[AG-TECH] Fwd: Access Grid

Robert Olson olson at mcs.anl.gov
Tue Oct 28 12:23:42 CST 2003


One difference between vic and rat is that rat binds the source port to be 
the same as the destination port, while vic uses a random (system-assigned) 
port as the source port. Perhaps this has an effect on what happens with 
the NAT bridging:

12:15:43.142386 lorax.mcs.anl.gov.1422 > 224.1.2.3.12000:  udp 449

--bob


At 11:41 AM 10/28/2003, John I Quebedeaux Jr wrote:
>I'll let better minds tackle the details but will throw in my 2 cents and 
>say that last Friday I found myself in a situation with our quick bridge 
>and a NAT'd address where the RAT worked fine but the VIC did not connect 
>for video coming back to the bridged machine (our portable AG node 
>nicknamed "Wilbur"). Thankfully, the network folks at the site understood 
>the dilemma and without any fuss went ahead and moved me outside their 
>firewall and let me borrow a static address so I could continue the setup 
>for 90 minute demo that evening.
>
>The network admin could tell me that the VIC connection wasn't getting 
>established back from the bridge through the NAT'd address so only 
>outgoing video was working. RAT didn't have a problem. The static address 
>took care of the issue, we were short on time to troubleshoot.
>
>So, the symptom was: everyone could see me and I was blind for about 30 
>minutes while we worked this out. I was on a NAT'd address behind a 
>firewall. They had setup ports 50012/50013 -RAT, 50014/50015 -VIC, 5001 
>DPPT for me to get through the firewall.
>
>-John Q.
>--
>John I. Quebedeaux, Jr.
>Computer Manager / Louisiana Biomedical Research Network
>LSU Biological Sciences / 131 Life Sciences
>e-mail: johnq at lsu.edu / web: http://lbrn.lsu.edu
>phone: 225-578-0062 / fax: 225-578-2597
>
>On Oct 28, 2003, at 10:17 AM, Sheryl Hurley wrote:
>
>>
>>  Hi everyone,
>>  I thought I'd send this to the AG Tech list, to see if anyone has
>>  any helpful suggestions for the Digital Pueblo people.  I am not
>>  sure what their problem is.
>>
>>  Thanks,
>>  Sheryl
>>
>>  Begin forwarded message:
>>
>>     From: Glenn A Huval <magius at unm.edu>
>>
>>
>>
>>
>>     Hello everyone,
>>
>>     As Hue already mentioned, we are going to be heading up to SFCC
>>     early on Wednesday (2:30 roughly).  Sheryl has volunteered to
>>     come with us to Santa Fe and work with CY (who will be over at
>>     HPC in Albuquerque).
>>
>>     So here's the setup, for those who don't know....  The
>>     QuickBridge is being ran at HPC.  Both Brad (at NHCC) and I (at
>>     SFCC) are connecting to the QuickBridge through ports 50372 and
>>     50374.  Brad gets Audio and Video from my site and anyone else
>>     connected to the bridge, and I get nothing (I do see myself,
>>     though I'm not sure of the significance of that).
>>
>>     Now we think we can solve this by forwarding ports 50372 and
>>     50374 (UDP and TCP) to some static IP address that we can
>>     access from the Media Lab with the laptop.  I know the people
>>     working on the firewall said they already opened the ports...
>>     but since all the IP addresses at SFCC are local only, there is
>>     no way to communicate through those ports from the outside, so
>>     by open that must mean for connections initiated from inside.
>>     I'm still unsure about the network setup there at SFCC though,
>>     I was told it's a firewall, but I get the impression it's
>>     actually a NAT router or some kind of NAT setup... if it is a
>>     NAT then we definitely have to forward the ports.  I know
>>     normal programs can get through a NAT no problem (most requests
>>     initiated from inside are let through), but I think the
>>     QuickBridge.
>>
>>     The one thing we aren't sure of is whether or not the
>>     QuickBridge is trying to send the video and audio back to the
>>     SFCC router/firewall, or back to the local IP
>>     (192.168.xxx.xxx).  If it's going to the router, then
>>     forwarding should work... if it isn't I think we are SOL.  This
>>     is what we should find out on Wednesday....
>>
>>     Maybe we can have those ports forwarded by Wednesday 2:30?  Or
>>     perhaps an explanation of the network if SFCC isn't running a
>>     NAT at all?
>>
>>     Glenn >=O
>>
>>     P.S. For those aware, if I got something wrong about the AG or
>>     the possible solution please e-mail something out.  Hate to be
>>     giving faulty info.
>>
>>
>>  -Sheryl Hurley
>>  -Multimedia Development Specialist
>>  -HPC at UNM
>>  -505.277.5460
>>
>>




More information about the ag-tech mailing list