DX Unified Infrastructure Management

  • Private Community

  • 1.  Web dashboards in NAT'ed environment

    Posted May 29, 2008 11:16 PM
    Hello everybody!

    Have anybody tried to make web dashboards to work behind NAT?
    Under our circumstances there would be extremely difficult to setup a nimbus hub within a DMZ, so it can have external IP address on it's ethernet card.All that can be done is forwarding of all necessary ports from external IP to internal one (ports 80, 48000, 48002, 48004), so the scheme is following:

    (main Nimbus hub) <=nimbus tunnel=>(web dashboards hub) <-Firewall with ports open-> external IP

    But in such case web dashboard viewer either tries to communicate directly with internal IP of the nimbus hub, or, if it is not available, throws an error complaining about incorrect password for user under which I am trying to log in (password is correct and double checked, obviously).
    Can anyone suggest what can be done in this situation?
    Thanks in advance.


  • 2.  Web dashboards in NAT'ed environment
    Best Answer

    Posted May 31, 2008 03:11 AM
    I cannot recall the exact details any longer, but I believe we ran into the same problem with our dashboard hub when we originally set it up.  I believe we had to put a public IP on the server.  Like you, this was not something we could do easily in our environment, so one of our engineers came up with a clever solution that worked.  We gave the server a private IP address, but instead of configuring NAT on the firewall, we added a loopback adapter (available as a built-in NIC driver in Windows) with the public IP address.  Then we configured the firewall with a static route pointing traffic destined for that public IP address to the private IP address of the dashboard hub.

    It is kind of a strange setup, but it worked like a charm.  The other thing we did was move our "first tunnel port" on the dashboard hub to TCP 50000, so we did not have to worry about probes and tunnels battling for the same TCP port range.  This way we could open up just a few ports, although I do not remember the exact list of ports opened.  (I could probably look that up if it would help.)

    As you work on this issue, please keep us posted on your progress, especially if you find a solution that works for you.

    Regards,
    Keit


  • 3.  Web dashboards in NAT'ed environment

    Posted Jul 01, 2008 02:35 AM
    We are having the exact same issue and setting up a new websever in a DMZ seems like overkill for our puropses.

    These must be a way to get this working on a NATed envioment so any information that could be harnessed from the comunity will be much appreciated.

    Thanks
    Jose


  • 4.  Web dashboards in NAT'ed environment

    Posted Jul 02, 2008 10:52 AM
    You should not need to put a server in a DMZ for web dashboards, but I think you need to setup a dedicated server that connects to your main hub using a NimBUS tunnel.  (Our dashboard hub is not in a DMZ; it is on the same network as the main hub.)  If you did not want to use a NimBUS tunnel, I think your servers would have use public IPs and have the NimBUS TCP ports open to the Internet.

    Regards,
    Keith