Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DCOM across Firewall with NAT

824 views
Skip to first unread message

Tony Wun

unread,
Oct 15, 2001, 7:35:43 AM10/15/01
to
I am using DCOM client on Win98 to connect to a DCOM
server on Win NT 4.0 thru a firewall with NAT (network
address translation). My DCOM server has 3 network
adapters: 2 network cards with IP address A and B, and a
loopback adapter with the translated address C. The DCOM
client could reach the server previously but now it
cannot. Previously it was able to use the address C to
reach the server after failing with the address A.
Currently it only uses the address A and B and it never
succeeds. The adapter stack on the server's network from
top to bottom is: loopback adapter with address C, network
card with address A, then network card with address B.
Could anyone tell me how DCOM/RPC locate the DCOM server,
and why my DCOM client fails? Any solutions to my problem.
Thanks in advance.

Liju Thomas [MS]

unread,
Oct 15, 2001, 8:32:18 PM10/15/01
to
Hi,

See below article

http://support.microsoft.com/support/kb/articles/Q248/8/09.ASP


Thanks,
Liju

--------------------

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

©2001 Microsoft Corporation. All rights reserved.

Tony Wun

unread,
Oct 15, 2001, 10:05:12 PM10/15/01
to
DCOM can work across NAT Firewall because my DCOM client
was capable to connect the DCOM server previously. We made
it with Microsoft's assistance long before the last review
date of this article. My question is how DCOM client
connects to DCOM server with multiple IP addresses. If the
DCOM client can always connect to the DCOM server with the
IP address I designate, the problem will be resolved.

Rgds,

Tony Wun

>.
>

Santhosh Pillai (MS)

unread,
Oct 17, 2001, 1:09:43 PM10/17/01
to
Hi Tony,

Microsoft does not recommend using a loopback adapter in NT 4.0 to get DCOM
working. This is because the configuration issues vary from one firewall to
the other, and we cannot make generalizations and thus document a "HOWTO"
article to accurately set this up. (Besides this could be a config
nightmare in some specific firewalls.)

As you know, COM inserts the IP address of the server machine into the
payload that gets returned to the client. Instead of using the translated
IP/header for the packet that the client receives, RPC (i.e. DCOM) uses the
IP address in the payload. Since the firewall prevents the client from
directly accessing the server machine, the client is most likely to get "RPC
Server Unavailable" error message.

The internal DCOM Server's host machine needs to be setup with a loopback
adapter as you did. This adapter will need to have the same IP address as
the alias on the firewall. It looks like you have done this. Then why is
this not working now? Did you take away the loopback adapter?

I should point out that this solution is not recommended nor supported by
Microsoft. Microsoft's official word on this subject remains:
http://support.microsoft.com/support/kb/articles/Q248/8/09.asp

Hope this helps.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. ©2001 Microsoft Corporation. All rights
reserved.

"Tony Wun" <ton...@ozemail.com.au> wrote in message
news:73a301c155e6$fd855fa0$37ef2ecf@TKMSFTNGXA13...

Tony Wun

unread,
Oct 23, 2001, 4:39:49 AM10/23/01
to
That's very helpful. Thanks.

>..ASP

>.
>

0 new messages