| Author |
Message
|
| jeffc789 |
 Posted: Sun Nov 23, 2003 6:14 pm Post subject: Can Only Connect to Queue Manager from Inside Network |
 |
|
Newbie
Joined: 03 Nov 2003
Posts: 3
|
Hi All,
I'm setting up the Client on machine different than the server. I haved successfully tested the connection from within our network using amqsgetc and amqsputc. To do this I set the MQServer variable to point to the internal I.P. The problem is when I try to connect to the server from outside our network. To do this I change the MQServer variable to point to the external IP of the same machine -- using the same Queue name, Queue Manager name, and port. On amgsgetc I get
MQCONN ended with reason code 2059
The error log shows me this:
AMQ9202: Remote host '**.**.** (**.**.**.**) (1414)'
not available, retry later.
The attempt to allocate a conversation using TCP/IP to host
... was not successful.
(I replaced the real host values with *.)
Something is blocking me in the security settings I assume, but not sure where to start. Any ideas.
Thanks,
Jeff |
|
| Back to top |
|
 |
| mrlinux |
| Posted: Mon Nov 24, 2003 5:37 am Post subject: |
|
|
Grand Master
Joined: 14 Feb 2002
Posts: 1261
Location: Detroit,MI USA
|
Does your company have a firewall ???
_________________
Jeff
IBM Certified Developer MQSeries
IBM Certified Specialist MQSeries
IBM Certified Solutions Expert MQSeries |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Nov 24, 2003 1:52 pm Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| If so, look at the Internet Passthrough support pack as it was designed to help with firewall situations |
|
| Back to top |
|
|
| jeffc789 |
| Posted: Mon Nov 24, 2003 4:50 pm Post subject: |
|
|
Newbie
Joined: 03 Nov 2003
Posts: 3
|
We've got a firewall, but I can ping the server.
I'll check out the support pac too. Thanks for the feedback.
Jeff |
|
| Back to top |
|
|
| clindsey |
| Posted: Mon Nov 24, 2003 6:06 pm Post subject: |
|
|
Knight
Joined: 12 Jul 2002
Posts: 586
Location: Dallas, Tx
|
You may be able to ping it but the needed ports could be inhibited. You may be able to get your firewall admin to open up a couple of ports at each machine, e.g. the listerner port - 1414 and an outbound port, say 1965. If so, you can specify 1965 in the locaddr field of the sender channel to receive replies otherwise MQ picks the port.
If you can't get these ports opened the IPT supportpac is the way to go.
Charlie |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Nov 24, 2003 6:11 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
clindsey, even with MQIPT, won't you have to open up specific ports to allow MQIPT traffic in and out?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Nov 25, 2003 5:28 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| PeterPotkay wrote: |
| clindsey, even with MQIPT, won't you have to open up specific ports to allow MQIPT traffic in and out? |
Among other things, I believe IPT lets you route MQSeries over HTTP. So, as long as port 80  is open, you're good.
For values of good that include "exposing your MQSeries network to the Internet". 
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| clindsey |
| Posted: Tue Nov 25, 2003 5:33 am Post subject: |
|
|
Knight
Joined: 12 Jul 2002
Posts: 586
Location: Dallas, Tx
|
Peter, yes of course. Thanks for catching that. 
I guess you can't assume port 80 is necessarily open.
Charlie |
|
| Back to top |
|
|
| jeffc789 |
| Posted: Tue Nov 25, 2003 9:55 pm Post subject: |
|
|
Newbie
Joined: 03 Nov 2003
Posts: 3
|
Success! We opened up port 1414 on the server and everything works great.
Thanks all for the feedback.
Jeff |
|
| Back to top |
|
|
|
|
