Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: kumasan on December 27, 2004, 02:41:38 AM
-
Hello all, I hope you all had wonderful Christmas.
Anyway here my problem and I appreciate any input on it.
I recently upgrade my SME server from 5.5 to most current version 6 and certain program that was running fine on 5.5 stop working on version 6.
This program is a client for http://www.dhis.org
It is the client for free domain name service similar to that dyndns.org or yi.org but I prefer this one simply because I have been using this domain name long time and I would like to keep using it.
Getting back to the problem and what this client program exactly does
This client program or daemon attempts to send little UDP packet to its information server every 60 seconds or so in order to update my IP address and activate the service.
Ultimately I need to ensure SME server allow UDP packets to be sent and received on port 58800 (default port)
As I mentioned earlier it used to work on SME version 5.5 and stop working on version 6 so it is natural to suspect certain security improvement since version 5.5 that blocks outgoing or incoming packet to port 58800 on SME server itself.
Any suggestion on how I go solving this problem?
Cheers, I wish you all happy new year
-
60 seconds?? thats allot of traffic just for updating. and yes it does pass udp
-
>yes it does pass udp
I am afraid I don't think it will
I mean otherwise I shouldn't be having problem in first place
I am guessing I need to tweak
/etc/hosts.allow
&
/etc/rc.d/init.d/masq
hosts.allow is straight forward enough
but /etc/rc.d/init.d/masq I am not entirely sure how to make new entry
any suggestion?
am i on right path or ...?
-
Q: Can I use DHIS behind NAT ?
A: No and Yes. Keep in mind that if you do so, the NATing device public IP address will be advertised and not your local private IP address. If this is what you want then read further. Outgoing UDP messages (send from client to server) should pass (and be translated) the NAT device just fine and sent to the sever's incoming port (58800 default). Incoming messages however (present in r 4.x and 5.x) will not be returned to the machine running the DHIS client unless you configure a port redirect rule to map UDP incoming packets (to port 58800 by default) to your private IP address machine running the DHIS client. If running a release 3.x DHIS client no redirects are needed as the client does not require replies from the server. However when running dhis 4.x or 5.x if DHIS is being used across NAT and no redirects are configured the client will fail to authenticate as it never gets a reply from the server.
Q: Can I then use DHIS behind a firewall ?
A: Yes. Just ensure that you allow UDP packets to be sent and received on DHIS ports. Defaults are 58800 for both client and server.
Easiest solution:
Open the "server-manager" panel.
Click SECURITY Port forwarding
...and generate a UDP portforwarding rule for the gateway itself.
Regards
Reinhold
P.S.: If it doesn't work, use DYNDNS or report here for different approach ;-) [/quote]
-
Hi Reinhold thanks for your suggestion
However, I am afraid port forwarding in server manager was the first thing I tried
Well... needless to say that didn't show any improvement...
its strangest thing...
it used to work on version 5.5 of SME server but does not in later version
come to think about it, a long ago I have attempted to upgrade to 5.6 of SME server
and it was this particular problem that made me go back to using 5.5 until now
Anyway I was hoping there is some way around the problem hence I am using 6.0 now
I would very much like to keep this domain name so I am going to struggle little longer and see what happens
thank for your advice