Any way to get the iBB-SCU through NAT?

Any way to get the iBB-SCU through NAT?

Postby fjwcash » October 26th, 2010, 3:24 pm

We have a nice shiny new iBootBar sitting here, upgraded to the latest 1.5 firmware, that is inaccessible from anywhere except the local LAN subnet, which is a royal pain considering it's 2010. Are there any plans to make this config tool work through NAT, through a routed network path?

If I configure my Windows station with a 10.0.0.1 IP, then I can connect to the iBB and configure it with a 10.0.0.2 IP. So far so good.

Then I move the iBB into another building behind a router that does NAT. I can access the web interface just fine via the public IP (ie 192.168.0.2). Telnet works as well.

Then I configure my WIndows station to be on the internal LAN, and try to access the iBB via the setup tool using the public IP (ie 192.168.0.2). And get a wonderfully non-helpful error message of "Asynchronous socket error 10061".

Is the only way to configure these things to use a Windows workstation, configured with an IP in the same subnet as the iBB, plugged into a switch on the same subnet as the iBB?

If so, that is *extremely* limiting in its usefulness, considering the whole point of the iBB is to eliminate the need to go to "remote site X" to configure things.
fjwcash
 
Posts: 5
Joined: October 26th, 2010, 3:18 pm

Re: Any way to get the iBB-SCU through NAT?

Postby DP_Sam » October 26th, 2010, 4:52 pm

I am sorry to hear you are having setup issues with your iBootBar.
Typically, setups are completed before deplyment and the local issue is not a problem.

However, all setup parameters can be accomplished with telnet without the installed application on port 23.
You can also set up port forwarding for port 13131 and the setup utiity will also work. (with 1 limitation)

The discover will not discover the iBootBar behind the router.
You can add the iBootBar to the list using the ipaddress of the public side of the router, and the username password.

I hope this helps.
Sam Savoye
Dataprobe Tech Support
SSavoye@Dataprobe.com
DP_Sam
 
Posts: 123
Joined: January 21st, 2010, 9:39 am
Location: Allendale, NJ

Re: Any way to get the iBB-SCU through NAT?

Postby fjwcash » October 26th, 2010, 5:05 pm

DP_Sam wrote:I am sorry to hear you are having setup issues with your iBootBar.
Typically, setups are completed before deplyment and the local issue is not a problem.


Until you want to change something. Like the label attached to a port, or the grouping of outlets. Especially if tech at SiteX connects a new server and plugs it into the ibootbar and now you want to configure things from the NOC at SiteA.

However, all setup parameters can be accomplished with telnet without the installed application on port 23.


Yet another cleartext protocol that we will not enable on the public Internet (same as only alloweing HTTP on the iBoot devices). If the connection is not encrypted, we won't use it.

You can also set up port forwarding for port 13131 and the setup utiity will also work. (with 1 limitation)

Doesn't work.

Even NAT'ing all IP traffic (not just port 23,80,443,13131) doesn't work. SCU 1.5 just gives "asynchronous socket error". I see packets going through the firewall, I can tcpdump on the internal and external interfaces and see traffic going back and forth. But SCU errors out for all connections not on the exact same subnet as the Windows IP.

Tried SCU 1.3. Tried SCU 1.5. Tried upgrading the firmware on the iBootBar to 1.5. Tried re-installing SCU using the version on the website instead of the CD.

Doesn't work.

If I route traffic from subnetX to subnet Y, it works (but is equally as insecure as cleartext protocols as it leaks private IP information). But if I NAT it, it fails.

Any idea what "Asynchronous socket error 10061" means?
fjwcash
 
Posts: 5
Joined: October 26th, 2010, 3:18 pm

Re: Any way to get the iBB-SCU through NAT?

Postby DP_Sam » October 26th, 2010, 5:37 pm

You can also set up port forwarding for port 13131 and the setup utiity will also work. (with 1 limitation)


I am not sure why at your site this doesn't work, but I have tested it personally, and it does.
I setup port 13131 to redirect to a local IP for the iBootBar. On my PC, I run the 1.5 SCU.
select Add iBootBar from the button on the bottom.
Enter in the public ip for the router
Enter the username ( admin by default )
Enter in the password ( admin by default )
Selct "Save User Name and Password
Select OK, and the unit will appear on the left side.

Right Click on the unit name and select download.
Click on the download button.
This will populate the utilty with the current parameters in the iBootBar.
Now change the parameters you need to and upload back to the unit.



Any idea what "Asynchronous socket error 10061" means?


Not specifically, but it implies the PC can not connect to the iBootBar.
Sam Savoye
Dataprobe Tech Support
SSavoye@Dataprobe.com
DP_Sam
 
Posts: 123
Joined: January 21st, 2010, 9:39 am
Location: Allendale, NJ

Re: Any way to get the iBB-SCU through NAT?

Postby fjwcash » October 26th, 2010, 6:45 pm

Weird. It works if the PC and iBB are on the same physical network, same IP subnet.

It works if I router the private IP for the PC through the firewall to the private IP of the iBB (no NAT).

As soon as I NAT the traffic for the iBB (no NAT for PC IP), then it fails.

Same setup I use for other servers behind this firewall (actually a copy/paste of the rules with just updating the public/private IPs).

I'll keep trying different settings on the firewall now that I know it works for someone.
fjwcash
 
Posts: 5
Joined: October 26th, 2010, 3:18 pm


Return to iBootBar

Who is online

Users browsing this forum: No registered users and 1 guest

cron