-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ok, here's a little trick that we found out works pretty well. Anybody
know a problem with it let the list know. We had a similar problem
with Speakeasy's VOIP service. They wouldn't work with us to modify
their terminal device. So we decided
We have a client that has a new HVAC system (Delta Controls). It uses a
controller that can only talk L2. The HVAC guys for the client asked me
to set up a portmap for port 47808.
I did this, but it appears that the MT portmap substitutes the original
(public) source address with the
Got a model number of the Delta Controls box?
-Mike
On Fri, May 6, 2011 at 1:41 PM, Bill Prince
part...@skylinebroadbandservice.com wrote:
We have a client that has a new HVAC system (Delta Controls). It uses a
controller that can only talk L2. The HVAC guys for the client asked me to
That is how portmap works. You map a port on device A to point to
device B. All communication to the outside appears to come from the
device doing the map.
Can you create a VPN between the controller side and the outside service
so it looks like it is on the same network?
On 5/6/2011
It sounds like the device (unwisely) puts its IP address in the data
stream. That's the only reason I can think of why it might need to be
mangled. A la FTP, SIP, etc. Usually such protocols require
application-layer gateways to fix up their traffic.
At least, that's my inference from their
Just talked to their tech in Canada.
For whatever reason, their device tries to figure out whether it's
talking to something on the LAN or whether it's talking to something on
the WAN. When the packet comes in from the gateway, instead of just
replying, it creates an unrelated UDP message
That makes sense. So what if the other end did the reverse? Portmap
with the application facing side having the same address as the the
controller. Then the traffic appears to come from the address that is
in the data.
On 5/6/2011 5:14 PM, Jacob Heider wrote:
It sounds like the device
Don't know. I talked to their local service guy, and walked him through
setting up the VPN. He dialed in, and it all worked. So case closed.
It's one of those cases where their software must be on the local net,
or they have a very narrow path they must walk from the outside.
Probably
8 matches
Mail list logo
