Welcome Guest!
 Hardhats
 Previous Message All Messages Next Message 
RE: Tunneling CPRS  Tomlinson, Steven B
 Aug 24, 2004 16:34 PDT 

Thanks for clearing that up for me David.
So it's sounding like the way to go is VPN, has anyone here successfully
implemented OpenVPN (http://openvpn.sourceforge.net/) on Linux?



 -----Original Message-----
From: David Sommers [mailto:dsom-@dialogmedical.com]
Sent: Tuesday, August 24, 2004 10:04 AM
To: hard-@topica.com; hardhats-@lists.sourceforge.net
Subject: RE: [HARDHATS] Tunneling CPRS


Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Save up to 67% on Omaha Steaks + Get 6 FREE Burgers and a
FREE Cutlery Set + Cutting Board!
http://click.topica.com/caacvgpbz8SdcbboK3la/OmahaSteaks
-------------------------------------------------------------------

SPI (stateful packet inspection) is the act of verifying the
source and
target by not only the packet's header but also the contents. I'm
assuming that the RPC packet contents are not "standard" and closer to
what is considered proprietary.

This is what I did. I use both Smoothwall and IPCop (not on the same
subnet/route). IPCop has a cool feature (due to its use of
iptables and
not ipchains although smooth has also switched to iptables as
well) but
any popular firewall that's linux or not will work.
(Microsoft ISA and
Cisco PIX are also very very powerful)
You can forward all ports from one IP on the Internet to a single
internal IP address.

Firewalls don't understand RPC calls because you initiate a
call out to
9200 on the server but that random return connection is what screws up
the firewall. The key to that return is it's not a
"response" - it's a
new connection to the client that's unsolicited. And it's that return
connection that isn't a "response" but a "new connection".

That's how it'll work across firewalls without tunneling. But VPN by
far is more secure and powerful. If you don't have the means to do it
with linux, Win 2000 and Win 2003 VPN setup is just so simple
that it's
silly.

Hope that helps.

/David.

-----Original Message-----
From: Tomlinson, Steven B [mailto:steven.t-@med.va.gov]
Sent: Tuesday, August 24, 2004 3:44 PM
To: 'hard-@topica.com'
Subject: RE: [HARDHATS] Tunneling CPRS

Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Need cash fast? Get a $500 CASH ADVANCE overnight! Let
YourCashCentral get you the cash you need.
http://click.topica.com/caacxycbz8Sdca9CrrIa/MyOnlinePayday
-------------------------------------------------------------------

Although not an expert, here goes my take on your situation, if the
firewall
protecting the CPRS client is a Linux firewall using iptables then it
should
not be a problem.
I believe the firewall would need to use connection tracking (stateful
packet inspection). There's an excellent article on the subject at:
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html

Let us know how it goes!


 -----Original Message-----
From: wagn-@musc.edu [mailto:wagn-@musc.edu]
Sent: Tuesday, August 24, 2004 9:03 AM
To: hard-@topica.com
Subject: [HARDHATS] Tunneling CPRS


Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Stories from the Civil Rights Movement. Extraordinary stories,
ordinary people. Share your memories today!
http://click.topica.com/caacvglbz8SdcbboK3la/AARP
-------------------------------------------------------------------

I have come across an issue that I'm sure others have solved.
So, I'd
like to know what options have been used. This is a simple
firewall
 problem.

The OpenVista server resides on a subnet behind a firewall.
The CPRS
 client machine is on a different subnet behind a different
firewall. I
can open port 9200 on the OpenVista firewall to get CPRS to
connect to
OpenVista. However, the connection is never complete.

Talking to Lloyd Milligan, I have discovered that OpenVista makes a
callback connection to CPRS on a random port. So, the
problem must be
that the firewall around the CPRS client is blocking that callback
connection. I cannot open the firewall there since I don't
know what
 port(s) to open.

I asked a less distinct question before and I was told that I
could use
SSH tunneling or VPN. How can either work in this case where
the port
it is connecting to is unkown?

-Shaun

Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Sponsor a child today through Children International.
Give a desperately poor child hope for a brighter future.
For only $18 a month you can make a difference!
http://click.topica.com/caacvgobz8SdcbboK3lf/ChildrenInternational
-------------------------------------------------------------------

Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Buy Stocks and Index Funds for just $4 No Account or
Investment Minimums and No Inactivity Fees Automatically
invest weekly or monthly and build your future.
http://click.topica.com/caacvggbz8Sdca9CrrIf/Sharebuilder
-------------------------------------------------------------------

Your free subscription is supported by today's sponsor:
-------------------------------------------------------------------
Amazing Diet Patch
The fastest - Easiest way to lose weight! Try it now FREE!
http://click.topica.com/caacvgtbz8SdcbboK3lf/MyDietPatches
-------------------------------------------------------------------
	
 Previous Message All Messages Next Message 
  Check It Out!

  Topica Channels
 Best of Topica
 Art & Design
 Books, Movies & TV
 Developers
 Food & Drink
 Health & Fitness
 Internet
 Music
 News & Information
 Personal Finance
 Personal Technology
 Small Business
 Software
 Sports
 Travel & Leisure
 Women & Family

  Start Your Own List!
Email lists are great for debating issues or publishing your views.
Start a List Today!

© 2001 Topica Inc. TFMB
Concerned about privacy? Topica is TrustE certified.
See our Privacy Policy.