ICE

TCP/IP Products => TCP-PRO => Topic started by: Banquo on August 26, 2005, 01:40:07 pm

Title: ICElp From LAN to WAN and the issues therein
Post by: Banquo on August 26, 2005, 01:40:07 pm

I recently had to do an emergency changeover on one of our remote locations (going from a point to point T1, to local SDSL) and while my end users are happy with the speed, I found out that they were using ICElp and I quickly had to become familiar with the product (I'm still NOT so ANY help is appreciated).

So I have site A. On DSL, w/dhcp, connecting to site B. which NAT's everything into internal addresses.

My assumption was,..if I change the ICElp settings to the external address of location B., Allow all incoming traffic from the exteranl IP of the router at location A. on port 2346 Then my Unix box should be golden and there should be no issues.

This was not the case,..and much troubleshooting, router and firewall configurations did not solve the problem. Now in Double emergency mode,..I set up a VPN for my remote clients (which they hate so EVENTUALLY I have to get it working with the DHCP addresses) and they can all print now, but only ONE AT A TIME...

My thought is that for some reason the single IP that they're coming from (post DHCP NAT) is messing the mix, but I'm assuming other people use ICElp w/DHCP and don't have these issues,....yes/no,..if so how so? etc...

Like I said,..I'm totally willing to admit my own ignorance here so ANY help is good in my eyes.

Title: ICElp From LAN to WAN and the issues therein
Post by: Bob on August 26, 2005, 03:05:51 pm

ICELP works by the client pc POLLING the Unix machine on port 2346. The IP address of the client machine is NOT important as long as it can get to the Unix machine. Which PC gets which job is determined ONLY by the NAME of the spooled printer (and of course, that is entered into icelp configuration on the PC side). You should have a UNIQUE spooled printer name for each client PC user (since that is how the jobs are directed).

Your NAT at site B should portforward incoming 2346's to your unix box. Your original setup SHOULD have worked. From what you've told me you have one of the following problems:

2346 isn't being port forwarded properly on the NAT.
You have an inbound firewall blocking 2346.
You have an OUTBOUND firewall (at the PC end) blocking 2346 outbound.
Your ISP isn't passing 2346 through (rare but not unheard of).

You can test ICELP connectivity WITHOUT running the client on the PC by following the instructions here:
http://yabb.jriver.com/ice/index.php?board=2;action=display;threadid=19;start=msg78#msg78