Folks, I am really having a hard time trying to get this IM stuff to work for our remote users. Here is my config and maybe someone can see where it is I'm going wrong...
Server is installed on 10.0.0.30 (Internal Machine behind a firewall) All internal users can log-in and send messages without any problems. The Firewall/NAT Gateway is 12.32.70.210 (Public) and 10.0.0.1 (Internal) Something I notice on the client when trying to connect to the IM server that it tries to connect to it's internal address. Of course that won't work. So I set up a filter that allowed inbound TCP 5177 on a public address. The firewall is configured to forward those requests to the internal IM server. Now, I had to create a user xxx@external IP address on the internal IM server otherwise I was not able to authenticate. Okay so now the external user can connect and authenticate and I can see them internally on my client but they are showing as gray(offline). The external user can send me a IM without any problems but I can't IM them back or send a new IM to the user. If I try to reply to a IM sent from the outside I get this error... << Failed to forward message to [EMAIL PROTECTED] Failed to read protocol version. An existing connection was forcibly closed by the remote host.. >> If I try to send a new IM to the external user I get this error... << User [EMAIL PROTECTED] is not a valid user. >> What am I doing wrong? Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: [EMAIL PROTECTED] Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Mourfield Sent: Wednesday, February 05, 2003 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [IpswitchIM_Forum] Recap the port issue and NAT Flag IIM uses 2 ports. Clients connect to the Server on tcp 5177 (think of this as the control channel). Through this socket the client sends requests to the server and the server acknowledges those requests. Also, Servers talk with other Servers on port 5177. The Server sends asynchronous data to the Client on tcp 5178 (think of this as the data channel). Data such as status information and conversations travel over this socket. This is the default configuration of the Client (listening on 5178). Also, by default, the Client does not maintain a socket that is always open to the server. When the Client is sending data, it A) opens a connection to the server (who is listening on 5177) B) Sends its request C) waits for an acknowledgment from the server and D) closes the socket. With some network configurations Clients need to be configured to use persistent connections (i.e. maintaining an open socket to the server all the time). This is when the NAT flag should be set on the Client. In this configuration, the Server does not talk to the Client via port 5178. Instead it uses the persistent socket that was established when the Client logged on to the Server. Also, there is a Help Topic in the Server Help that further explains the NAT configuration issues. Hope this helps, Pete Mourfield Ipswitch, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Foulks Sent: Wednesday, February 05, 2003 1:52 PM To: [EMAIL PROTECTED] Subject: [IpswitchIM_Forum] Recap the port issue and NAT Flag Could someone recap the port issue and NAT flag? What ports must be opened on the firewall to allow for incoming and outgoing connections? The NAT flag- Do you enable it on a workstation that is outside the local lan? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: [EMAIL PROTECTED] Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Terry L Fritts Sent: Wednesday, February 05, 2003 1:43 PM To: Rick Leske Subject: Re: [IpswitchIM_Forum] Clients on private network Server on Internet network Hello Rick, Wednesday, February 5, 2003 you wrote: RL> Is there any truth to the dual ports? and if so do they just both use tcp RL> only? Look at your log files and you'll know soon enough if you have the issue. Here is an example from mine: ------------------------- 2/5/2003 9:07:25 AM ImServer Failed to push local presence to ... Error=Failed to connect to 192.168.0.162 on port 5178 ------------------------- I opened up 5178 outgoing from the IM server, 5177 incoming on my workstation, set the Nat flag and it started working. TCP only. You don't need the nat flag on a workstation that connects directly to the im server without natting but I guess that's obvious. Most of our clients have firewalls though and most nat so the nat setting is a problem on install. Terry Fritts Smart Business Solutions, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/IpswitchIM_Forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/IpswitchIM_Forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/IpswitchIM_Forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp
