Web Connector separated from the WCS by NAT

When the Web Connector (WC) is in the DMZ, you must configure the Web Connector to make initial contact with the Web Component Server (WCS) using a specific hostname and port number.

Next you must configure the WCS to respond appropriately to communications from the Web Connector. This is accomplished using the following command

-port FQDN:6401 -requestport fixed

The -port command configures the WCS to listen for contact from the WC on the specified port (6401 is the default value). If a value is specified, -port also configures the WCS to send the WC an externally routable, fully qualified domain name (FQDN) for the WC to use when communicating with the WCS in subsequent interchanges. You must specify this FQDN when the Web Connector and the WCS are separated by a firewall that uses Network Address Translation. Otherwise the WCS sends the WC an internal address for subsequent communications, and the WC cannot communicate with the WCS through the firewall.

The -requestport command is used to configure the WCS to use a fixed port number for all subsequent communications with the WC. When the WC and WCS are separated by a firewall that uses NAT, you must specify this port number. You can use any free port number for fixed.

Finally, you must configure your firewall to allow communications that use the addresses and ports that you've specified.

To configure the Web Connector on Windows

1. Start the CCM.
2. Stop the World Wide Web Publishing Service.
3. On the toolbar, click Configure web connector.
4. In the Web Component Servers area, click Add.

   If your WCS Host Name is already listed, select it and click Edit.

5. In the WCS Host Name field, type the name of the machine that is running the WCS. This machine must be routable from the web server that is running the Web Connector.
6. If you have customized the WCS so that it listens on a port other than the default, type your new port number in the Port field. Otherwise, ensure that the default port number (6401) appears.
7. Click OK twice to return to the CCM.
8. Start the World Wide Web Publishing Service.

To configure the Web Connector on UNIX

If your web server is running on UNIX, stop the web server and then set the WCSHOST or WCSHosts variable to the name of the machine that is running the WCS. This machine must be routable from the web server that is running the Web Connector.

The WCSHOST or WCSHosts variable is defined in the configuration file that corresponds to your web server. For details about each configuration file, see Crystal Enterprise Installation Guide.

To configure the WCS

1. Start the CCM.
2. Stop the Crystal Web Component Server.
3. On the toolbar, click Properties.
4. In the Command box, add the following option:

   -port FQDN:6401 -requestport portnum

   For the -port command, replace FQDN with either the fully qualified domain name of the machine that is running the WCS. This machine must be routable from the web server that is running the Web Connector.

   In the -requestport command, substitute any valid free port number for portnum.

5. If you want to customize the WCS so that it listens on a port other than the default, substitute your new port number for the default value of 6401.

   Tip:    If you change the default port number of the WCS you must perform additional system configuration. Before changing the port number, see Changing the default server port numbers.

6. Click OK to return to the CCM.
7. Start the Crystal Web Component Server.

Specifying firewall rules when the WC is separated from the WCS by NAT

For stateful firewalls (either packet filtering or NAT) that separate the Web Connector and the WCS, you need only specify inbound firewall rules. For details of how to specify these rules, consult your firewall documentation.

The fixed port number specified in the chart is the port number you specify for the WCS using -requestport. See To configure the WCS for details.

Inbound Rules

Source		Destination		Action
Computer	Port	Computer	Port
Web Server (WC)	Any	WCS	6401	Allow
Web Server (WC)	Any	WCS	fixed	Allow
Any	Any	WCS	Any	Reject

Related topics

• Command lines overview
• Changing the default server port numbers
• Configuring for Network Address Translation