[Openroad-users] OpenROAD runimage via Checkpoint VPN-1SecureClient

Tan Cheng Chye tancc at intraco.com
Wed Nov 8 12:03:43 EST 2006 

Hi Paul

Thanks for replying.

Yes, the installation ID on the client is II. However, it is something else
on the server, specifically IG.

As such, the corresponding TCP ports are 21064 (client) and 21048 (server).

I've downloaded and ran sysinternals tcpview as recommended. From the screen,
I can 
observe the following;

(1) Upon "ingstart", two TCP ports are established for iigcc.exe, i.e.

	localhost:21064
	localhost:2140

    I noticed that the second TCP port (2140) is not fixed, i.e. it is
    random and incremental in nature, meaning that if I do an "ingstop" and
    "ingstart" again, the port will changed to localhost:2141

(2) Upon OpenROAD Runimage (under normal LAN environment and not VPN
connection) 
    the following TCP port is established, i.e.
	
	servername.domainname:21048

Does it mean that all 3 TCP ports need to be opened on the firewall? I can
confirm
that ports 21064 and 21048 are already opened. As for 2140 which is not
fixed, does
it mean that I need to open a range of TCP ports on the firewall? 

The current rule on the firewall is something like this;

Source	Destination		VPN			Service
Action
------------------------------------------------------------------------

Any		<hostname>		RemoteAccess 	TCP 23 (telnet)
accept
								TCP 21064
accept
								TCP 21048
accept
  
Rgds
Cheng Chye

-----Original Message-----
From: openroad-users-bounces at peerlessit.com
[mailto:openroad-users-bounces at peerlessit.com]On Behalf Of Paul White
Sent: Tuesday, November 07, 2006 12:59 PM
To: International OpenROAD Users
Subject: Re: [Openroad-users] OpenROAD runimage via Checkpoint
VPN-1SecureClient


Hi Tan,
 
What installation ID are you running?  If it is II then the listening
port will be 21064. If not II then look at
%II_SYSTEM%\ingres\files\errlog.log to determin which port is in use.
 
Use something like sysinternals tcpview to see what ports iigcc.exe is
accessing. This can be used on both client and server.
 
Try nodeless connection directly to the IP address to bypass vnode and
DNS issues (assuming windows client) EG
sql @192.168.100.100,wintcp,II[ingres,ingrespass]::iidbdb
 
Check if telnet can connect to port 21064. Can be done from client to
server and server to client. EG
telnet 192.168.100.100  21064
if you get something like "Could not open a connection to host on port
21064" it is probably network config.
 
Check your client firewall software.

You will probably get a better response from the info-ingres group.
http://mailman.cariboulake.com/mailman/listinfo.py/info-ingres  

Regards
 
Paul

________________________________

	From: openroad-users-bounces at peerlessit.com
[mailto:openroad-users-bounces at peerlessit.com] On Behalf Of Tan Cheng
Chye
	Sent: Tuesday, 7 November 2006 2:39 PM
	To: International OpenROAD Users
	Subject: [Openroad-users] OpenROAD runimage via Checkpoint VPN-1
SecureClient
	
	
	Hi all
	 
	I'm trying to run an OpenROAD 4.1 application remotely from a
client machine thru Ingres Net 2.6 while connected back to the server on
the office LAN via a VPN connection using Checkpoint VPN-1 SecureClient.
The Ingres netutil connection fails with Ingres error
"E_GC2819_NTWK_CONNECTION_FAIL Unable to establish network connection".
Issuing an "isql hostname::databasename" also returns "E_UG000F Error
connecting to database"
	 
	However, I'm able to establish a telnet session to the server
successfully when connected remotely via VPN. 
	 
	I've done some research on this matter and have also reported it
to Ingres Technical support. 
	 
	The knowledge articles and recommended solution from Ingres
seems to point to the opening up of TCP ports on the Checkpoint firewall
pertaining to the E_GC2815_NTWK_OPEN line found in the errlog.log files
on both the client and server. I've done so but the problem is still not
resolved.
	 
	Does anyone have a similar set up and resolution? Any help will
be appreciated.
	 
	Thanks.    
	   

	Best Regards 
	Tan Cheng Chye
	Information Systems Division

	Intraco Ltd
	DDI : (65) 65866769
	Fax : (65) 63166254
	Email: tancc at intraco.com 




_______________________________________________
Openroad-users mailing list  Openroad-users at peerlessit.com

To unsubscribe please click on this link
mailto:openroad-users-unsubscribe at peerlessit.com&subject=unsubscribe

To subscribe please click on this link
mailto:openroad-users-subscribe at peerlessit.com&subject=subscribe

More information about the Openroad-users mailing list