Maybe we have a semantics war here. At work my PC is on the internal 192.168.1.x network. So is the 400. The 400 is never directly accessible, except for return traffic when it initiates the connection. The NAT only works for things started inside the router (other security weaknesses ignored for now).

I think the PC must be in the middle for a couple reasons:

1. An applet is used to log in to the 400 - validation results could be sent to IBM's site from the applet, I suppose. I always use the internal address of the 400 - never give it the router's Internet address.

2. When using direct download, the progress is shown on the PC - suggests that bits are flying through the PC on the way to the 400. But maybe a connection is initiated by some iPTF server piece - otherwise reverse traffic would not be possible, right? I.e., the 400 would need to initiate the connection to the IBM server, in order for traffice to come back through the firewall we have.

On the matter of FTP images, you get an email that tells you where to get the prepared images. They are not automatically downloaded to the 400. I like the process very much - works very well for us but is sometimes kinda slow.



At 03:17 PM 6/9/2003 -0600, you wrote:

If your PC is acting as a router by forwarding traffic, then your 400 is
accessible from the internet.

In my case, it wasn't the PC but a dedicated firewall/router performing
NAT. I'd give iPTF the IP address of the router, and the router would
then do the address translation to the 400's internal IP.

Everything worked fine on the initial connection from iPTF to the 400,
but then came to a screeching halt because the 400 randomly assigns port
numbers for use by iPTF. Since they're randomly assigned, it was almost
certain that the 400 would pick a port number that was blocked by
default on the firewall. Of course, opening up all ports on the firewall
resolved the issue, but for obvious reasons, that wasn't practical.

In the end, the iPTF support person who was helping me determined that
there was no way of doing this through the firewall, and part of his
explanation revolved around this issue of the 400 needing to be
accessible from the internet.

John Taylor

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Justin C. Haase
> Sent: Monday, June 09, 2003 2:48 PM
> To: 'Midrange Systems Technical Discussion'
> Subject: RE: internet PTF service
> Not meaning to be picky or start a war here, but if your 400
> has an internal (reserved/non-routable - eg 10.x.x.x or
> 192.168.x.x) address, how does that get routed over the
> internet?  It doesn't.  It goes through your PC as an intermediary.
> No 400 I've ever used iPTF on has had access to the internet.
>  My PC did. The 400 did not.
> jch

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page