I have worked a bit with the FPMI gateway and i have finally suceeded in exposing it to the internet. It works fine after setting it up according to an article about this subject (How To: Expose a FactoryPMI Gateway Behind a Private Network). But as soon as I activate another network connection on the PC the gateway becomes unreachable for the next client that tries to reach the server. I remember I have read something about this issue on the forum a few months ago. Now that I need it, I just can’t find it on the forum. Can you help me out on this problem.
To help in your troubleshooting efforts:
-The FactoryPMI gateway web page should come up on ANY IP address on ANY interface (unless you’ve restricted it in the config page). This should be a starting point.
-The client needs to know the IP to log in (where the issue comes up), which can only be specified as 1 address (pending feature request to accept a list). If it is accessible over the Internet, clients on same local network will need to run projects (over the internet). This often means opening an outbound firewall port (8080 by default) to the FPMI gateway.
Are you using a firewall/port forwarding? Please describe your setup.
Here are the details of my setyup:
The FPMI and firewall is set up exactly as specified in the article (How To: Expose a FactoryPMI Gateway Behind a Private Network). So yes i am using port forwarding (from a WAN address to a LAN address).
The thing i noticed now whíle writing this is that the LAN address is 172.20... Is this a non-routable address? could that by the problem?
Apart from the above i haven’t set up that the local client (on LAN) can access the projects.
Everything works fine until i start a modem connecttion on the PC. And as soon as i do this the next internet client connection that starts up cannot reach the PMI gateway.
Continuation of the above…
I have unchecked “Autodetect HTTP Address” and typed the WAN address.
I haved also unchecked “Autodetect Bind Interface” and typed the LAN address.
How important is it that the LAN address is a non-routable address. Is it necessary in all situations?
Thanks for the help
I read a bit about the non-routable address. I can see that an address 172.16-31.. is a non-routable address all right but of Class B and not C.
I have solved my modem interference problem. In advanced settings of the modem’s TCP/IP protocol i unchecked a “Use default gateway on remote network”. Now it works and internet clients can access the PMI gateway.
My next problem is that my local clients can’t access the PMI Gateway when they enter the WAN address in the browser.
The solution lies in setting an outbound firewall rule to allow TCP traffic from my LAN address to my WAN address over port 8080. Isn’t that true? Well I try to instruct our IT admin but i think it is not correctly implemented. He said he allowed outbound communication from the PC to the firewall through port 8080.
But still if i type the WAN address of the PMI gateway in the local client browser i don’t reach the gateway at all. I only reach it by typing the LAN address. If i do so, and open a project i get the “error in plugins” indicating the client isn’t binding correctly.
Do you have a description I can give to my IT admin. He was talking about putting the server in a DMZ. Is that necessary? Can’t it be managed by a setting in all common firewalls.
Thanks.
You might try adding an entry to the HOSTS.etc file located in C:\windows\system32\drivers\etc on your client. This will help resolve your issue of having to enter the IP address in the browser.
Ok, are you port forwarding public port 80 over to a LAN address on 8080? Or is it 8080 on the internet too?
In any case, here’s the deal. All clients will try to communicate with the gateway based on its HTTP address, which is configured in the gateway’s network settings page. If your internal LAN clients get port forwarded over to the gateway page, the clients should too. The server doesn’t need to be in a DMZ. I’m guessing your LAN clients aren’t getting port forwarded because they aren’t considered inbound traffic.