Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Running Q2 over a firewall.

  • 17-11-1999 2:57pm
    #1
    Closed Accounts Posts: 107 ✭✭


    Can it be done? does it need to be on the machine which is also running the firewall?

    Is there anyway to access a server from outside a firewall when its NOT running on the firewall machine? If so, what ports need to be opened.

    Ta..
    Tom.


Comments

  • Closed Accounts Posts: 107 ✭✭DeV


    hup!


  • Closed Accounts Posts: 13 gibbson


    Yes you can run Q2 through a fw. Howerver its depending of the type of fw.
    If you use a statfull inspector (not proxy) firewall the need for configuration is none.
    If the admin has not configured some special conduits.

    If you have proxy firewall(then change smile.gif) you have to open ports for q2 but then its a open hole to your network. I dont remeber the ports but you can find them on www.wg.com protocol drawings. Else i come back later with it smile.gif

    (soz for my bad english, im a swedish lad smile.gif )


  • Closed Accounts Posts: 13 gibbson


    aaha, didnt read to good either smile.gif

    If you want to access a q2 server inside the network from outside(internet) its more to be done.

    Statfull inspection fws do use conduits to declare a traficpath. To be able to access a resource inside it has to be defind a conduit for it. The rules for the conduit can varies, however you should not let everybody in. It should be set with some limitations. Else its open smile.gif (Then i come and visit you! smile.gif )

    With Proxy firewalls you open up the ports that you need and put a static access list to it that specify the rules.

    I you need more information, grab me on ca, wars or irc smile.gif and ill try to help you out.


  • Closed Accounts Posts: 451 ✭✭creative


    the problem we have is that thew f/w admin say "yes ..certainly ..I'll open up port 27910 on a server outside the firewall". So that people outside the firewall can conect to that server as well as people within the firewall....however not letting people within the firewall full outside access.

    All good....NO...he cant get it to work. FEK


  • Closed Accounts Posts: 6,601 ✭✭✭Kali


    does q2 use tcp or udp?
    cos theres no such thing
    as a tcp/ip udp packet smile.gif


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,010 ✭✭✭Dr_Teeth


    hehe Kali. smile.gif It uses UDP, as do nearly all other network applications of this type, as TCP is far too slow.

    Teeth.


  • Registered Users, Registered Users 2 Posts: 2,207 ✭✭✭MindPhuck


    Kali! ngg.. there is matey tongue.gif . Also, tcp has ALOT of different types of protocols, IP is only one of them and probably the most commonly used.


  • Closed Accounts Posts: 6,601 ✭✭✭Kali


    tcp and udp are both completly different transport layer protocols..
    each has different headers and payload info..
    they both use ip in some shape of form tho


  • Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    There are? What is there besides IP && UDP?

    afaik they are the only 2 used in (berkeley) sockets, and that TCP is only used in socket comms. Whats the story?

    Al.


  • Registered Users, Registered Users 2 Posts: 2,207 ✭✭✭MindPhuck


    Maybe I mixed ya up a little kali.

    What i meant to say is Internet Protocals are made up from different types of transmission packets, eg. TCP over IP, or UDP over IP. ie.. TCP/IP and UDP/IP.

    The Common factor being IP. there is a sh1t Load of IP transports/packet types TCP and UDP are two types of them.

    So, Let me re-frase -
    < tcp/ip udp packet > should read <tcp/udp IP packet>

    If you need more info, here is an FAQ from one of the better NT firewall solutions out there -
    www.raptor.com/cs/FAQ/eagle6glossary.html

    TCP packets require an acknologement that they were received.

    With UDP it just fires out the Packets to their destination, it doesnt care if the destination receives them.


    Im sure we could go on about this all day.

    [This message has been edited by MindPhuck (edited 18-11-99).]


  • Advertisement
  • Closed Accounts Posts: 1,341 ✭✭✭Koopa


    i agree


  • Closed Accounts Posts: 13 gibbson


    MP got it right, finally smile.gif

    vorosha: kul att du gilla det! Tyvärr har jag aldrig varit på irland :/


    If I was F/W admin i would not permit a open udp port from outside to inside. But if you have some nice information about him/her its more likly you have the port opened smile.gif

    [This message has been edited by gibbson (edited 18-11-99).]


  • Closed Accounts Posts: 1,039 ✭✭✭Vorosha


    Goddag Gibbson,
    J'heter Daire och jag kommer fran Irlande. Jag kan prata liten Svenska. Jag gar till Sverige i 1998. Jag tycker mycket bra.

    UGH!


  • Registered Users, Registered Users 2 Posts: 2,207 ✭✭✭MindPhuck


    Tom,

    A few things. q2 uses tcp/ip udp packets. Get your admin to allow those packets both in and out of your network on port 27910.

    Failing that, it is most likely that your firewall has a logging system, which logs all denied traffic and reports the error/denial code. Take this denial code, check the manual for the firewall and see what it is interpreting those ip packets as. Then, enable those packets or disable the rules to the firewall for those packets on that port. It should work if your admin person is helpfull enuf.


Advertisement