Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

S

Steve_GL

8 Posts

72637

January 6th, 2005 21:00

Using DRAC 4 card behind a firewall/router - consol redirect fails

I am trying to set up our DRAC4 behind a firewall and everything works except the consol redirect window fails.  As far as I can tell the Consol Redirect Java window is mistakenly looking for the absolute physical IP address of the DRAC4 card instead of using the host header.  Obviously this fails because the DRAC4 is behind the router and its absolute physical IP (A local LAN IP - such as 192.168.1.100) is not a valid internet IP address.
 
Anyone encountered this problem? Any solutions?
 
 
Thanks

SaundersR

17 Posts

January 10th, 2005 13:00

Steve, let me see if I can help you out since you have helped me on the other thread.

Well, assuming that the DRAC works fine and there isnt any glitches in the software..

I would like to find out more about your problem, cause it is slightly confusing to me, the way you have described it. Is the console redirect java window looking for a physical address (i.e. MAC address) or a layer 3 address (Ip address)? If it is looking for an IP address, where on the network is the traffic going?

Is your network setup like this?:

AdmComp----->>>>Router/FW<<<------------->>>>Drac4-Server
(1.1.1.10)_____(1.1.1.1)(192.168.1.1)_______(192.168.1.100)

Does the Router/FW have routes to the correct networks? Does the AdmComputer have the correct GW set? Is the FW blocking any of the ports?

See if you can provide some more information and I will do what I can to help you out.

Saunders

Message Edited by SaundersR on 01-10-2005 11:48 AM

Steve_GL

8 Posts

January 10th, 2005 18:00

Hi Saunders,
 
The network topology in your email will not work:
 
AdminClientPC----->>>>Router/FW<<<------------->>>>Drac4-Server
(1.1.1.10)________(1.1.1.1)(192.168.1.1)________(192.168.1.100)
 
Because the console redirect java applet is looking for the absolute IP address (192.168.1.100) which of course cannot because it should be looking for (1.1.1.1)
 
However this works:
 
AdminClientPC------->>>>Router/FW1<<<---------->>>>Router/FW1<<<--------->>>>Drac4-Server
(192.168.1.200)___(192.168.1.10)(65.65.65.20)___(65.65.65.63)_(192.168.1.1)____(192.168.1.10)
 
I on purposely set this up so that the default gateway for the AdminClientPC  (192.168.1.10) is the exact same IP address as the physical IP of the Drac4-Server.  For some reason this works I am not entirely sure why because packets should just stop at the first router.
 
Any Ideas?
 
Steve
 

SaundersR

17 Posts

January 10th, 2005 22:00

Well, Steve, as far as I know, the admin server is looking for the correct IP address. If I remember correctly, your AdminClientPC sends packets to the address 192.168.1.10 but with the destination MAC address of your local gateway, which is 192.168.1.10.


Now, I am not sure how you have your network setup with subnet masks, but the description you gave me below will not work in the traditional sense, simply because your AdminClientPC assumes that the DRAC4 is in the same subnet and not in another subnet, causing the adminclientPC to route packets to the gateway, instead of broadcasting them onto the network. So, you should setup your network something like this:


AdminClientPC------->>>>Router/FW1<<<---------->>>>Router/FW1<<<--------->>>>Drac4-Server
(192.168.2.200)___(192.168.2.10)(65.65.65.20)___(65.65.65.63)_(192.168.1.1)____(192.168.1.10)


This way, the admin client PC assumes that anything with the 192.168.1.x subnet is outside it's local network, so it will route the packet to the Router/FW1, and the Router/FW1 will handle the rest of it.


Also, I dont know if you are doing any NAT on either of your Router/FW1s, but that can cause problems with the packets too.



Saunders




Message Edited by SaundersR on 01-10-2005 06:08 PM

Adam_EDS

2 Posts

January 11th, 2005 14:00

I have the same problem, my Server is behind a firewall and has a NAT'd address, I have all the required ports opened but when I initiate a console redirection the Java Applet tries to use the local address of the DRAC and not the NAT address.

ie, I connect the web browser to the 192.85.29.87 (the NAT address), the Java console tries to open on 10.1.8.33 (DRAC address).

Any way to force the Java console to use the NAT address ?

Steve_GL

8 Posts

January 11th, 2005 16:00

This just in from John Barrows ( OpenManage SpeciaList Dell Inc.) - he is telling me to open the following ports:
 
80
83
443
5900   -   This is the port Console redirect uses
5891
 
Ports 83 and 5891 I beleive are undocumented - I have all the other ports open.  Have not tried it yet but will post on this thread if it works.  Let me know if you have any success.
 
Steve
 

David.Brown

18 Posts

January 27th, 2005 19:00

> Have not tried it yet but will post on this thread if it works.
 
I guess it did not work?  I too would like to access a DRAC 4 from the other side of a NAT router/firewall...  Is there any way to force the Java console to use the NAT address?  Has anyone gotten this to work?
 
David

Steve_GL

8 Posts

January 27th, 2005 20:00

David,
 
No this did not work.  I spent literally hours working on this with a Dell Tech and it did not work.  The only solution is to set up a complex router configuration on the client side to spoof the same IP address for the default gateway as the physical address on the Drac Card.  I requested the Dell Teck John Barrows (who tried to be really helpful) to report this problem to the Drac card software developers - whether he did or not I don't know.  I also repeatedly requested that they tried to access it via a router in thier own lab - they never got around to it.  As far as I am aware no one at Dell has ever tried to use a Drac 4 accross a NAT/Firewall - go figure!  What is the point in a "remote access" card that only works across the same subnet - you would be physically in the same building and could deal with the server manually!!!  Our final solution was to not put the Drac Card behind a firewall for now.
 
After this we encontrered a further problem.  When accessing the card across the internet there is a problem with rebooting the server (windows>>>shutdown>>>restart).  During the shutdown the Drac 4 card restarts and then loses connection - it then takes several seconds to reestablish the link during which time the POST BIOS boot has all but gone by making it very difficult to get into the BIOS.  This problem did not appear on a LAN because the Drac reestablished the connection so quickly it was not noticable.
 
Hope this helps?  
 
DELL FIX THE BUGS AND TEST YOUR HARDWARE BEFORE UNLEASHING IT ON THE PUBLIC - THIS IS SIMPLY NOT ACCEPTABLE AT SERVER/ENTERPRISE LEVEL!
 
P.S. As of today the Firmware update does not fix any of the above problems
 
 

David.Brown

18 Posts

January 27th, 2005 20:00

It helps in the sense that I have some direction now.  I guess I should not be suprised anymore by these sort of things.  I have been using Dell for 7-8 years but recently the number of sales, support, and technical "issues" have grown dramatically.  I was beginning to wonder if it was just me, until I got into these support forums.
 
Thanks,
 
David

Michaeltsa

4 Posts

January 29th, 2005 01:00

I have got the same problem here in Hong Kong, using the 2800 servers. No one in Dell can resolve this issue. The funny thing they said this is suppose to only monitoring the server but not to install software. I try to install the OS onto these new servers by acrossing the router without FW. It still fails.

DimitriRodis

3 Posts

April 19th, 2005 04:00

Hi guys,

I have discovered a way to work around this problem for the time being. Basically, the problem boils down to bad programming on the DRAC (the java applet tries to use the internal address of the drac itself, as opposed to the HTTP host header when it tries to connect).

Here's how I work around the problem.

1. If your local PC is using a dynamic address, change it to a static address temporarily-- so, if you run ipconfig /all, and you have an assigned address from DHCP of 10.0.1.100, mask 255.255.255.0, gw 10.0.1.1, (for example, use the information relevant to your configuration) etc... write these numbers down, and change your PC to have a static address based on what DHCP previously assigned you. (You need to have a static address in order to add a secondary static address in step 2)

2. From the DRAC configuration, find out *exactly* what the DRAC IP is. Mine, for example is 192.168.0.2. Take this address, and give your local machine a *second ip* of this same address by going into the advanced properties of TCP/IP (use a 255.255.255.0 or smaller subnet mask). So now, your machine has 2 static addresses (based on this example): 10.0.1.100, and 192.168.0.2

3. Download TCP Redirector at http://hp.vector.co.jp/authors/VA005851/soft/tcp-redirector/index-eng.html

4. Decompress the file using WinRAR (or some other compatible file decompression utility) and run the execuatble inside. Tell it to redirect TCP port 5900 to whatever the *external* IP is for your DRAC (this is the public address of your NAT or router device that your drac is behind). Press "start" on the utility.

5. Log into the DRAC web interface and attempt to connect to the console. When you attempt to connect to the console, what will now happen is that the virtual KVM java applet from the DRAC will end up trying to connect to your *local* machine, and the TCP redirector will redirect the traffic to the DRAC.

If this helps, post a reply. If you need more help, you can grab our contact information from our website, http://www.integritasystems.com and give us a call, or send us an email and we'll explain a little further if the above is too vague or confusing.
 
Note that the above may not *always* work (such as when the private IP of the DRAC happens to correspond to the local ip of the router that your PC is using, in which case the above will temporarily wreck your network) so use caution, as this is only meant as a workaround in an emergency situation, not a permanent solution.
 
So, Mr. Dell, when are your firmware enginneers going to fix this? :) This can't possibly take more than 4 or 5 lines of code change----
 
Good luck out there guys--
 
Dimitri Rodis
Manager, Integrita Systems LLC

Adam_EDS

2 Posts

April 19th, 2005 08:00

Dimitri,

Good work, works a treat :smileyhappy:

Would still prefer Dell to update the JavaApp though, i mean, how hard can it be ...

NGow

4 Posts

May 16th, 2005 16:00

We have the same problem, accessing a DRAC4 console via an external IP nat'd on the internal IP, we have tried upgrading the DRAC firmware to 1.2 but same thing happens.

Access via https://internal.ip works fine via VPN and when physically attached.

But access via https://EXTERNAL.ip fails, when accessing the console. The Applet loads and displays the status message ''Connecting to INTERNAL.ip:5,900' this then chages to 'Connection refused at remote server exiting....' and the dialog appears displaying 'Unable to connect to vKVM, press OK to exit'.

It is as though the Java applet does not use the external IP to connect but insists on using the internal ip.

Has anybody got this to work or DELL to accept that it is a problem? A member of their NOS team is calling me back tomorrow to explain why it is my network that is at fault.

Michaeltsa

4 Posts

May 19th, 2005 00:00

I have ask DELL Hong Kong here for a very long time, no one here knows there is a problem and no one here can solve it; they don;t even has this kid of setup for their clients. Very very strange, why they design this kind of product? Or they just know how to OEM or copy others idea?

NGow

4 Posts

June 9th, 2005 15:00

Further to my previous POST Dell have a beta DRAC 4 firmware that resolves the console redirection issues we experienced when operating behind a NAT'd IP address.

We had to go to a Technical Account manager to get the beta, after being alerted to it by a response from as DELL engineer, all the usual channels provided no sensible response other than stupid questions as to why we would want and Internal and External IP address and referrals to the FAQ.

So far no adverse effects to running the beta, only one machine has shown any DRAC instability but it is too early to tell we are running this with DRAC4 on 2850, 2800 and 1850.

Steve_GL

8 Posts

June 9th, 2005 18:00

Thanks for the post - FINALLY!  How or from whom at Dell can we get this BETA version?

Steve

View More

View All

No Events found!

Top