FORUMS: list search recent posts

CatDV Server NAT and Port Forwarding

COW Forums : Square Box CatDV

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
Scott Goddard
CatDV Server NAT and Port Forwarding
on Nov 25, 2013 at 5:35:25 pm

Trying to get CatDV to work through a large org firewall.

We have a static IP, visible to the outside world. This is NATed with ports 1099 and 8080 through the LAN to the media unit's internal network router. We are forwarding ports 1099 and 8080 on this router to the server machine (OS X 10.8) running 6.8.1.

Visually it's something like this:

STATIC IP
DMZ
FIREWALL
ORG LAN
MEDIA UNIT ROUTER
CATDV SERVER MACHINE

I have tried entering the static IP with the forwarded port 1099 in the wizard but I get 'Server Connection Failed' cannot connect to server. Server will start on localhost.

I appreciate there is a lot of networking here, which is most likely the issue, I am curious of other users experiences with port forwarding, NAT setups etc with CatDV Server.

Any advice here would be much appreciated.

Scott Goddard

Neo Verite Limited
http://neoverite.com


Return to posts index

John Vaudin
Re: CatDV Server NAT and Port Forwarding
on Nov 26, 2013 at 9:04:13 am

There is a known issue here if the Control Panel can't 'see' the IP address that the clients need to use to connect to the server. You can get it to work by configuring the server to use the public IP address, but the Control won't think the server is running, so will report that it can't connect to it. However, this doesn't actually stop the server working, and the client's should be able to connect to it just fine. The only issue is you will forever have a red light against the server in the Control Panel. Not ideal I appreciate, but it should work.


Return to posts index

John Vaudin
Re: CatDV Server NAT and Port Forwarding
on Nov 26, 2013 at 9:07:15 am

P.S. I will look at allowing you to enter two IP addresses in a future release...


Return to posts index


Scott Goddard
Re: CatDV Server NAT and Port Forwarding
on Nov 26, 2013 at 6:31:01 pm

Hi John,

Thanks for the clarification here, and yes I believe this is the issue.

In your reference to two IP addresses would this mean having a local IP and a Public IP?

I am finding it quite difficult to get both local and external connections through to the machine as I cannot test if this is because the server is not running or if it is a network issue.

Any further advice here is appreciated.

Scott Goddard

Neo Verite Limited
http://neoverite.com


Return to posts index

John Vaudin
Re: CatDV Server NAT and Port Forwarding
on Nov 27, 2013 at 9:13:27 am

Sadly, due to the Java RMI technology the server uses, the server needs to know the IP address that the clients will use to connect to it. That means there has to be one IP address that all clients can see. In your case you would need to arrange for clients inside the firewall to talk to CatDV Server via the publicly visible IP address, not to the internal IP address.

Depending on your requirements you might want to consider using the Web Client for users outside the firewall, and then have CatDV run on an internal IP address just for users behind the firewall.


Return to posts index

Scott Goddard
Re: CatDV Server NAT and Port Forwarding
on Nov 27, 2013 at 9:37:26 am

Yes, I suspected this was the case. Sadly we do need desktop clients over seas. I feel our best option is to locate it outside the DMZ for now.

Can you recommend further security implementations that we should add to the machine as it will be outside the DMZ? Running OSX 10.8.

If there are any weaknesses specific to CatDV or anything that you advise then it would be great to hear about them.

Many thanks.

Scott Goddard

Neo Verite Limited
http://neoverite.com


Return to posts index


John Vaudin
Re: CatDV Server NAT and Port Forwarding
on Nov 27, 2013 at 2:31:27 pm

If you are sure there is no way to route traffic from internal users via the public IP address then that probably is the only option. I would suggest putting the database server separately inside the firewall and then opening just the MySQL port for just the CatDV Server machine. The only port CatDV Server needs open is 1099 for the RMI and 80 if you are using the Web Client or web services. Of course, the web server aspect doesn't suffer the same problems as the Java RMI services, so you can host those in a separate Tomcat installation inside you firewall if that's relevant.

Other than that it's just a question of following usual best-practice. Turn off everything you don't need and close down every port that you aren't specifically using and make sure it's up to date.


Return to posts index

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
© 2017 CreativeCOW.net All Rights Reserved
[TOP]