Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nfuse address translation not working as described

Status
Not open for further replies.
jcneil1

jcneil1

IS-IT--Management
May 14, 2002
60
US
Ok here is my problem, I am using the nfuseadmin- GUI Nfuse config page- my settings are as follows:

[Server-side firewall settings:
Default address translation setting
Translated address]

[Specific address translation settings
192.168 = Normal]

[Translation map
192.168.1.4:1494 = (firewall external IP):1494]

Our network runs segmented 192.168 networks.

Here's the problem- when I add the "Specific address translation settings" I cant connect from outside the firewall. When I remove the "Specific address translation settings" I cant connect from inside. I've tried to substitute the altaddr command instead of "address translation" but it still doesn't seem to work. I'm stumped. Any ideas?
 
Sort by date Sort by votes
Let's say the internal adres on the nic of your server is 192.168.0.1
That way NFuse/WI will work after a default installation, if your clients are running 192.168.0.x
Of course when connecting over the internet, a user at home will not get much respons from 192.168.0.1

Ok, so here we go: i asume you've enabled port 1494 for citrix traffic, and port 80 for NFuse/WI traffic, running through your firewall's public ip to the citrix server. Whether residing on the DMZ, or the local LAN.
Now let's say, your public ip is 123.123.123.1

On the citrix server you need to run a command, to tell the server to respond with it's public adres, if needed.
In cmd run: altaddr /set 123.123.123.1
(reboot server for settings to take effect)

On the firewall, make sure the following rules are open:
(i am asuming the citrix/nfuse is in the DMZ)
allow port 1494 wan to DMZ inbound, and high ports (1023 - 5000) outbound
allow port 80 wan to DMZ in and outbound

On the NFuse server either configure the alternative adres use in the admin page, or make sure the below 2 sample lines are in the nfuse.conf (needs an iis reset if changed outside the admin page)

AlternateAddress=Mapped
ClientAddressMap=192.168.0.,Normal,*,Alternate

After these changes, the template will get filled with the alternate adres for internet users, and the internal adres for your lan users.

Free citrixprinting support
 
Upvote 0 Downvote
Handy tip if you don't want port 80 or all those ports above 1023 open (and why would you?) - use CSG, and only use secure port 443.

:)

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
0
Views
316
VicM
VicM
Hfnet
  • Locked
  • Question
Office 2010 KMS stoppped working on PVS Citrix
Replies
0
Views
82
Hfnet
Hfnet
jerrynewera
  • Locked
  • Question
Volume VOL2 not mounted 1
Replies
1
Views
100
JockMullin
JockMullin
Rock4J
  • Locked
  • Question
Could not find TREE on Windows XP Mode (in Windows 7)
Replies
3
Views
115
JockMullin
JockMullin
HuronIT
  • Locked
  • Question
Outlook 2003 stopped working on Windows 2003 Citrix XPS server.
Replies
0
Views
70
HuronIT
HuronIT

Part and Inventory Search

Sponsor

Back
Top