| Author |
Message
|
| aboggis |
 Posted: Wed Oct 03, 2007 10:45 am Post subject: |
 |
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
Well, unless I can get some help via pre-sales, since I am doing an evaluation here and neither I nor my employer currently have a Passport Advantage ID, I might be SOL...
I personally don't believe this is an MQ issue. I think it's the server machine or Windows XP, or like others have said, something on the network... although the only thing between the client machine and the server in most of this testing is a network switch - even testing with the loopback address gives the same results.
Using MQIPT doesn't work on port 80, but as soon as I configure that to use some other port, it works fine.
Last edited by aboggis on Wed Oct 03, 2007 11:54 am; edited 1 time in total |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Wed Oct 03, 2007 11:19 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| aboggis wrote: |
| Once again, using a difference listener port and it works fine. |
Again, that suggests to me that there's something in the network between the server and the client, that's thinking you're trying to send HTTP traffic because you're using port 80.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 03, 2007 1:41 pm Post subject: |
|
|
Guest
|
IP ports are the wild west. IBM registered port 1414 for MQ. The only difference between port 80 and 1414 is arithmetic.
Other than for fun, why do this? |
|
| Back to top |
|
|
| aboggis |
| Posted: Wed Oct 03, 2007 2:54 pm Post subject: |
|
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
Well, clearly this isn't fun - cos it's not working 
The reason is that the intended [client] application will be deployed to client PC's who will likely have a firewall running. We do not want to have a special condition for our software and so would like to "tunnel" out to our remote server listening on port 80, since this is usually allowed on most installations.
I have tried this now on several Windows XP machines, all with MQ 6.0.2.0 and the result is the same - Once again, I don't think it's MQ (but it might be!). |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 03, 2007 3:15 pm Post subject: |
|
|
Guest
|
You want to port-share? Yikes! (A technical term)
One of the hard-learned rules of application design is "Do it the right way." Opening a dedicated port for a new application is the usual way to implement a new application. We close ports that we don't want to use.
This is not magic, difficult or client-abuse. If your client has never opened a port (or refuses to), you have nearly zero easy solutions. |
|
| Back to top |
|
|
| aboggis |
| Posted: Wed Oct 03, 2007 3:19 pm Post subject: |
|
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
Strictly speaking, no I'm not port sharing. The target server would only have MQ listening on port 80. Not a web server.
I can also guarantee that the user has port 80 open, because they installed our software - which in order to successfully install/run sends/receives other data via http. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 03, 2007 8:04 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Have you checked your services file and removed the http entry from port 80?
I am thinking here that something (services, protocols, etc...) forces the traffic to port 80 to be http in protocol...
The easy way to do MQ over http tunneling is with a proxy on both sides and MQIP on each side. You can even force https or encryption...
We cut out the http proxy and do it over MQ protocol from MQIPT(encryption) to MQIPT(decryption).
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| aboggis |
| Posted: Wed Oct 10, 2007 12:27 pm Post subject: |
|
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
Well, tweaking the "services" file to remove http had no effect. Netstat still shows nothing (apart from runmqlsr) listening on port 80.
As I mentioned before, even running MQIPT on port 80 has no effect - it doesn't see any incoming client connections.
The server logs reveal nothing useful.
I get AMQ9213 (TCP/IP timeout 180 seconds), in the global AMQERR01.LOG and in the queue manger log I get: AMQ9208 & AMQ9492.
No FDC files are generated.
I am puzzled. And this ISN'T fun |
|
| Back to top |
|
|
| mvic |
| Posted: Wed Oct 10, 2007 12:34 pm Post subject: Re: Listening on port 80? |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| aboggis wrote: |
| Anyone else have experience on getting MQ to listen on port 80? I want to do this so that I can send messages from a system, that already has an "opening" in it's firewall for port 80. I don't want to have to open additional ports. |
A "clever" firewall might inspect the data in the traffic coming into port 80 and reject it if it's not valid HTTP. No idea at all if this is what's happening to you.
Sorry if I missed it, but can you get it working over 1414 ? (I appreciate this is not your desired end state, but if it works on 1414 but not 80 then you can focus effort appropriately).
Did you open a PMR? What did support say?
HTH |
|
| Back to top |
|
|
| aboggis |
| Posted: Wed Oct 10, 2007 12:42 pm Post subject: |
|
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
No firewall involved. I have explicitly stopped the windows firewall.
Yes I have it working fine on 1414.
PMR is not an option at the moment, 'cos good 'old IBM support won't let you open a PMR without a valid support contract and at the moment I am evaluating MQ. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 10, 2007 12:54 pm Post subject: |
|
|
Guest
|
| Quote: |
| No firewall involved. I have explicitly stopped the windows firewall. |
Are you doing all your testing on a single box? Or from a pc to a server with a qmgr? Is there a firewall/router/proxy between your pc and the server? This is where your port 80 traffic might be intercepted (and rejected)?
As previously stated here, if it works on port 1414, it should work on all 65k ports - unless filtered out by a firewall/router/proxy. |
|
| Back to top |
|
|
| aboggis |
| Posted: Wed Oct 10, 2007 1:33 pm Post subject: |
|
|
Centurion
Joined: 18 Dec 2001
Posts: 105
Location: Auburn, California
|
No network router *should* be involved...
As I stated in a previous response - I have tried both 127.0.0.1 (the physical loopback address - traffic for this IP address should ot be sent over "the wire") and 'localhost'. These [obviously] have beed tested locally.
I have tested from another machine to no avail.
I agree - since it DOES work on 1414 it SHOULD work on 80... but clearly it doesn't. Not for me. I have tried this on two XP-based machines with the same result.
Does anyone else have the time to check this scenario out? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 10, 2007 2:21 pm Post subject: |
|
|
Guest
|
| Have you tried giving your nic card a second ip address; then having the mq listener listen on secondipaddress(80)? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 10, 2007 3:02 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I suspect it is some windows precept that says that traffic on port 80 must be http and otherwise will reject it.
These ports are fairly common knowledge ports and one way to avoid hacking/cracking is to reject all traffic on a well known port that does not conform to the right protocol. So it could be the win OS. It could be your firewall, it could be your antivirus, antispam, anti keylogger etc..., etc...
If you do want to use port 80 set up an http proxy and use MQIPT!...
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
