Setting up GoldSync® Behind a Firewall

Document #575, Setting up GoldSync® Behind a Firewall

Introduction

A firewall can be either software-based or hardware-based. It is intended to protect your network from unauthorized access. Whenever a computer can access the Internet, there is the possibility of attack. What a firewall does is monitor every attempt to connect to the computers located inside of the firewall, and block any unauthorized based on criteria set by the network administrator. A firewall can be configured to let certain programs monitor ports through the firewall. GoldSync must be allowed to do this before users from outside the network will be able to connect to the server and properly synchronize.

Note: This information is provided as is and cannot be elaborated on or supported by FrontRange Solutions Technical Support. The operations described herein may adversely affect your network performance and internet access. Only network administrators and those familiar with GoldSync server administration should attempt to modify firewall settings.

If you have any questions or concerns, your systems administrator or a GoldSync Certified Authorized GoldMine Solutions Partner should be able to provide you with the information you need.

Getting Started

First, you need to find out what the external and internal IP addresses of your server are, and write them down. Also, you should decide on what port you wish for GoldSync to use. By default, GoldSync uses port 5993 to connect with remote synchronization users via the internet. The port number can be modified, however, on the “Number of Connections”

screen in the properties of the Internet connection process on your GoldSync server.

For more information on setting up your GoldSync server’s processes, please refer to the GoldSync Administrator’s guide available on the Frontrange FTP site at: ftp://ftp.goldmine.com/public/manuals/gs5-admn.pdf

Opening a Port for GoldSync

Once the GoldSync server has been set up, it is time to open the port in the firewall for GoldSync to listen through. Here are examples for two popular software firewall programs:

ZoneAlarm

Zone Labs’ ZoneAlarm is a popular and inexpensive software firewall. More information and an unlimited non-commercial use shareware version are available on their web site: http://www.zonelabs.com/

Once you have set up GoldSync to listen for incoming internet connections, ZoneAlarm should display a pop-up window asking if you would like GoldMine to be allowed to access the internet. Check Remember this answer each time I open this program and click Yes. ZoneAlarm should also pop up with another window asking if you would like GoldMine to act as a server. . Check Remember this answer each time I open this program and click Yes. GoldSync should now be able to accept connections on the port you specified.

WinGate

WinGate by Deerfeild.com is a popular connection sharing software package that offers firewall features. More information and a 30-day evaluation version are available on their site: http://wingate.deerfield.com/

Once you have set up GoldSync to listen for incoming internet connections, Wingate’s GateKeeper will need to be configured to allow GoldSync to accept connections.

  1. Start the GateKeeper
  2. Log in and go to the Services tab
  3. Right-click and select New Service>>TCP mapping service

  1. Enter GoldSync TCP Mapping Service in the Service Name and Description fields

  1. Enter the GoldSync port (the default is 5993) in the Accept connects on Port or Service Port field (depending on your Wingate version)
  2. Select Enable default mapping to and specify the IP address of the
  1. GoldSync server, with the port for GoldSync entered in the on port field
  1. On the Bindings tab, select the Allow connections coming in on any interface radio button
  2. On the Interfaces tab, select the Connections to be made out on the following interface only radio button
  3. In the drop-down box, select the internal IP address of the WinGate machine, and then click OK
  4. Select File>>Save changes to save your settings

GoldSync should now be able to listen on the port you specified.

Other Programs

Many firewall programs are configured in a similar fashion to ZoneAlarm or WinGate. The steps to open the port through the firewall for the computer running GoldSync are generally very similar to WinGate’s GateKeeper interface with slight differences in the features of the program(s) in question.

Testing Synchronization

At this point, you should have someone outside of your firewall attempt to synchronize. Be sure to give them your correct external IP address and GoldSync port number, and have them connect to it. The process should run successfully as if there were no firewall or the remote were connected from inside it.

Troubleshooting

Usually, if there is a problem, the remote will not be able to connect and the process monitor will display something similar to:

[4-0] Unable to establish connection.

[4-0] Connection refused: System error 10061.

[4-0] Possible causes: no Internet connection, host is unreachable, GoldSync is not listening, or host and remote are not set to the same port.

If this is the case, then most likely the port has not properly been opened for GoldSync to listen through. You can test this from the remote computer by going to Start>>Run… and typing in telnet <IP> <port> where <IP> is the external IP address of the server and <port> is the port you have GoldSync listening on. If telnet cannot connect, and the dos window closes, then the port has not been opened. Re-examine your firewall settings and make any necessary adjustments.

If telnet can connect, and begins displaying %ERR repeatedly, then GoldSync is listening. This usually means that something has been set-up incorrectly on the remote machine, and needs to be changed. Check the settings in the Synchronization Wizard, and try to synchronize again.

Copyright (c) 2002 FrontRange Solutions Inc.

All rights reserved. You may use this document for personal and informational (non-commercial) purposes, provided that the copyright notice and all other notices and  permissions appear in all copies, the document is not copied or posted on any network computer or broadcast in any media and modifications are not made to the document. Use for any other purpose is expressly prohibited by law, and may result in civil or criminal penalties.

The information contained in this document is provided “as is” without warranty of any kind. To the maximum extent permitted by applicable law, FrontRange Solutions disclaims all warranties, either express or implied, including warranties for quality, accuracy, merchantability, fitness for a particular purpose, title and non-infringement; and in no event shall FrontRange Solutions or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of profits or data or special damages, even if FrontRange Solutions or its suppliers have been advised of the possibility of such damages.