Text only | Text with Images

NetXMS Support Forum

English Support => General Support => Topic started by: raypetter on February 02, 2014, 07:07:55 PM

Title: mobile client outside private lan
Post by: raypetter on February 02, 2014, 07:07:55 PM
Hi

I'd rather not put the netxms server in DMZ for security reasons, but I would love to use the mobile client outside our private network.

Any input on how to achieve this would be greatly appreciated.
Title: Re: mobile client outside private lan
Post by: Marco Incalcaterra on February 04, 2014, 12:31:00 PM
Quote from: raypetter on February 02, 2014, 07:07:55 PM
Hi

I'd rather not put the netxms server in DMZ for security reasons, but I would love to use the mobile client outside our private network.

Any input on how to achieve this would be greatly appreciated.

The mobile client uses port TCP 4701 to connect to the server. To get access you should NAT that port from the public IP address to the server in your internal network.
To have it working properly "inside" and "outside", instead of putting the IP address (Connection|Server in the settings of the mobile console) you should use a FQDN resolved properly via DNS: from external network it has to resolve to the public IP and from internal network it has to resolve to the private IP. This is the way I use it. Hope it helps.

Best regards,
Marco
Title: Re: mobile client outside private lan
Post by: Marco Incalcaterra on February 04, 2014, 01:29:55 PM
Quote from: Marco Incalcaterra on February 04, 2014, 12:31:00 PM
To have it working properly "inside" and "outside", instead of putting the IP address (Connection|Server in the settings of the mobile console) you should use a FQDN resolved properly via DNS: from external network it has to resolve to the public IP and from internal network it has to resolve to the private IP.

This part should not be necessary if you don't have restriction in accessing your public IP address from inside you private net.

Best regards,
Marco
Title: Re: mobile client outside private lan
Post by: Victor Kirhenshtein on February 04, 2014, 02:46:11 PM
Hi!

If your company security policy prohibits traffic forwarding from outside directly to internal network, we have experimental client proxy, which can be placed in DMZ. You can try to build it from latest sources by giving --with-client-proxy  option to configure.

Best regards,
Victor
Title: Re: mobile client outside private lan
Post by: possamai on February 04, 2014, 05:28:15 PM
I'm using a VPN connection on my phone whenever I want to use the mobile app.
Title: Re: mobile client outside private lan
Post by: raypetter on February 10, 2014, 10:57:57 PM
Thanks for all the answers. I'll try out the experimental proxy first, and NAT as a last resort.
Title: Re: mobile client outside private lan
Post by: raypetter on February 11, 2014, 06:08:23 PM
A follow up for others who face the same problem. I used rinetd to bind port 4701 from dmz to the internal netxms server.

Works like a charm.

Thanks again.
Text only | Text with Images