That's a good idea. I'll add a link to http://dev.globus.org/wiki/FirewallHowTo
from the quickstart.
Charles
On Sep 25, 2008, at 10:24 AM, Yoichi Takayama wrote:
Thanks!
The Quick Start guide does not say anything about ports and
firewall, but I am a bit embarrassed to learn that it is well
documented in a longer admin manual. Although probably I ought to
have read it and also Globus has good manuals, many of us wish not
to have to read lengthy manuals but to have concise instructions.
Perhaps there should be a very brief mention of firewall how to
restrict the ports in the Quick Start as well, because hardly any
system comes without firewall settings???
Cheers,
Yoichi
--------------------------------------------------------------------------
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--------------------------------------------------------------------------
MACQUARIE UNIVERSITY: CRICOS Provider No 00002J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not necessarily
the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or
Macquarie University.
On 26/09/2008, at 1:08 AM, Raj Kettimuthu wrote:
GridFTP, like any FTP, is a two channel protocol. 2811 is for
control channel connection. You also need to open ports for data
channel. You can restrict the port range for the data channel using
the environment variable GLOBUS_TCP_PORT_RANGE. More information
about this is available at http://www.globus.org/toolkit/docs/4.0/data/gridftp/admin-index.html#id2536766
Raj
On Fri, 26 Sep 2008, Yoichi Takayama wrote:
Hi
http://www.globus.org/toolkit/docs/4.2/4.2.0/admin/quickstart/index.html
While trying to install the 2nd Globus, the GridFTP test tries to
copy a file between two hosts. This fails.
$ globus-url-copy gsiftp://grid1.ramscommunity.org/etc/group
gsiftp://grid2.ramscommunity.org/tmp/from-grid1
error: globus_ftp_client: the server responded with an error
500 500-Command failed. : callback failed.
500-globus_xio: Unable to connect to 137.111.246.176:42777
500-globus_xio: System error in connect: No route to host
500-globus_xio: A system call failed: No route to host
500 End.
Obviously the port 42777 is not open because it is behind a
Firewall.
The GridFTP is defined as gsiftp with /etc/xinetd.d/gridftp as:
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/sandbox/globus/
globus-4.2.0
env += LD_LIBRARY_PATH=/sandbox/globus/
globus-4.2.0/lib
server = /sandbox/globus/globus-4.2.0/sbin/globus-
gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
Also:
# cat /etc/services | grep gsiftp
gsiftp 2811/tcp # GSI FTP
gsiftp 2811/udp # GSI FTP
Although the port 2811/tcp and 2811/udp have been opened, this
does not help since the globus-url-copy gsiftp still wants to use
some random ports other than 2811. The command copies files OK if
the iptables are switched off. so, it is obviously the port number
problem.
Is there any other place where the setting should be placed to
restrict what port the gsiftp should be using?
Thanks,
Yoichi
--------------------------------------------------------------------------
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--------------------------------------------------------------------------
MACQUARIE UNIVERSITY: CRICOS Provider No 00002J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not
necessarily the views of Macquarie E-Learning Centre Of Excellence
(MELCOE) or Macquarie University.
