|
| | | Forum Newbie
Group: Forum Members
Last Login: 5/26/2008 10:22:11 AM
Posts: 3, Visits: 11 |
| Hi,
i want using my Whats Up Installation (V11) behind a Reverse Proxy. That means the whats Up Server is in the internal net and i want to access from external through a apache Webserver. The apache is located in amy dmz. So i configured apache with reverse proxy features.
The first tries are looking good and i could access to my installation and see my devices and reports etc.
But the graphics in "Home" did not open. These pictures did not come through the reverse proxy. Unfortunately apache didn't write any error messages.
Does anybody know how the pictures of "Home" are generated? Is anybody out there how has tried the same thing?
Tanks for helping
dadssad |
| |
| | | Time Traveler
Group: Forum Members
Last Login: 6/19/2009 11:41:53 AM
Posts: 534, Visits: 1,883 |
| Although I don't know exactly where, some webpages references directly the web server IP address, which is the internal IP in your case.
So of course it doesn't work, as the internal IP is not accessible.
Some people had similar issue when doing port natting. |
| |
| | | 
Time Traveler
Group: WhatsUp Gold Expert
Last Login: Today @ 10:09:57 AM
Posts: 1,593, Visits: 7,686 |
| | ??? MB-NS, I never had this kind of issue... Although I must say : a/ I'm not going through a reverse proxy, but I do port translation on my firewall, b/ I'm using IIS, not the builtin web server, could that be an issue ? I did have a small issue when setting up IIS. When generating graphs with the charting component, the user running IIS must have write permission to folder c:\program files\ipswitch\whatsup\htmlmconsole. Since i'm a bit on the paranoid side, IIS is running with the lowest possible privileges I could give; so I had to grant write permission to the internet guest account on that folder. Could it be that there is some similar issue happening? (Though in that case, the issue would happen imho even when accessing the website directly from the inside, without going through the reverse proxy)
Reading, writing and arithmetic - If you need to choose, please take option 1. |
| |
| | | Time Traveler
Group: Forum Members
Last Login: 6/19/2009 11:41:53 AM
Posts: 534, Visits: 1,883 |
| | |
| | |
Time Traveler
Group: WhatsUp Gold Expert
Last Login: Today @ 10:09:57 AM
Posts: 1,593, Visits: 7,686 |
| | Hrrm, actually my setup is that a first firewall translates port from 443 to 444, then a second one nats again from public IP to private IP and translates back port 444 to 443. So, as far as IIS is concerned, it does listen on 443 and sees no port translation. I guess that doing port translation can be an issue, especially if you have a reverse proxy in the path. Because if wug is not listening to the standard 443, then my guess is that the reverse proxy must be aware of it and include the port in its urls... ???
Reading, writing and arithmetic - If you need to choose, please take option 1. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 5/26/2008 10:22:11 AM
Posts: 3, Visits: 11 |
| Hi,
Thanks for your replies.
I tested the access from external through my firewall with NAT (not with my reverse proxy). It works without a problem.
So i see that the Website of Dashboard are direct links included.
script>
var oControl = new CJsDragItem('C00E212D-2E59-48C6-8D49-1DE70A452075');
oControl.m_sHelpUrl = "https://IP_from_URL:443/NmConsole/Help/1033/Devices_By_Type.htm";
oControl.m_nWorkspaceID = "10001";
JsSetControl('C00E212D-2E59-48C6-8D49-1DE70A452075',oControl);
These Links are dynamically generated depending how you access to the Whats Up Server. If you use the internal address, these Links include the internal IP. If you use the external IP or https these items are included.
That is the reason beause NAT is working and Reverse Proxy not. (the reverse Proxy is always addressing the internal IP - so the Links in Dashboard are not reachable from external.
Because i want to safe external IPs i am looking for another solution.
dadssad |
| |
| | | Time Traveler
Group: Forum Members
Last Login: 6/19/2009 11:41:53 AM
Posts: 534, Visits: 1,883 |
| If you can afford not passing through the proxy then you could modify the WUG Web server to listen on some random (and likely unused) high TCP port, then do a NAT based on these very port from one of the already used public addresses to the WUG server.
That is, if your firewall can NAT based on the TCP port. Not all of them can do it. |
| |
| | |
Time Traveler
Group: WhatsUp Gold Expert
Last Login: Today @ 10:09:57 AM
Posts: 1,593, Visits: 7,686 |
| | What about modifying the web page itself ? I would at least try to replace : oControl.m_sHelpUrl = https://IP_from_URL:443/NmConsole/Help/1033/Devices_By_Type.htm;
and instead of "IP from URL" (which is probably, as I guess, a placeholder that the script replaces ???), use the wug hostname. Then, make sure hostname resolves correctly -depending on your dns setup, you could even get it to resolve to different IPs depending where you are. I would give it a try...
Reading, writing and arithmetic - If you need to choose, please take option 1. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 5/26/2008 10:22:11 AM
Posts: 3, Visits: 11 |
| @sergio: Do you know what i have to change in config that a hostname is used instead of a IP in the Dashboard APS Skripts?
@MB-NS: if nothing other works, i would use NATing on a high port
dadssad |
| |
| | |
Time Traveler
Group: WhatsUp Gold Expert
Last Login: Today @ 10:09:57 AM
Posts: 1,593, Visits: 7,686 |
| | Errr... Actually, since you mentioned some code : var oControl = new CJsDragItem('C00E212D-2E59-48C6-8D49-1DE70A452075');
oControl.m_sHelpUrl = "https://IP_from_URL:443/NmConsole/Help/1033/Devices_By_Type.htm";
oControl.m_nWorkspaceID = "10001";
JsSetControl('C00E212D-2E59-48C6-8D49-1DE70A452075',oControl); I thought that YOU had found where the code was... I don't have any idea myself 
Reading, writing and arithmetic - If you need to choose, please take option 1. |
| |
|
|