Hello,
My Vault 2.0 server is on a Win2000 computer behind my LinkSys router; the router give the computer its IP address.
I have a Vault client on another computer, also behind the router. It can connect to the Vault server by name.
I have another computer with a Vault client, not behind the router. I try to connect to the server using the router's static IP. I get the message "Unable to connect to http://xx.xx.xx.xx/VaultService. No server found at the specified URL. Web exception: The underlying connection was closed: Unable to connect to the remote server."
If I try xx.xx.xx.xx:8080, I get the same message except the Web exception is "The request failed with HTTP status 401: Authorization Required".
While this probably isn't exactly a Vault-specific question -- configuring firewalls and servers --I'd appreciate any advice on how to get the connection working.
Thanks.
Firewall / router problems
Moderator: SourceGear
This reply assumes the router needs to do NAT (Network Address Translation, also known as IP Masquerading) for the subnet "behind" it (the network including your Vault server and the single client that can connect to it). If it's not doing NAT, or you've already configured it and think it should be working correctly, then this is not the solution you seek.
NAT
NAT is a method of allowing multiple computers on a private network to "masquerade" as a single IP on a different network (usually the Internet). The private network is usually given so-called "unroutable" IP numbers (in the blocks 10.*.*.*, 192.168.*.*, and so on). Your router will have two IPs, one on the external, Internet side (1.2.3.4), and one on the internal, private side (10.0.0.1). Your Vault server is 10.0.0.2. Your external client (the one that can't connect) is 4.3.2.1, which is a regular routable Internet address.
The problem is that when you try to connect to 10.0.0.2 while logged in to your external client, the routers on the Internet see any address starting with a "10." and throw the packets away (or refuse to route them). This is because those addresses are reserved for private networks such as yours, and shouldn't be routed by Internet backbone routers. The solution lies in a feature your router probably supports called "port forwarding".
You'll need to configure your router to forward a port on the external interface (port 80 on IP 1.2.3.4) to a machine on your private network (port 80 on 10.0.0.2). Now, from your external computer, connect to the external IP of your router (1.2.3.4), and it will automatically forward your requests to your private Vault server. Your router will appear to be a Vault server to the Internet, but it's really just giving all the packets to your real Vault server for the processing.
What's port 8080 doing?
Port 8080 on most cable/DSL routers (like those made by Linksys) is reserved for administrative configuration. You connect to this port with a web browser, give a username and password, and can set up the router. Since this port requires authorization, and Vault isn't expecting to be asked for it, Vault passes on the "Authorization required" message as an error.
NAT
NAT is a method of allowing multiple computers on a private network to "masquerade" as a single IP on a different network (usually the Internet). The private network is usually given so-called "unroutable" IP numbers (in the blocks 10.*.*.*, 192.168.*.*, and so on). Your router will have two IPs, one on the external, Internet side (1.2.3.4), and one on the internal, private side (10.0.0.1). Your Vault server is 10.0.0.2. Your external client (the one that can't connect) is 4.3.2.1, which is a regular routable Internet address.
The problem is that when you try to connect to 10.0.0.2 while logged in to your external client, the routers on the Internet see any address starting with a "10." and throw the packets away (or refuse to route them). This is because those addresses are reserved for private networks such as yours, and shouldn't be routed by Internet backbone routers. The solution lies in a feature your router probably supports called "port forwarding".
You'll need to configure your router to forward a port on the external interface (port 80 on IP 1.2.3.4) to a machine on your private network (port 80 on 10.0.0.2). Now, from your external computer, connect to the external IP of your router (1.2.3.4), and it will automatically forward your requests to your private Vault server. Your router will appear to be a Vault server to the Internet, but it's really just giving all the packets to your real Vault server for the processing.
What's port 8080 doing?
Port 8080 on most cable/DSL routers (like those made by Linksys) is reserved for administrative configuration. You connect to this port with a web browser, give a username and password, and can set up the router. Since this port requires authorization, and Vault isn't expecting to be asked for it, Vault passes on the "Authorization required" message as an error.
Shaw Terwilliger
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`
Vault is a .NET web service, which means it runs inside IIS and uses HTTP for all its communication. Vault really doesn't care which port IIS uses, it's just 80 by default. You may also want to enable forwarding for port 443 (HTTPS/SSL) if you configured IIS to support encryption.
Shaw Terwilliger
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`