| Author |
Message
|
| techno |
 Posted: Mon Aug 09, 2004 10:18 am Post subject: One Receiver and Two sender channels |
 |
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
I have observed some time back that there can be more than one sender channels (from different machines) connection to the same receiver channel(on a different machine). Can we somehow prevent it? Can I use MCAUSER here?
Thanks |
|
| Back to top |
|
 |
| EddieA |
| Posted: Mon Aug 09, 2004 12:27 pm Post subject: |
|
|
Jedi
Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles
|
Not with MCAUSER. All that will do, is make every connection through the Receiver channel, appear to come from that user.
Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0 |
|
| Back to top |
|
|
| bbburson |
| Posted: Mon Aug 09, 2004 12:46 pm Post subject: |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
| What does WMQ do to keep sequence numbers in sync in this situation? Seems to me this would cause a problem and that only one of the senders could really be functional (and probably neither one if the sequence number for both senders got out of whack). |
|
| Back to top |
|
|
| EddieA |
| Posted: Mon Aug 09, 2004 3:54 pm Post subject: |
|
|
Jedi
Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles
|
It works. Trust me. And not just for Clustering.
Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0 |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Aug 09, 2004 4:41 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
The RCVR channel you define ends up being a model for the QM to spawn off multiple instances of the RCVR channel, one for each SNDR. If you do a channel status, you will see the multiple RCVRs. You can differentiate between them based on the remote queue manager name associated with each one.
Its just like a SVRCONN channel. You create 1 def, but you can have thousands of actual clients attached, each with their own channel that was created off of that "template" channel you manually defined.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| fschofer |
| Posted: Mon Aug 09, 2004 10:25 pm Post subject: |
|
|
Knight
Joined: 02 Jul 2001
Posts: 524
Location: Mainz, Germany
|
Hi techno,
you may consider to use SSL to prevent connection to your receiver channel from an unauthorized site.
Greetings
Frank |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Tue Aug 10, 2004 1:15 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
|
| Back to top |
|
|
| techno |
| Posted: Tue Aug 10, 2004 9:27 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Hi
I am getting errors while compilation on hp-ux(11.x)
$ cc -c BlockIP2.c
cc: "BlockIP2.c", line 421: warning 604: Pointers are not assignment-compatible.
cc: "BlockIP2.c", line 421: warning 563: Argument #3 is not the correct type.
Thanks for any help. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Tue Aug 10, 2004 2:19 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
it's the wcsftime() call that have other options on HP-UX.
Change the line
| Code: |
| i = wcsftime(dest, sizeof(dest)-1, L"%y.%m.%d"L" %H:%M:%S BlockIP2:", newtime); |
to:
This will remove the timestamp from the log, and keep you compiler quiet. I'll see how to circumvent it on HP-UX.... Maybe conditional compile..
I'm working on a solution...
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| techno |
| Posted: Tue Aug 10, 2004 3:45 pm Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Thanks for that. I have some other errors here.
Following are the steps I followed
---------------------------------------------
$ cc -o BlockIP2 BlockIP2.c
/usr/ccs/bin/ld: (Warning) At least one PA 2.0 object file (BlockIP2.o) was dete
cted. The linked output may not run on a PA 1.x system.
/usr/ccs/bin/ld: Unsatisfied symbols:
main
$
But I can see BlockIP2 file created
----------------------------------------------
Moved BlockIP2 to /var/mqm/exits.
----------------------------------------------
Altered server-conn channel:
alt chl(CLIDHOCLM2) chltype(svrconn) SCYDATA('FN=/var/mqm/scripts/block.txt;') scyexit('BlockIP2(BlockExit)')
-----------------------------------------------
In errors (AMQERR01):
08/10/04 16:40:34
AMQ6188: The system could not dynamically load the shared library
'/var/mqm/exits//BlockIP2' due to a problem with the library. The errno was 8
and the error message was 'Exec format error'. The queue manager will continue
without this library.
EXPLANATION:
This message applies to HP-UX systems. The shared library
'/var/mqm/exits//BlockIP2' failed to load correctly due to a problem with the
library.
ACTION:
Check that the library exists and is in the correct place with the correct file
permissions etc. and has not been corrupted.
---------------------------------------------------------------------------------
I tried changing the exit to /var/mqm/exits/BlockIP2. I am getting the same error( with '/var/mqm/exits//BlockIP2' replaced by '/var/mqm/exits/BlockIP2' )
Please advise me.
Thanks |
|
| Back to top |
|
|
| gunter |
| Posted: Tue Aug 10, 2004 10:23 pm Post subject: |
|
|
Partisan
Joined: 21 Jan 2004
Posts: 307
Location: Germany, Frankfurt
|
| Code: |
$ cc -o BlockIP2 BlockIP2.c
/usr/ccs/bin/ld: (Warning) At least one PA 2.0 object file (BlockIP2.o) was dete
cted. The linked output may not run on a PA 1.x system.
/usr/ccs/bin/ld: Unsatisfied symbols:
main |
You have to build a shared library, not an executable. Look in the cc - manpage to find the flags.
_________________
Gunter Jeschawitz
IBM Certified System Administrator - Websphere MQ, 5.3 |
|
| Back to top |
|
|
| techno |
| Posted: Wed Aug 11, 2004 8:04 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Thank you all for your help.
Exit works fine.
One question: In case of a message coming from external network, ie, say in B2B situation, we have firewalls on both the sides. What IP should used to allow the message on to other side?
CompanyA, CompanyB exist in different networks.
Say CompanyB has BlockIP2 exit on their side. Is it the firewall address of CompanyA that is to be allowed?
Thanks. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Wed Aug 11, 2004 1:10 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
The address you have to allow is the NAT'ed one from your inside firewall.
| Code: |
+-------------------+
+ QM1 ! BlockIP2(172.25.13.10)
+---------+---------+
! 10.10.10.14
!
! LAN-1
!
! NAT 207.13.13.13 -> 172.25.13.10
+---------+---------+
+ FW1 ! NAT 10.10.10.14 -> 81.12.12.12
+---------+---------+
! Public 81.12.12.12
!
! PUBLIC/LEASED network
!
! Public 207.13.13.13
+---------+---------+
+ FW2 ! NAT 10.10.10.14 -> 196.12.12.12
+---------+---------+
! NAT 81.12.12.12 -> 192.162.162.13
!
! LAN-2
!
! 10.10.10.14
+---------+---------+
+ QM2 ! BlockIP2(192.162.162.13)
+-------------------+ |
This little diagram shows two qmgrs with two firewalls which both do NAT, eg. doing address translation.
As you can see QM1 have 3 ip-addr, depending on where you are in the network:
LAN-1: 10.10.10.14
PUBLIC: 81.12.12.12
LAN-2: 192.162.162.13
To configure BlockIP2 pattern correctly you have to talk to your network administrator, or use BlockIP2 with (*) so you know the translated address, and when you have discovered the address add it to BlockIP2.
My personal recomandation is contact network, so they know you rely on their NAT, so they don't change the translation without notifying you.
I hope this can explain the network/NAT/FIREWALL to you, and it will help you creating a secure MQ-architecture.
Just my $0.02
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| techno |
| Posted: Thu Aug 12, 2004 7:11 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
|
| Back to top |
|
|
|
|
