there is this program called CosMos that monitors and tracks, in real time, packages that couriers have sent out to other countries and destinations... the information is stored using tracking numbers, and these tracking numbers are stored in a central database in the Europe, where each agent logs into and uses access rights to view the database and update any package information, such as arrival dates, who signed it in.. and all that...
there is a program called CosMos, that is VPN-based... this program uses a secure tunnel to launch a terminal emulation, text-based and colored, that can enable the various agents in the world to log into the central server and update information...
one of my clients needs to use this software, but they are running behind a Linux firewall, which pretty much offers router-grade transparent proxying for any application and port that they use, including chat, web, mail, ftp, SQL and more.. however, it cannot work 100% with the CosMos emulation...
what happens is, when they launch the secure VPN tunnel, the tunnel connects to the remote database and then uses a RADIUS server to offer authentication and access rights.. after this, the tunnel is supposed to locate and present a monitor, in this case, the actual CosMos terminal emulation screen.... their IT personnel said that they would require a dedicated, public IP address for this so they could get out, but that won't be feasible as their access medium doesn't allow them to have another IP address without having to lay more cable from the main port hub down to the machine that runs the CosMos program... besides, if the CosMos machine took their IP address, it would mean the rest of LAN has no Internet access, as the Linux server would now be redundant....
the only workable solution i provided was port forwarding, which has worked for me many a time with servers such as Domino Lotus Notes, Apache, Sendmail, FTP and more... however, in this case, these are the ports that need to be open for the CosMos to work...
TCP 50 and 51 ---> used for IP Security
TCP 256 ---------> used for tunnel creation
UDP 500 and 259 -> used for authentication
when i setup Linux's port forwarding for these ports, to the IP address of the internal machine that needs to use the CosMos program, it authenticates fine, but then does not create the monitor, or actual terminal... the error is, "no usable monitors could be found".. which basically means the database server could not connect to the internal machine, even after port forwarding.....
when we give this internal machine the public IP address from the Linux server, it works fine and launches the terminal fine.. very well actually.... one of the possible reasons we were given by the IT guy of my client was that the guys at the database in Europe gave them a key and ID that doesn't allow access behind the Linux server.. he further added that they had a similar problem at another bureau in another country, with Linux, and after getting another key from Europe, they could access through their Linux server....
but, i am wondering, do we really need to wait for that key, because it's all bureaucracy.. it will take ages to come... isn't there something i could be missing... something really small that i overlooked....
all help will be highly appreciated.. thanks..
AKNIT
there is a program called CosMos, that is VPN-based... this program uses a secure tunnel to launch a terminal emulation, text-based and colored, that can enable the various agents in the world to log into the central server and update information...
one of my clients needs to use this software, but they are running behind a Linux firewall, which pretty much offers router-grade transparent proxying for any application and port that they use, including chat, web, mail, ftp, SQL and more.. however, it cannot work 100% with the CosMos emulation...
what happens is, when they launch the secure VPN tunnel, the tunnel connects to the remote database and then uses a RADIUS server to offer authentication and access rights.. after this, the tunnel is supposed to locate and present a monitor, in this case, the actual CosMos terminal emulation screen.... their IT personnel said that they would require a dedicated, public IP address for this so they could get out, but that won't be feasible as their access medium doesn't allow them to have another IP address without having to lay more cable from the main port hub down to the machine that runs the CosMos program... besides, if the CosMos machine took their IP address, it would mean the rest of LAN has no Internet access, as the Linux server would now be redundant....
the only workable solution i provided was port forwarding, which has worked for me many a time with servers such as Domino Lotus Notes, Apache, Sendmail, FTP and more... however, in this case, these are the ports that need to be open for the CosMos to work...
TCP 50 and 51 ---> used for IP Security
TCP 256 ---------> used for tunnel creation
UDP 500 and 259 -> used for authentication
when i setup Linux's port forwarding for these ports, to the IP address of the internal machine that needs to use the CosMos program, it authenticates fine, but then does not create the monitor, or actual terminal... the error is, "no usable monitors could be found".. which basically means the database server could not connect to the internal machine, even after port forwarding.....
when we give this internal machine the public IP address from the Linux server, it works fine and launches the terminal fine.. very well actually.... one of the possible reasons we were given by the IT guy of my client was that the guys at the database in Europe gave them a key and ID that doesn't allow access behind the Linux server.. he further added that they had a similar problem at another bureau in another country, with Linux, and after getting another key from Europe, they could access through their Linux server....
but, i am wondering, do we really need to wait for that key, because it's all bureaucracy.. it will take ages to come... isn't there something i could be missing... something really small that i overlooked....
all help will be highly appreciated.. thanks..
AKNIT