Port forwarding

Port Forwarding is used in situations where you want all data encrypted, no session timeouts, or simple firewall setup.

Note:

Genero Desktop Client 3.00 supports Internet Protocol version 6 (IPv6), in addition to Internet Protocol Version 4 (IPv4), when using port forwarding through an ssh tunnel.

Figure: Simple connection with Port Forwarding

This figure shows a simple connection with port forwarding.
Figure: Connection to Server side Firewall with Port Forwarding

This figure shows a connection with a server-side firewall with port forwarding.

Figure 1 shows a simple configuration that does not involve a firewall. Sshd, the portion running on the server, will accept a connection from the GDC (client) and start your application. It will also set up a listener for a port that the application will connect to for the GUI. This port is then tunneled through the existing connection to the client, where the client will display the application. Note that both sides still use ports to accomplish this.

You must have ssh installed and set up on the server. If you are expecting to access your Genero application from somewhere on the Internet, you will most likely have a firewall router and must open a port on your router to allow connections to the sshd. See Figure 2 for an illustration of this.

Sshd is by default listening on port 22. You can set a port on the firewall to forward to sshd. Whatever port number you use must be set in the GDC using the "Specific Port" field:

Figure: Specify specific port number 2222

This figure shows panel three of the Genero Desktop Client shortcut wizard with SSH 2 selected and port 2222 specified in the Specific port field.
Figure: Specify fixed port number 29000

This figure shows panel four of the Genero Desktop Client shortcut wizard with Fixed Port selected, and port number 29000 specified.

In Figure 2 we have set our firewall router to forward port 2222 to our server sshd. There is no reason you couldn't just use port 22 and pass it straight through to your server. If you have more than one server you need to access from outside your firewall, you must use different port numbers and map each server with a different port number. Most routers will allow the destination port to be different from the origination port. For example, a rule could be entered into your firewall router to forward port 2222 to a server on port 22;set another rule to direct 2223 to a different server on port 22, and so on. More details on this are in the Firewall Server Side section.

In Figure 4 we have also set Port Forwarding to 29000. This will cause the sshd running on the server to listen to port 29000 for connections from the application. The FGLSERVER environment variable will be set to 'localhost:22600'. It is localhost because it will be tunneled and sshd is running on the same machine. The 22600 is an offset for the port. To clarify, Genero GDC listens on 6400 by default and any number after the colon in FGLSERVER is added to this number. So 22600+6400 works out to be the port we specified on the client side configuration, 29000.

To use Automatic Port Forwarding, you can specify a command line that will execute on the server and return a free port number. As this application is really depending on the system where the Runtime System is installed, we can't provide a version for each system. This program must be used in combination with the GDC connection strings system.

Another way to achieve automatic port forwarding is to have a service running on an HTTP server. This can be a CGI. The program must return lines containing information for the coming SSH connection. One line is always like the following: <attribute name>=<attribute value> For the moment, the attributes managed are "host" and "port", which can indicate the host IP to connect to and the port the sshd will listen to on the server side. By default, the host IP is the same as the HTTP server machine.

Click "Next" for the configuration.

The IP address is that of the server machine unless the firewall on the server side is doing NAT (Network Address Translation). If it is doing NAT, the IP address should be set to the address of the firewall router. Put @FGL on the line labeled "Command Line", so Genero can set the FGLSERVER variable for you when it logs into the server. FGLSERVER will have the port number corresponding to the "Port Forwarding" value you put in the previous screen. Several commands can be placed on the command line and executed in succession. In UNIX™ you use a semi-colon (;) and in Windows™ you use two ampersands (&&) to separate the commands.

Figure: @FGL command example

This figure shows panel two of the Genero Desktop Client shortcut wizard with the Name specified as 10.0.1.11 and the command @FGL; .fgl/envgenero ; cdf $FGLDIR/demo ; fglrun demo in the command field.