Hi Jason, This looks quite useful.
However, I think it may over-complicate things for the average user. Firstly, I don't think we need to spend too much time publicising how to run Toolkit servers when there are many potential VenueClient users out there who simply want to get their software running on their PC. If think anyone serious enough to consider running their own VenueServers will find the firewall the least of their worries ! We hear from many first time users who cannot get their VenueClient working due mainly to their institution's firewall and some give up in the end. I've attached a couple of quick documents I've written up that I send out to our users (they cover IOCOM IG Client as well) to help them with the firewall. However, the first only covers Windows users with a public IP address (a typical University user), so doesn't cover every type of situation. And I'm not 100% sure on the range of ports I've specified for the institution firewall - they certainly don't all match up with the document you have written. I currently have 2 AG Toolkit users who are unable to get their firewalls working: 1) A MAC user. 2) Someone on a private network, i.e. a network using NAT. I'm trying to get them both an answer, but I've not used a MAC before, and don't know whether Toolkit traverse NAT networks. Please can you help out with these two issues I've got ? Perhaps documentation exists already in a format that can be given to a new user. The other thing I'm unsure of is the range of UDP bi-directional ports that require opening on the institution/gateway firewall (for unicast users). Your document (http://www.accessgrid.org/node/1816) to suggest a default range of 50,000 to 52,000. But I'm sure when we've installed BridgeServer our range is 10000 - 10999. This part is quite fundamental in terms of getting Toolkit to work via a firewall, and certainly essential information for any client who's network uses NAT. Regards, Ben. -----Original Message----- From: ag-tech-boun...@lists.mcs.anl.gov [mailto:ag-tech-boun...@lists.mcs.anl.gov] On Behalf Of Jason Bell Sent: 06 May 2009 07:40 To: accessgri...@lists.aarnet.edu.au; AG-TECH list; ag-tech...@googlegroups.com Subject: [AG-TECH] Firewall Configuration document for the Access Grid G'day All (sorry for any cross postings) AS part of ARCS (with thanks to Tom Uram), we have been developing a "Firewall Configuration for the Access Grid" document which can be found on the Global Access Grid website at http://www.accessgrid.org/node/1816. Given that networking (especially firewalls) is something that gets regularly asked about, it was thought that a document like the following would be useful. I would be interested in receiving any feedback to assist in making this document as useful as possible. Many thanks in advance, Jason. -------------------------------------------- Jason Bell, B.I.T. (Honours) Research Systems Support Officer Information Technology Division CQ University Australia Australian Research Collaboration Service http://www.arcs.org.au/ E-mail : j.b...@cqu.edu.au jason.b...@arcs.org.au Work : +61 7 4930 9229 Mobile : 0409 630897 Postal : Building 19 Central Queensland University Bruce Highway Rockhampton, Queensland, Australia, 4702 -------------------------------------------- Patience is a virtue. But if I wanted Patience, I would have become a Doctor. --------------------------------------------
AccessGrid Node PC Firewall Configuration.pdf
Description: AccessGrid Node PC Firewall Configuration.pdf
Configuring the Institution Firewall forAccessGrid traffic-V1.0.pdf
Description: Configuring the Institution Firewall forAccessGrid traffic-V1.0.pdf
