| Author |
Message
|
| fjb_saper |
 Posted: Thu Nov 19, 2015 11:23 am Post subject: |
 |
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| ivanachukapawn wrote: |
fjb,
I checked for a Windows 7 firewall and discovered that that function had been taken over by Kapersky - so for this test, I disabled the Kapersky firewall.
I setup the DP for bridged networking and both Web GUI and Telnet remote admin. Web GUI on port 9090 and Telnet on 2300
Both Web GUI and Telnet attempts result in connection refused.
I sincerely hope that you do not run out of ideas about this problem. |
Well disabling Kapersky does not necessarily disable the windows firewall.
Check the windows firewall again (after disabling Kapersky).
It might just be easier to just punch the relevant holes into the windows firewall... 
_________________
MQ & Broker admin |
|
| Back to top |
|
 |
| ivanachukapawn |
| Posted: Thu Nov 19, 2015 11:47 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
| Absolutely correct. As soon as I disabled Kapersky, Windows 7 firewall took over. So I disabled both Kapersky and Windows 7 firewall and reran both tests. Connection refused on both. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 19, 2015 11:50 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| ivanachukapawn wrote: |
| Absolutely correct. As soon as I disabled Kapersky, Windows 7 firewall took over. So I disabled both Kapersky and Windows 7 firewall and reran both tests. Connection refused on both. |
Review the networking on your VM definition. Are you sure you are hitting the right Ip?
Say you are behind a router 192.168.x.x and your network setup gives your VM an external address... is that a 192.168.x.x address or a 10.10.x.x address?
Sometime the network only allows you on the internal 10.10 segment and forces you (win7) to act as router for the internal network.
If you are lucky both might be available... have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Thu Nov 19, 2015 12:19 pm Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
I'm never sure about the IP. I'm networking knowledge impaired. However I run the tests with host-only and bridged, and have tried different IPs for each on the tests. This is what I have to work with:
Wireless Lan Adapter - wireless network connection
Ethernet Adapter- Virtual Box
Ethernet Adapter - VMWare - VMnet1
Ethernet Adapter - VMWare - VMnet8
I have re-read VMWare documentation on bridged networking and host-only networking and am still unsure about the differences and advisability of using one or the other.
Jeff thinks that I should be using bridged - so I tested this. But I had been testing with host-only a month ago and was able to use the Web GUI.
I know there is a hefty fine for saying things like "it used to work and I haven't changed anything". But it is true that I could use the Web GUI a month ago with a VM from the same OVA.
When I had the VM which worked, I tried to login as admin one day and was refused access. So I assumed that I had used the wrong password and had forgotten it. So I got rid of the VM and created a new DP VM based on the same OVA. I set it up the same way and then ran into the connection refused error attempting to use the Web GUI. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Nov 19, 2015 12:52 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
... did the firewall change come in since you could access the gui?
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Thu Nov 19, 2015 12:55 pm Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
| When I was running the VM which allowed my Web GUI connection, Kapersky firewall was enabled. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 19, 2015 8:25 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| ivanachukapawn wrote: |
| When I was running the VM which allowed my Web GUI connection, Kapersky firewall was enabled. |
Both Kapersky and Windows firelwall are not equal and may augment each other.
Windows firewall has 3 different layers... that you can each turn off individually!!!...
Now as to the networks.
You should be able to look at the vm icon and hover on it and see the ip of the corresponding vm machine.
This is the ip you need to access.
This is the ip you need to have a hole in the firewall for.
Be careful because with upgrades to vmware that ip may change
- because of changes/upgrades to vmware / virtualbox the internal network may be on a different subnet
- because of dynamic dhcp allocation behind your router the ip may change depending on which vm booted first... or when the vm booted.
All your subnet is in competition for an ip... unless you reserve it and fix it by macId... and then who's to say you always get the same macId on your VM?
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 20, 2015 6:25 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Bridged means that the VM is using the same IP as your actual machine.
So if your machine is using 192.168.5.100, then the VM will also be using 192.168.5.100.
host-only means that the VM is using a different ip address, on one of the VM ethernet interfaces, and that address is only available from your machine, not from the external network.
In either case, you should be able to see the webui port in the netstat.
If you don't, then either the webui isn't running or the firewall won't let it open the port.
Your netstat didn't show anything else listening on that port, so that's not the problem.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Fri Nov 20, 2015 7:13 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
Jeff,
you wrote
| Quote: |
| In either case, you should be able to see the webui port in the netstat. |
So if I start the DP and have WebGUI enabled and up on port 9090 and have Telnet enabled and up on port 2300, I should be able to see both 9090 and 2300 in a netstat display.
I started the DP and then ran "netstat -n | find "9090" which displayed nothing. To check the netstat command, I ran "netstat -n | find "80" and got the expected display for port 80.
I ran the same netstats for port 2300 with identical results. No reference to either 9090 or 2300 in the netstat displays after starting DP.
If I understand you correctly, regardless of "bridged" or "host-only" selection, I should be able to see the ports in netstat displays. Since I don't, would I be correct in concluding that the running DP is not listening on port 9090 and 2300, or could it be that I may have a firewall issue?
In advance of your reply, I am preparing a test which will have these attributes: Kapersky disabled AND Windows 7 firewall configured with "holes" for ports 9090 and 2300. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 20, 2015 7:16 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| ivanachukapawn wrote: |
| In advance of your reply, I am preparing a test which will have these attributes: Kapersky disabled AND Windows 7 firewall configured with "holes" for ports 9090 and 2300. |
That's my best guess, and FJ's suggestion.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Fri Nov 20, 2015 7:39 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
Jeff and FJ,
I thank you for all the great help you have given me with this problem.
I'm out of rope now after:
Disabling Kapersky.
Punching a hole (allow) in Windows 7 firewall for 9090
Starting the DP (host-only networking)
Attempting WebGUI using VMnet1 and getting connection refused.
Attempting WebGUI using VMnet8 and getting connection refused.
Not finding 9090 in netstat displays.
Tentative but "firm" conclusion: DP enabled and up for WebGUI but it is not listening on 9090 port.
I am going to obtain a fresh download of the DP OVA from IBM and start over. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 20, 2015 9:39 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Starting from scratch sounds like the best plan.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Nov 21, 2015 8:33 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
Bridged means that the VM is using the same IP as your actual machine.
So if your machine is using 192.168.5.100, then the VM will also be using 192.168.5.100.
host-only means that the VM is using a different ip address, on one of the VM ethernet interfaces, and that address is only available from your machine, not from the external network. |
I don't know the exact definition, but from my days playing around with Virtual box, I saw different behaviors:
Outside address: either obtained via dhcp, or the same address as the host (bridged?)
However there is most likely an additional network set up inside your machine. This is if you run more than one VM and even if those VM's can't talk to the outside world, they are on their own subnet, different from the net the host is on, and should be able to talk to each other. The host might also have an ip on said subnet.
So you need to check what the subnet ip is for the datapower box. It may only have opened the ip/port on the subnet. Hover with your mouse over the DP VM icon and see if you can get an ip (or a list of ips) (maybe right click).
Then check each of the relevant ips for the port (use telnet).
If DP only opened the port on the subnet, you won't be able to see it with netstat -an on your box, because it is open on a different ip. To see it with netstat you would need to execute this command on DP.
Hope this helps.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Sat Nov 21, 2015 10:45 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
fj,
Thanks again for your reply. Additional information is always appreciated.
Note: I am unable to import the OVA into VirtualBox - the error message says that there is a packaging problem with the OVA/OVF - and to refer to OVF documentation for more information: Anyway, besides telling me that the OVA can't be used in VirtualBox, the error message was not helpful. I opened up a Oracle forum question on this problem but have not received any replies.
So I have to use VMWare Player - I have tried VMWare Player V4, V6, and V7, and also VMWare Workstation Player Pro V12 etc. - hovering over any of these VM icons while running DP has yet to display any IP info and as you know, a bonafide Heller Catch-22 prevents me from running any CLI on the DP - the underlying OS is Suse but that is irrelevant because even if the command line was functioning I could not get to the OS/shell - DP would never allow that.
I am running the DEV OVA for DP IPG which is supposed to work and be free for non-commercial use -
I am in the works to get a DP license and then start over with the Virtual DP IPG. Maybe this will work and if not I might be able to get some help directly from IBM. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Nov 21, 2015 8:50 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
before you even accept the license you need to find on which ip that vm actually runs... How do you get to the command line to prepare DP for the gui?
At that point there must be a way of addressing the DP VM. As such you should have an ip address.
If not able to do anything else run ipconfig /all on your Win7 and check out all the ips associated with it and all the corresponding subnets.
If you feel happy you can share.
This might give you an indication as to which internal subnet was created on your PC and allow you to go "hunting" for the DP IP.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
