How To Connet Through TCPIP/Firewall With Mobilink

I'm very confused on the steps needed to make a connection through a firewall to a server running mobilink.

The mobilink and database are on a separate machine inside the network, behind the firewall. My network administrator said he opened up port 2439.

The app that I created with AppForge has the following set for the
sync parameters:
With Connection.SyncParms
     .Stream = ULStreamType.ulTCPIP
     .StreamParms = "host=12.34.567.89"     <== IP Address of firewall
     .Version = "construction"
     .PingOnly = True
End With

Then, on the database server behind the network firewall, I run mobilink with the following command:
dbmlsrv9 -c "dsn=odbcname" -x "tcpip(host=12.34.567.89)" -v+ -zu+

From what I read, setting the host to the IP Address is telling it where to listen for requests. However, when I run that I get the error:
"Error: Unable to initialize the 'tcpip' network layer. Unable to bind a socket to port 2439. The system-specific error code is 10048 (hex 00002740)."

What am I doing wrong?
davidsandersonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan FranekCommented:
I see, that nobody is responding, so I'll try:

I'm not sure, if I understand your layout. You have database server, mobilink server, firewall. AFAIK mobilink is used for synchronization between servers, so you probably have another server outside your network. Right ? Do you use "normal" IP addresses on your network (eg. are computers on your network visible from the rest of the world) ? Or do you use private (invisible) addresses ?

I don't know much about networks, but I think, that application can listen on TCP/IP port only on local addresses. Host parameter is used probably mainly in cases, when your server has several IP addresses. I'm not sure, if I understood it weel, but it seems to me, that you are trying to listen on IP address of firewall and your mobilink is not running on firewall. So, your error message means, that mobilink couldn't find specified IP address on any adapter on it's machine.

If you want your mobilink server to be accessible from computers behind firewall, it should either have "public" IP address and it should listen on this address, or there must be some kind of address translation (or tunneling) on your firewall. You should discuss this with your network admin.
0
davidsandersonAuthor Commented:
The host IP Address is the same address I use for virutual private networking and so it's a "public" IP Address. My network admin said he opened up a port on this IP, but when I run Mobilink (inside the network) it says it can't bind the port to the IP Address.
0
Jan FranekCommented:
What server you are trying to run Mobilink on ? What IP addresses has this server ? In your question, you wrote, that 12.34.567.89 is address of your firewall. Is firewall running on the same machine as Mobilink ?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

davidsandersonAuthor Commented:
Mobilink runs on the database server, which is inside the network. I'm using the IP Address of the firewall. The firewall is some separate hardware device.
0
Jan FranekCommented:
AFAIK you cannot use IP address of firewall. You have to use IP address of the server that mobilink runs on. Did you try it ?
0
ChrisKingCommented:
there are 2 ways you can do this (although this is really a network security question, not a sybase one)

#1. route all traffic on port 2439 to the the actual servers IP
#2. allow traffic for the actual servers IP on port 2439 to be routed trough your firewall

If you are using a private IP range on the server, you will need your firewall to support NAT (network address translation) which most firewall will.

eiter of these methods effectively put this port in the DMZ and makes it vuneranle to attacks. However #2 is safer, you are not vunerable to port scans and someone must know that the servers IP has to be routed through the lfirewall in order to access it (which can also be a pain).
0
davidsandersonAuthor Commented:
Well, my network admin said that all traffic on port 2439 is routed to the server where the Mobilink is running but it still doesn't work. However, if I connect VPN to the network, I can communicate with Moblink through the server's ocal IP Address. So that would tell me that I'm doing something right. It just sounds like there's some firewall network setting that needs to be done... but I have no idea what.

Jan, how can I use the IP Address of the server Moblink is running on if it doesn't have a public IP Address? That's why I'm trying to route through the firewall IP to get to the server.
0
Jan FranekCommented:
Well, as I said, mobilink (and other applications as well) cannot listen on IP address of firewall - it's just not possible - ask your network admin if you don't believe me.

If your Mobilink server has no public IP address, it cannot be reached from public internet. But it probably can be reached from VPN. So if it will listen on it's local IP address, it should work fine for client's connected via VPN.

If you want your mobilink to be accessible from public internet, you have 2 possibilities - 1. get a public IP for mobilink, 2. translate IP addresses on firewall. Both of this needs assistance of your network admin.

As ChrisKing wrote - this is probably more about network architecture and security, than about Sybase.
0
davidsandersonAuthor Commented:
Mobilink isn't listening on the IP Address of the firewall anymore. Before I thought you can tell Mobilink what IP Address to listen to, I understand that isn't possible.

So, I have Mobilink running on a machine (different from the firewall) that is listening on port 2439. When I connect VPN, I can sync up with it no problem using it's local IP.

However, I can't communicate through the IP Address of the firewall. My network admin said he has it forwarding incoming requests to port 2439 to the machine that is running mobilink. Maybe I should post this in Networking section? Jan, when you say "translate IP Addresses on firewall" what do you mean?
0
Jan FranekCommented:
Yes, you will probably get better help in Networking section.
 But I would start with your network admin. Make sure, that he understands your goal, show him error messages you get, when you try to get through firewall and may be, he will be able to solve it.
0
ChrisKingCommented:
yes, this question schould really be put to networking
0
davidsandersonAuthor Commented:
I posted it in Networking.
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21212112.html

Is it ok to provide a link to another question when doing that?
0
ChrisKingCommented:
davidsanderson
well I see you are not getting a response there (but MS Networking is NOT network security - lol)

try moving it to
http://www.experts-exchange.com/Security/Firewalls/
0
davidsandersonAuthor Commented:
Thank-you Chris, I didn't know that topic existed.
0
ahoffmannCommented:
ok, sounds like most things have been said:
  - your firewall has port 2439 open
  - your mobilink has a dynamic IP
 then you need to do following:
  1. your mobilink server needs to register itself in a dynamic DNS with a fixed name, like with dyndns.org, for example: my-mobilink.dyndns.org
  2. your client needs to use smething like "host=my-mobilink.dyndns.org" instead of an IP
  3. the firwall needs to allow traffic initiated from your client to an any IP on port 2439

Does this make sense for you?
0
davidsandersonAuthor Commented:
After talking to Mobilink tech support and my network admin, we are certain that it is some kind of firewall malfunction. The network admin said that opening ports and forwarding them is straight-forward and shouldn't be an issue.

We tried to open a telnet session to several different ports and the firewall log said "access denied" right away. We are having other issues with the firewall, for example it is rebooting itself several times a day. Watchguard (firewall) isn't taking the fault but maybe this port forwarding problem with give them more evidence that their firewall is defective. So my network admin is in communiction with Watchguard and hopefully we'll get a new firewall.

I'll post back here for any progress updates.

Thanks for everyone's help.
0
ahoffmannCommented:
> ..  firewall malfunction.
I'd say misconfiguration.

Since you're used to telnet, simply do following on the client:
   telnet IP-orFQDN-of-mobilink-server 2439

If you get access denied, then it's either the firewall or the mobilink server.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davidsandersonAuthor Commented:
ahoffmann, that's what I did and the firewall log said "access denied" right away. My network admin says we have a defective firewall.
0
ahoffmannCommented:
> defective
?? is that a typo?

If the firewall denies, then your admin need to fix that first, anything else is useless.
0
davidsandersonAuthor Commented:
Yes, defective. He says that opening and forwarding a port is a no-brainer and should work. The firewall also likes to reboot itself several times a day, another sign that it is defective.
0
ChrisKingCommented:
davidsanderson
want to close this then?
0
davidsandersonAuthor Commented:
I guess so.
0
davidsandersonAuthor Commented:
My Network Administrator made some firewall changes and it works now. Go figure. He didn't elaborate on what exactly he changed.
0
ChrisKingCommented:
just be thankful he fixed it  :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Sybase Database

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.