VMware Horizon Community
puzzledtux
Hot Shot
Hot Shot

firewall ports for port forwarding from clients to connection server via NAT router vm

I have a small n simple test setup running,

Client(10.99.128.x) -> (10.99.128.x) NAT Router/Firewall (192.168.0.x) -> ConnectionBroker(192.168.0.x)

The NAT router has 2 NICS (external=10.99.128.x and internal=192.168.0.x). I needed to know what ports need to be open/forwarded from the router for the clients to access the Connection broker via the router external IP. I tried with 80,443 ports but not able to open the VDM page via browser.

At the same time, by opening/forwarding 3389 I am able to access an internal Windows VM properly.

client(10.99.128.x) --> (10.99.128.x:3389) NAT Router/Firewall (192.168.0.x) --> Windows(192.168.0.x:3389)

What am I doing wrong here? netstat output from connection server and my firewall rules on NAT vm are attached.

0 Kudos
2 Replies
dergin
Contributor
Contributor

Hi,

As you can connect to your VDM via 3389 I am assuming that you can ping the broker server from the client. Could you please let me know what your global setting on configuration tab of View Administrator (Require SSL for Client yes/no?) if you do not require SSL you should only need port 80 opened on your firewall provided that you are not chosing SSL option on your client. 3389 is only used between connection server and virtual desktops after you tunnel through from view client to connection server.

Hope this helps

0 Kudos
puzzledtux
Hot Shot
Hot Shot

Okay, I did not troubleshoot this much but finally got it working...still not aware of what was wrong!! I setup a new ConnectionBroker virtual machine. The client requires SSL was enabled in this case also. Further I just re-created all input and forward rules on the router virtual machine and rebooted it. I had allowed port 80 and 443 ports on the router and it started working!!

I shall now be trying setting up some thinapp packages to be launced by the end users from inside the virtual desktops. Meawhile are there any tweak guides on configuring the base virtual machine for the SVI cloning purpose?

0 Kudos