Ports

[John McKeon]

Hello fellow Qwaqers

I have built an OpenQwaq instance "in the wild" and am quite elated with it (and myself :).

I am trying to demo it to my company but they won't let port 1234 through their firewall (something about Ultors Trojan using that port). Has anyone ever run into this?

The client retries on ports 80 and 443 but does not connect. Is there something I need to configure on the server side to use these ports? (That port 80 could work has me befuddled as that is the standard http port. How does that work?)

Thanks in advance for any help

[Ron Teitelbaum]

Hi John,

 

There are a lot of ways to handle this.  At 3dicc we did a major rewrite of all of this for Terf so this is mostly from memory.  Have a look at ReWrite rules on OpenQwaq-http.conf in /etc/httpd/conf.d.

 

You can tell the server to forward other ports to 1234 internally.  You can also adjust OpenQwaq-iptables or manage forwarding with a hardware firewall. 

 

We did have some objections to 1234, but after our rewrite we use TLS for encryption, we stopped having questions about 443 since its standard purpose generally is for TLS traffic.  We did that work for the US Army but it allowed us to significantly increase performance and scale.

 

Things do get a bit more complicated when you add additional severs.  And even more complicated when you have multiple service providers.

 

All the best,

 

Ron Teitelbaum

Head Of Engineering

3d Immersive Collaboration Consulting

r...@3dicc.com

Follow Me On Twitter: @RonTeitelbaum

www.3dicc.com

https://www.google.com/+3dicc

--
You received this message because you are subscribed to the Google Groups "OpenQwaq Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openqwaq+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sebastian Heidbrink]

Hi John,

I just updated my server and do not have an openQwaq installation anymore, but according to my router I also forwarded port 9991 to the server.

You might want to make sure thatthe firewall allows that part, too.

Sebastian

[Ron Teitelbaum]

Hi Sebastian,

 

The 9991 port is an internal port for servers to talk to each other.  External connections only require the client get to the external port 1234, 443 or 80.  (although 999n ports need to be open and accessible to internal or local connections).

 

All the best,

 

Ron Teitelbaum

Head Of Engineering

3d Immersive Collaboration Consulting

r...@3dicc.com

Follow Me On Twitter: @RonTeitelbaum

www.3dicc.com

https://www.google.com/+3dicc

 

 

 

[Sebastian Heidbrink]

Hi Ron,

I you are right.
I think I had to do it due to the fact how my web server was setup... I ended up using domain urls instead of local ip based configurations.
I am sure it didn't work for me without forwarding the 9991 port... but at that time, I was happy to get it going at all!

I can definitely saz, once zou have it going,.... there is no need to restart, or maintain it ever again. I was relly impressed. Unfortunately I ran out of use cases and implementing additions or changes I had to stop since I ran out of such time.

Sebastian

[John McKeon]

For the sake of documentation and in case others run into the same problem:
I am using a VPS and it uses openvz for virtualization. openvz, i learned, does not have eth0 and eth1 defined (i noticed this the first time I started OpenQwaq-iptables) so the port forwarding does not work. openvz uses the names venet0:0 for the interface (ifconfig told me this) so I modified OpenQwaq-iptables replacing eth0/1 with the venet0:0/1 and it works.

I am learning something new every day :) On to the postfix mail server lol

Thanks for all your help

Happy trails
John