Network Address Translation (NAT)
Network Address Translation (NAT) requires special setup for CygNet clients and services. The CygNet Address Resolution Service (ARS) delivers the network addresses of the CygNet services. If there is a router performing NAT, those addresses cannot be used by the CygNet client. The CygNet client must send the request to the router and it will in turn send it to the appropriate NATted addresss via a table.
CygNet uses the registry to determine which services are behind a NAT router. The registry entries are a list of string values in:
For a 32-bit registry location, use
|
HKEY_LOCAL_MACHINE\SOFTWARE\Visual Systems, Inc.\CygNet\Dcl\NattedServices |
For a 64-bit registry location, use
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Visual Systems, Inc.\CygNet\Dcl\NattedServices |
The string value names are the Names of the services (wildcarding is supported). The Data is the IP address of the router.
The router needs to be configured so that the UDP port of the CygNet service is routed to the internal IP address where the service lives. Presently, CygNet does not support port translations. So, the port must match the port in the CygNet service configuration file. If needed, the CygNet configuration file can be edited to choose a used port for the service. If a firewall is involved, it will need to allow UDP traffic through those ports.
CygNet clients use ports 49152 to 65535. CygNet services use ports between 5001 and 32767. Routers can translate those ports to ports above 32767.
Note: This also applies to CygNet services when they’re acting as a CygNet client. For example, when a point changes in the PNT, the PNT notifies the associated CVS. That notification uses a "client port" on the PNT side, but uses the "service port" on the CVS side. When the CVS reads the changed point in the PNT, the CVS uses a "client port" to talk to the "service port" on the PNT.
To Configure Network Address Translation (Natting)
This will require that you have access to the CygNet host, network firewall, as well as a client machine for configuring and testing.
- Start by getting the following information.
- The internal IP address of the ARS
- The external IP address of the client system (Tip: Use https://www.whatismyip.com/)
- The external IP address of the firewall
- Place the CygNet Domain Connection Utility (CygConn.exe) on the client system and configure it to use the external IP address of the firewall. Apply these settings.
- Update the registry information on the client system under the following location:
For a 32-bit registry location, use
|
HKEY_LOCAL_MACHINE\SOFTWARE\Visual Systems, Inc.\CygNet\Dcl\NattedServices |
For a 64-bit registry location, use
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Visual Systems, Inc.\CygNet\Dcl\NattedServices |
- Specify which services will be accessible by the client. If all services are available to the user, you can use a wild card, or you can specify each site individually. The NattedServices registry key supports fully qualified domain site service names. The site service format is [XXXX]MYSITE.SVC where XXXX is the domain, MYSITE is the name of the site, and SVC is the name of the service. If no domain ID is specified, the default domain is used.
Note: Specifying the domain ID is especially important when configuring the NattedServices registry key on a machine that is replicating from another domain. If no domain ID is specified, local communication among the services (for example, a UIS communicating to its PNT, an RSM communicating to its subordinate services) will be performed against the primary domain, not the replication domain, as intended.
Note: Wildcarding is only supported in the site.service portion of the name, not the domain.
For example:
|
All Services: “[5410]MYSITE.*”=”172.16.212.146”
Individual Service(s): “[5410]MYSITE.ARS”=”172.16.212.146” |
- Once this is completed on the client system, configure port forwarding on the router/firewall.
- Set it up so that all CygNet UDP ports are forwarded to the internal IP of the CygNet host.
For example:
|
Port Range 6000-6050 are forwarded to internal IP 192.168.0.1
Port 5410 (default Domain) is also forwarded to 192.168.0.1 |
- You should now be able to reach the ARS using the CygNet Domain Connection utility on the client machine.
- Once the CygNet Domain Connection utility is able to communicate with the ARS, launch CygNet Explorer and verify that you are able to access each of the services that you want the customer’s system to have access to.
- Verify that security is properly configured for the user who is accessing the system.
