• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Tuxedo and opening ports for inbound and outbound

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Tuxedo and opening ports for inbound and outbound Page: [1]
Login
Message << Older Topic   Newer Topic >>
Tuxedo and opening ports for inbound and outbound - 22.Feb.2011 10:17:24 AM   
pingcrosby

 

Posts: 17
Joined: 8.Apr.2005
Status: offline
Hi

I am trying to allow access to a BEA tuxedo instance via NAT and am having some issues.  As i am not a Tuxedo export (not a TMG expert for that matter) I am unsure where the issue may lie - in my TMG setup or Tuxedo config!

My simple network config is as follows

Tri homed ISA box with 3 NICs
10.168.20.201 (LAN/Internal)
192.168.20.201 (WAN/External)
10.10.11.201 (DMZ/Permiter) .. currently not configured but shown here for completeness

Tuxedo destination server Eth1
10.168.20.170 (LAN/internal)
255.255.255.0 MASK
10.168.20.201 Gateway


Testbox 168.185.66.179 hitting the NAT address 168.185.55.227:5795 which is (NAT'd out of my control) to 192.168.10.201:5795
 
I have added 2 new [User Defined] port definitions Tuxedo for inbound and Tuxedo Server for outbound connections.
Name=Tuxedo
Parameters->Connections->PortRange 5795-5815 TCP Outbound
Parameters->Connections->PortRange 6815-5835 TCP Outbound
and
Name=Tuxedo Server
Parameters->Connections->PortRange 5795-5815 TCP Inbound
Parameters->Connections->PortRange 6815-5835 TCP Inbound

I have added an [Access Rule]
Name=Tuxedo Outwards
Protocol=Tuxedo
From=Internal
To=External
Users=All Users

I have added a [Server Publishing Rule]
Name=Tuxedo Inbound
Traffic=Tuxedo Server
From=Anywhere
To=10.168.20.170, "Requests Appear To Come From Original Client"=[true]
Networks=External


The logs show the "Tuxedo Inbound" rule being hit but then immediatedly closed.
 
In the tuxedo configuration I have :: (the default port range of 20 new open ports should be used as its not set explicitly)
 
exec JSL -A -- -n //10.168.20.170:5795 -H //192.168.20.201:5795 -x10 -m1 -M19 -T120 -c512
exec JSL -A -- -n //10.168.20.170:6815 -H //192.168.20.201:6815 -x10 -m1 -M19 -T120 -c512


As per the article
http://forums.oracle.com/forums/thread.jspa?messageID=3481604&#3481604

Quoted Extract
quote:


Hi,
You need to add the -H switch to the WSL's command line. So if before your WSL command line looks like:
WSL SRVGRP=GWGRP SRVID=20 CLOPT="-A -- -n //192.168.42.1:6005"
and your system's IP address is 192.168.42.1 and you are behind a NAT firewall with an external address of 24.14.2.1 you would likely change your WSL command line in your UBB config file to:
WSL SRVGRP=GWGRP SRVID=20 CLOPT="-A -- -n //192.168.42.1:6005 -H //24.14.2.1:6005 -p 10000 -P 11000"
and then make sure ports 6005 and 10000 to 110000 on the NAT firewall are forwarded to your Tuxedo system. The -p and -P limit the ports the WSH handler processes will use.
Regards,
Todd Little
Oracle Tuxedo Chief Architect
 


Can anybody help me - have i made any glaringly obvious mistakes.

< Message edited by pingcrosby -- 22.Feb.2011 10:30:04 AM >
Post #: 1
RE: Tuxedo and opening ports for inbound and outbound - 22.Feb.2011 10:22:01 AM   
pingcrosby

 

Posts: 17
Joined: 8.Apr.2005
Status: offline
Sorry - the log file i originally posted messed up the message. Hopefully this log will render correctly on browsers (it looked ok in preview mode)

Rule                 Client IP Destination IP Source Port Destination Port    Protocol     Action     Result Code                     Source Network Destination Network  Server Name Log Record Type  NAT Address
Tuxedo Inbound 168.185.66.179  10.168.20.170        10298             5795  Tuxedo Server  Initiated Connection 0x0 SUCCESS                      External  Internal   FTMG   Firewall  192.168.20.201
Tuxedo Inbound 168.185.66.179  10.168.20.170       10299             5795  Tuxedo Server Initiated Connection 0x0 SUCCESS                      External     Internal         FTMG         Firewall  192.168.20.201
Tuxedo Inbound 168.185.66.179  10.168.20.170       10298             5795  Tuxedo Server Closed Connection     0x80074e20 FWX_E_GRACEFUL_SHUTDOWN External     Internal         FTMG         Firewall 1 92.168.20.201
  

< Message edited by pingcrosby -- 22.Feb.2011 10:43:08 AM >

(in reply to pingcrosby)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Tuxedo and opening ports for inbound and outbound Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts