multiplayer game they wish to play?
I hope this helps and good luck.
Similar Messages
-
Hi I am new here...And Have a problem regarding to java RMI...
I have a uni assignment which asks us to write an online tic tac toe game using RMI..well assigment only request if it can be run on the same machine and I finished..
But now I am trying to config it to real life with internet instead of LAN.
Basically I have one static IP assigned by my ISP... and I have local IP addresses on my machines. The addresses will be translated by my router to the public one...
My server is running on port 8081 of my server computer with an local IP addresses... and I did port forwarding in my router to forward all the 8081 request to this server...
And the the client use the public IP to locate my server they can acctually connect to my server and get the stub or ref to it...But when they acctually trying to call a method on
the server side, I realised they actually using the local IP addresses of my server machine instead of the public one..so i think the stub acctually bind the machine IP and ask client to use this IP to communicate.
This obviously not going to work...And In the API it seems like I can not acctually do anything about IP address when create the Registry..
Any clue on this Thank you.......No, the stub consists of a single Java object which contains the IP address and port number of the host from which the remote object was exported. The client knows the initial lookup address for the Registry but it performs all subsequent communications via the information embedded in the stub.
@OP: you need to export your remote object on a fixed port, have the router forward that port, and set the system property java.rmi.server.hostname in the server JVM to the external IP address of the router. -
RMI Server behind Router: How to set the right IP?
Hi, I am having trouble with the Server of an RMI application, the set up is this:
1. The server is not always running on the same host: it may be a computer with a publicly visible and unique IP, or it may be under a computer behind a router.
2 . The user that runs the server may not know how to get his IP in the router environment.
3. The user that runs the server knows sh*t about rmiregistry or how to set a Property to the java interpreter (for example: -Djava.rmi.server.hostname=<host>).
4. The Server code is this:
* Represents the Server to the Domination app (including the chat plugin).
public class Server {
private static final int PORT_NUM = 1099;
private static final String CHAT = "chat";
private static final String DOMINATION_FACTORY = "Domination";
* Sets the Chat and Application Servers.
* @param args
* Never used.
public static void main(String[] args) {
try {
Registry registry = LocateRegistry.createRegistry(PORT_NUM);
Chat chatObject = new ChatImpl();
UnicastRemoteObject.unexportObject(chatObject, true);
UnicastRemoteObject.exportObject(chatObject, PORT_NUM);
registry.rebind(CHAT, chatObject);
System.out.println("Chat ready...");
Fabrica fabricaObject = new FabricaImpl();
UnicastRemoteObject.unexportObject(fabricaObject, true);
UnicastRemoteObject.exportObject(fabricaObject, PORT_NUM);
registry.rebind(DOMINATION_FACTORY, fabricaObject);
System.out.println("Domination Factory ready...");
System.out.println("All systems up and running");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}I wrote the code that way (and not using Naming.rebing("//" + host_name + "/Service", serviceObject)) so the server user won't need to run the rmiregistry (In fact, the Server is deployed via a jar file, so just a happy double-click to the jar will do the work)...
OK, then the problem is this: The client is always having "connection refused" Exceptions while the server is behind a router and not in the same network of the client.
The IP that is shown in the exception is always the inner IP of the host (or 10.x.x.x or 192.168.x.x or whatever it may be). So it seems that the registry is always choosing that IP and not the router's.
I need to know if there is a way to rewrite the Server code so the user just should do the same 'double-click' to run the server and not mess around "investigating" the outer IP. I read some of the RMI specs and it suggest to do IP Tunneling and some other techniques that I don't think may be appropiate to the nature of this "roaming server" application.Thanks, but that still doesn't do the work. As I stated in the post, not every user will know how to set java.rmi.server.hostname or even look for an outer IP... I was asking for an "automagical" way to code my server class so it could do some job to do the guessing.
Even though... I tried both ways at home with the help of a friend as the client, and it seemed to work. The client connected to the server but it was kicked out in less than 30 seconds. Being specific, every client, the ones inside and the ones outside my network. As if the only right way was to let the JVM set the IP (but again, in that way the server is invisible to the clients outside the network). -
Set up a proper live and local DNS behind a router
Hello dear friends,
I'm new to Snow Leopard Server and also i'm quite inexperienced in setting up DNS. We bought a Mac Pro for out small company along with Snow Leopard Server to become independent from our ISP, for some specific services like web hosting, mail and to bring up new services like Address book server, iCal server, FTP, Mobile access etc...
So for me to do that i have to set up our own DNS first. We already bought our domain name (crisconsult.ro) and since then the site has been hosted on our ISP and then aliased to Apple. We also have our own (fix) public IP 80.86.123.116.
Having installed SL Server and set-up, behind an Airport extreme router, the server was unable to pick up our name server which is ns.crisconsult.ro. Since the router is the first in the network, the server became second with a local IP 10.0.1.2. This is the same IP that the server automatically set up for DNS, BUT if i keep this ip on our name server (ns) i feel it's not good since:
host ns.crisconsult.ro returns
ns.crisconsult.ro has address 10.0.1.2
and host 80.86.123.116 returns
116.123.86.80.in-addr.arpa domain name pointer ns.crisconsult.ro.
As i understand there should be our public IP (80.86.123.116), BUT all the tutorials on the net regarding setting up DNS in Leopard Server point that at DNS one should put the machine's own local IP and have the machine look at itself as DNS in network settings.
So? Is there a local DNS and a public DNS to set up? What gives?
I could really appreciate some help in configuring DNS, along to some good and real examples of DNS servers configured behind a router.
Thanks,
AndreiAndrei,
I too, would love nothing more than to be able to use DNS on my 10.4, 10.5 & 10.6 servers. Unfortunately, the only way I have found to effectively wield a somewhat complete level of control over the bind DNS included with the server, is to abandon all usage of the Server Admin DNS control in favor of something like webmin. The good news is, webmin gives you a host of other features that I (sadly) don't expect to see within the Apple Server GUI any time soon.
Bad news, is that the 'best practice' way of setting up a stable, functional DNS on a Mac Server seems to be: clean install, webmin install, and never, ever use the apple DNS interface. Similar rule applies to web server.
I like to think the measure of a good admin is the ability to fix the problem(s) without having to reinstall completely. However, I can say from much experience and extensive googling, that what you are trying to do is a game of hopscotch in a minefield. You should be VERY familiar with the installation and setup process once you have your box configured the way you want it.
Hopefully one day Apple will decide to take the bull by the horns and address teh fact that DNS is an integral part of a sever set up these days and provide us users with some of that Apple think-outside-the-box-so-you-dont-have-to product that they have been so well known for. I can't say whether they're in too much of a hurry deploying video iPods or super-duper mice that the server product that you and I would love to see work efectively simply doesn't.
Sorry to get on a rant, I just want to save you some time that I lost figgerin' on this vexing enigma. I can use citations for my assertions if need be.
-Chance -
Cant ping behind cisco router (site2site vpn)
Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24 behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help pleaseThank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.x.x.x
Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407 -
RA VPN into ASA5505 behind C871 Router with one public IP address
Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.255.0.0 0.0.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: endHi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB -
Controlling multiple Macs remotely behind a router with ARD
Greetings! My problem is that I cannot access more that one computer in ARD. I have ARD installed on my Macbook and the computers I want to control are at my parents house. Remote management and login are enabled of course but the router needs to be configured to forward ports 3283 and 5900. But as far as I know these ports can be forwarded for one local ip only meaning that I have to somehow change the default 3283 and 5900 to some other ports in order to access them.
So the question is, how can I change the default ports for remote management on os x snow leopard? Other than that, does ARD offer any other way to access multiple computers behind a router?
Many many thanks!In regards VPN, take a look at VPN-X from Birdssoft which is an easy to install and low-cost solution perfect for this purpose (among others).
Basically speaking, after having installed and configured VPN-X on your Mac and ONE remote Mac and opened the ports in the firewall you establish a connection between your and the remote network and gain complete access to the remote network.
Alternatively, you can use Teamviewer for giving support. -
Hi,
I'm a new Network admin, and I have some configuration questions about my installation (see attachment).
I have 3 web servers behind a router.
Public interface: 3 public ip adresses
Private interface: router on a stick config ( 3 sub-interfaces, 3 different networks, 3 VLAN)
I would to know the best way to redirect http traffic to the right server.
My idea is to map a public address to a private address, via NAT, but I'm not sure for the configuration. I could also redirect via Policy-map and filter by url content.
So if you have some advise for this case, it would be really appreciated.
Thank you.
Chris.Hello Christophe,
As I understand you want 1st that ;
if somebody go to A.local.com from internet then he will redirect to 192.168.1.10 in your internal network.
That means, you need static mapping between your public @ip address and your local ip address.
for this example, your local interface is Fa0/0.1 and I dont your public interface because it is not mention in your diagram. I will suppose S0/0 for public interface.
that is the config for the Web Server1. You can do the same with the remaining servers:
interface fa0/0.1
ip nat inside
interface serial0/0
ip nat outside
ip nat inside source static 192.168.1.10 172.1.2.3
static mapping from local to public.
I suppose you have done the dns mapping in your network and the ISP have done the same in his network.
ip route 171.1.2.3 interface serial0/0
or
ip route 0.0.0.0 0.0.0.0 interface serial0/0.
After these step for each web server, you will get the mapping.
Now you can restrict access to this ip only to http or https protocol on your isp and after on your local network
like
ip access-list extended ACL_WebServer1
permit ip any 192.168.1.10 eq www
deny ip any 192.168.1.10
exit
interface fa0/0.1
ip acess-group ACL_WebServer1 in
no shut
exit
That is the first step.
Second step : you want to filter traffic by url, that means layer 5 to 7 filtering.
I am not sure that it is possible using cisco router with (ZBF + Regex).
Check the first step and let us know !
Please rate and mark as correct if it is the case.
Regards, -
Help needed - tunnel from behind ADSL router
I have a situation in which I require to set-up IPSec tunnel in between two 1841 routers. This is normally two minutes job, in this case however one of the routers sits on a private LAN behind ADSL router (at the moment there is no reasonable way to get around it).
Thus:
1841-1 <-> WAN <-> ADSL Router <-> 1841-2
1841-1
FE0/1 Private LAN 172.16.1.1
FE0/0 Public IP
|
WAN
|
ADSL Router
Public IP
NAT
Private LAN1 192.168.0.1
|
1841-2
FE0/0 LAN1 IP 192.168.0.1
FE0/1 LAN2 IP 172.16.0.1
172.16.1.0-172.16.0.0 require to communicate over the IPSec tunnel.
Could you please advice me on 1) what is the most practical way to set this up with out loosing sanity; and 2) Could you maybe point me to some documentation that deals with this specific scenario?
Thanks.'1841-2' does not have public IP (it "fakes" to have one).
IPsec tunnel is fully working now.
In the process though I have learned that it depends on what ADSL modem you are using to get this working.
Check out http://kb.juniper.net/KB4715 for example (this is the one I got working).
You can thus give your Cisco router a private IP behind ADSL router and then follow the steps from the knowledge base article above on ADSL modem (if you have same type available).
In addition then, on your Cisco router - you require to add loopback 0 interface and give it public IP of your ADSL router (yes - your adsl router WAN interface and loopback interface on your Cisco router have now the same public IP).
As the last step, on your Cisco router, change tunnel interface: source interface loopback 0 and destination your remote gateway.
I am going to try different modems, many models can actually do this, but the documentation is often unimpressive.
It is possible that there are better ways to do this, if so, please let me know.
If you wish to have more details about the set-up, let me know.
Thanks. -
Seeing Airtunes from Behind a Router
My setup is on a college network, so when my Airport Express is plugged into the switch on the wall, the people in my dorm can access my remote speakers if they are plugged into the switches on their walls. This is a good thing.
However, my roommate has a wireless router. When he's behind that router he can't see my remote speakers. I assumed this was a port problem, so I looked up what ports Airtunes uses and came up with with port 3689 and port 5353 UDP. I forwarded both 3689 and 5353. I'm not sure if port 3689 is in UDP, but I forwarded both ports in UDP on my roommate's router. However, he still does not see my remote speakers in iTunes.
Any suggestions? Am I not forwarding the right ports?UncleJemima, Welcome to the discussion area!
Sorry but Airtunes doesn't cross subnets. A router creates a subnet.
You might be able to make it work if your roommate disables the DHCP server in the router. -
PXE bbot and imaging behind a Router
Hi all,
I'm trying to use PXE and imagining behind a router.
So far I have configured the folowing:
DHCPserver 192.168.1.2
PXE/Imaging server 192.168.1.12
At the remote location I've configured the Cisco router as following:
interface Vlan10
description WAN Interface
ip address 10.0.0.2 255.255.255.0
interface Vlan11
description LAN Interface
ip address 192.168.80.1 255.255.255.0
ip helper-address 192.168.1.2
ip helper-address 192.168.1.12
ip forward-protocol udp bootpc
ip forward-protocol udp bootps
At the DHCP server I set the following options:
3 - Gateway > 192.168.80.1
6 - DNS > 192.168.1.5
78 - DA > 192.168.1.31
79 - SCOPE > SCOPE
An imaged workstation works fine, but when I try to use PXE it gives
the following error:
Client MAC <mac adres of ws>
ClientIP: 192.168.80.100 MASK: 255.255.255.0
DHCPIP: 192.168.1.2 ProxyIP: 192.168.1.12
GatewayIP: 192.168.80.1
PXE-E78: Could not locate boot server
PXE-M0F Exiting
Do I have to set DHCP options:
66 = Boot Server Host Name
67 = BootFile Name
If yes, what setting should I use?
Thanx,
Martin HaaksemaMartin Haaksema wrote:
> Hi all,
>
> I'm trying to use PXE and imagining behind a router.
> So far I have configured the folowing:
>
> DHCPserver 192.168.1.2
> PXE/Imaging server 192.168.1.12
>
> At the remote location I've configured the Cisco router as following:
> ----/----
> interface Vlan10
> description WAN Interface
> ip address 10.0.0.2 255.255.255.0
> !
> interface Vlan11
> description LAN Interface
> ip address 192.168.80.1 255.255.255.0
> ip helper-address 192.168.1.2
> ip helper-address 192.168.1.12
>
> ip forward-protocol udp bootpc
> ip forward-protocol udp bootps
> ----/----
>
> At the DHCP server I set the following options:
> 3 - Gateway > 192.168.80.1
> 6 - DNS > 192.168.1.5
> 78 - DA > 192.168.1.31
> 79 - SCOPE > SCOPE
>
> An imaged workstation works fine, but when I try to use PXE it gives
> the following error:
> ----/----
> Client MAC <mac adres of ws>
> ClientIP: 192.168.80.100 MASK: 255.255.255.0
> DHCPIP: 192.168.1.2 ProxyIP: 192.168.1.12
> GatewayIP: 192.168.80.1
>
>
> PXE-E78: Could not locate boot server
>
> PXE-M0F Exiting
> ----/----
>
> Do I have to set DHCP options:
> 66 = Boot Server Host Name
> 67 = BootFile Name
>
> If yes, what setting should I use?
>
>
> Thanx,
>
> Martin Haaksema
I fixed the problem, I enabled "Spanningtree portfast" on the connected
FE port.
Martin Haaksema -
Windows Sharing behind a router
I often want to send single files to my brother in another city, and I figured that Windows Sharing should let me do this.
However, when I turn on Windows Sharing, it says "Windows users can access your computer at \\192.168.0.103\Name" which is the IP Address behind my router...
How do I get around this?
MatthewSince you are only sending 'single files,' if the files are under 2mb, and you are both on DSL or cable, e-mail them.
-
RV180 behind DSL-ROUTER can't connect with QuickVPN
Hello,
I want to ask if is possible to configure the RV180 behind my DSL Router to connect using QuickVPN. First I tried to connect to the PPTP server and worked fine, but when I tried to connect using QickVPN, seems to connect but when the client says "verifying network" after a while appears the message "network not responding..."
In my DSL-Router forwared this ports: UDP: 500,4500,443,60443 - TCP: 443,60443 (i don't know if tcp ports are needed but I opened for testing) and allowed protocol ESP (comes with the rule to allow IPSEC-L2TP)
Thanks!Hello Siva,
From where I have to test reachabilty? From the computer where I have installed the QuickVPN client I can reach de WAN interface of the DSL-Router, which is doing NAT and forwarding the ports I said to the WAN interface of my RV180. The network betwwen DSL and RV180 is using private ips.
The schema is:
Internet ---- (public ip) dsl router (192.168.1.1) ---- (192.168.1.50)RV180(10.0.0.1) ----- my network 10.0.0.0/24
In the document you posted is explained:
"Your Cisco router must have a direct public IP address for QuickVPN to work, please check under the status tab and your internet connection type and make sure it has a public IP address and it is not behind another router. This issue is more common with DSL connections; if you are behind another router/modem you should request your ISP to turn it into bridge mode so our router can be the border router between your LAN and your ISP."
It's my configuration. I will look how to turn my DSL router into a bridge. Thanks. -
Client connection to a Server behind a router
Hello everyone,
I'm building a client / server application where the server will be my machine that is in residential gateway behind a router. the client will be out of the U.S. completely. On the client side the connection method (connectTo(InetAddress ip)) must know the server IP address in order to connect to it. I've tried configuring port-forwarding on my router to have it forward any connection under port 5555 to my local IP and passing my public IP on the client side to that connection method. Disappointingly, that didn't work. Here is my Code for the server:
import java.io.*;
import java.net.*;
* Server class, to accept concurrent client
* requests,through accepting socket connection
* and establishing a new thread to provide the
* desired service
* @author True
* @see source.ServiceProvider
public class Server {
* Creates a new instance of source.Server
public Server(){
try{
ServerSocket ss = new ServerSocket(5555);
while(true){
Socket sock = ss.accept();
ServiceProvider sp = new ServiceProvider(sock);
sp.start();
catch(IOException x ){
// handles exception here
* Main method creates a new instance of Server
* @param args String [] of parameters at the excusion time
public static void main(String args[]){
new Server();
}And here is my code for the client:
// irrelevant code here...
private void connectTo(InetAddress ip){
try{
Socket sock = new Socket(ip, 5555 );
// Building Streams
OutputStream os = sock.getOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(os);
InputStream is = sock.getInputStream();
ObjectInputStream ois = new ObjectInputStream(is);
// more irrelevant code here...
catch(IOException x){
// handle exception here
catch(ClassNotFoundException x){
// handle exception here
}Any ideas or comments are welcome and highly appreciated.true_lover wrote:
All configuration seem fine. port forwarding is straight forward on the router page. I checked all numbers & values and all seemed fine.Well obviously it's not. Otherwise you wouldn't be getting a connection refused.
The only other item worth checking is if your ISP is blocking the port. Which may well be happening.
The other poster was correct, once you have the exception figured out (aka what it is) and it's connection refused this is not actually a Java related problem any more and you should take that question to a general networking forum.
Edited by: cotton.m on 27-Nov-2008 7:46 PM -
QuickVPN - RV110W behind DSL Router
Hi all,
I have a Cisco RV110W behind an Actiontek V1000H DSL router supplied by my ISP.
I'd like to be able to make use of the Cisco QuickVPN client. According to my ISP placing the Actiontek into bridge mode cannot be done.
On the Actiontek I have forwarded the following ports to my RV110W's address:
60443/tcp
4500/udp
500/udp
On the RV110W I have ensured that remote management is enabled (on port 60443).
When attempting to connect with the client (using port 60443) - I get this far:
2012/01/30 11:16:21 [STATUS]OS Version: Windows 7
2012/01/30 11:16:21 [STATUS]Windows Firewall Domain Profile Settings: ON
2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
2012/01/30 11:16:21 [STATUS]One network interface detected with IP address 192.168.245.164
2012/01/30 11:16:21 [STATUS]Connecting...
2012/01/30 11:16:22 [DEBUG]Input VPN Server Address = xx.xx.xx.xx
2012/01/30 11:16:22 [STATUS]Connecting to remote gateway with IP address: xx.xx.xx.xx
2012/01/30 11:16:22 [WARNING]Server's certificate doesn't exist on your local computer.
2012/01/30 11:16:23 [WARNING]Remote gateway wasn't reached...
2012/01/30 11:16:23 [WARNING]Failed to connect.
2012/01/30 11:16:23 [WARNING]Failed to connect!
Any suggestions? Is this configuration even possible?
Thanks!Hi, Rudi & Craig
I just tested another diffrent way, which way as Craig's book did, I set
Master's IP is DSL Router inside IP which same as "PUBLIC" Network Card's
IP address (10.0.0.101) when setting the MASTER's configuration in
iManager, it still working fine. Then it will be the best way if the ISP
change my static Public IP.
BTW, Craig, when you have chance, can you memtion this on your web site or
in your book (when you have new version book), BM38SP5 got a bug, the
vpn.jar cannot set Non-BM VPN Slave (I used Linksys router for Slave
server), I called Novell support engineer, he said Novell knew this error,
I have to use the vpn.jar which in BM38SP4_IR5 to setup Non-BM VPN Salve.
But there is another problem, the vpn.jar which in BM38SP4_IR5 cannot set
MASTER VPN server. The only way to do the job is install BM38SP5, setup
MASTER VPN server, setup C2S VPN, then copy the vpn.jar which in
BM38SP4_IR5 in, to setup Non-BM VPN Salve. I hope you can understand my
poor Engish.
James
> Rudolf Thilo wrote:
> Hello James.
>> In Craig's book, there is a sample
>> for VPN Slave Server behind DSL router.
>> But I don't know I can setup Master VPN
>> server behind DSL router or not.
> It works, starting with BM3.8. IIRC Craig has an example
> in his book? You will need to specify the DSL router's
> (static!!) public IP address as the MASTER's public IP
> when setting um the MASTER's configuration.
> Regards, Rudi.
Maybe you are looking for
-
How to use AND in stead of OR at the Software Updates search criteria: Article ID.
When I try to filter out some KB's it is working for the first one (KB2124261), but when I want to filter out more than one it is not working as the 2. time you add the Article ID it is added as "OR" but should be "AND". I have tried to write more th
-
K8600 Printer Cartridge Failure: Printhead or Sensor??
I have an Officejet Pro K8600 that ejects the print cartridge, cartridge light flashes, when I print. The supply levels say 80-100%. This happens even with a new cartridge. The diagnostics say the printheads are "good." I cleaned the print heads thre
-
What is tuxedo9.1/bin/sql and how to restrict amount of memory it uses?
Hi, We have AIX 5.3 server running Oracle 10.2 database and Tuxedo, a few days ago the database crashed as there was no free memory (this was configmed by AIX log). According to our monitoring (Open View) memory was consumed by two 'sql' processes (w
-
Dear Expert, When I'm creating a new functional location or only editing/viewing an existing one and I'll shift from tab general to location I'm facing with message below: Planning plant XXXX is normally responsible according to plant table Message n
-
So I tried following the article mentioned below to move the _msdcs to be forest integrated. http://support.microsoft.com/kb/867464 The problem I get now is the event log is filled with 4010 errors every time dns is restarted for every child and pare