Hi,

What ports must I open in my firewall to view webstation from out of my office? When i try to connect from outside i receive the error "Could not connect in port 4520..." or something like this.

I have open this port and i could not connect.

Can you help me?

Thank you very much

HI,

The exact error that i receive:

"Could not establish connection to net.tcp://myexternalip:4520/ApplicationServices"

I'm trying to connect from a MAC computer.

Thank you very much.

Port 80 and port 4520 should be the ports that need to be exposed. Note also that the ClientAccessPolicy.xml file may have to be adjusted to reflect the IP Address and name of the server. This is mentioned in the User's Guide.

Finally, the Webstation should not be used on a WAN with real patient data. the data passed on port 4520 (the image data) is not encrypted, and thus you would be exposing patient data over that channel.

Steve

Hi,

I have opened ports 80 and 4520 in my firewall:

iptables -t nat -A PREROUTING -p tcp --dport 8114 -i $INTERNET -j DNAT --to 192.168.1.14:80
iptables -t nat -A PREROUTING -p tcp --dport 4520 -i $INTERNET -j DNAT --to 192.168.1.14:4520

And I need to access to ImageServer from outside of my lan but not in Internet, from my DMZ which range is 192.168.100.x.

I'm accessing from dmz throught web browser with http://192.168.100.2:8114/ImageServerAlpha and I enter correctly but when i try to open an image from my web browser I receive the error mentioned above.

In my ClientAccessPolicy.xml I have parameters configured like this:



And I have modified with this:




And I still receive the same error.

Any Idea?

Sorry but my englih is very bad...

Sorry but ClientAccessPolicy.xml setup is:

Default setup: ""

My setup now: "http://192.168.100.2" />" and "http://localhost />"

Thank you.  

Sborja,

I'm not quite sure what's going on. The Silverlight control is pulling the hostname/ip address out of the URL of the web page when it attempts to connect back to the server. This would be displayed in the error message in the dialog in the Silverlight control. From what you're saying, that should be correct, because it would be the external IP address.

The other thing is that you would have to have the external IP address listed in your ClientAccessPolicy.xml file. Note, however, that the original configuration of this file was wide open, ie, any IP address should have been allowed, so I don't think this should be the issue, although it should be changed from your latest edits to have both the internal and external IP addresses.

Are you sure that you have the firewall setup properly to allow the port thorough? Can you use another tool to ensure that the connection goes through that port to the server? Also, are things working on the server itself when connecting to "localhost" in the URL?

Steve

Hi,

I still have the same problem. I have checked that port 4590 is open in my firewall and redirected to my ClearCanvas Image server doing a telnet from source machine to destination but I'm receiving the same error.
I'm reading logs in CCImageserver but i have no changes.

Can i check something else?

Thank you very much.

Sborja,

If the telnet connection appears to go through, I would probably look more closely in the ClientAccessPolicy.xml file to make sure its ok. Otherwise, as I said before, I'm not really sure what's happening.

Steve

sborja
"iptables -t nat -A PREROUTING -p tcp --dport 8114 -i $INTERNET -j DNAT --to 192.168.1.14:80
iptables -t nat -A PREROUTING -p tcp --dport 4520 -i $INTERNET -j DNAT --to 192.168.1.14:4520
"

you should try to route 80 port also.

Kadir.

 

 

 

Posted By hiba on 2011-03-09 10:27 AM

 

sborja;

I have the same problem 
"Could not establish connection to net.tcp://myexternalip:4520/ApplicationServices" 
what could i do ?

 

 

 

Hi;
I' m not find ClientAccessPolicy.xml file settings in User's Guide.
A sample configuration for access to the server behind the firewall would be great though.

Our Team Edition releases do not include the ClientAccessPolicy.xml file. We refactored the Webstation so it no longer needs this extra port for communication, instead, all communication with the server is done through IIS & port 80. Our current source repository has this implementation.

In any case, if you look at the manual shipped with the Alpha of the Webstation, you should see an example ClientAccessPolicy.xml file. I believe we included one at that time.

Steve

 steve,

also i have the same issue ,please advise

If you are sure that the policy file is correct, check if it can be downloaded by the client. If the client cannot get to file, everything else does not matter.

If you have network sniffer (eg Chrome or IE developer tool) , it should tell you where the client looks for the policy file and whether or not it is successful.

Normally, it's done through port 943. The file should also be placed in the root of the web site (and not in the virtual directory). You may also need to play around with the security permission (when in doubt, give full control access to "everyone").

I am also having the same issue. The difference for me is that the application has been working for over a year I have two development station I use for testing and both stopped working at the same time (or close to the same time)  they are both located in different locations behind 2 different routers.

I am unable to get the images to show when I am using http://localhost/imageserveralpha 

as mention the clientaccesspolicy.xml is not required as I have never edited this or created this file. by default you say it is open to all. Which is how it was running.  What else can I do? again it doesn't run locally.  no changes have been made to the server the server is dedicated for imageserveralpha only.  Any help in regard to this would be great

Solved!!!! Duh--- Should have check the services prior to posting. Shred Service was not started.