[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
20030623: 20030623: HDS feed to/from seistan (cont.)
- Subject: 20030623: 20030623: HDS feed to/from seistan (cont.)
- Date: Mon, 23 Jun 2003 13:08:41 -0600
>From: Robert Leche <address@hidden>
>Organization: LSU
>Keywords: 200306161954.h5GJs2Ld016710 LDM-6 IDD
Bob,
>If you have connection problems with Sirroco , ipchains will very likly need
>adjusting to your host(s). I can help if you need it. I will need the host
>name(s) of your systems.
OK, we are looking at the ipchains setup on seistan and think that it
could be setup a lot more efficiently. But first:
- we can not get onto datoo using the 'ldm' password; we want access
to datoo to see how its security is setup so we can contrast it
to the setup on seistan and sirocco
- re: ipchains configuration on seistan: the set of IP chains
rules you have in place currently looks to be overly long and
not properly priortized, but, then again, we don't know what
your exact security objectives actually are (e.g., we don't
know if there is a good reason you don't just allow all srcc.lsu.edu
machines full access, etc.)
We are proposing to do the following as a test:
1) flush the IP chains rule set that is in place right now on seistan
2) install a new rule set that consolidates the restrictions you currently
have in place
3) return the HDS feed from seistan to zero.unidata.ucar.edu to see if
the large latencies drop to zero
Is there any reason that we should _not_ run this test?
Tom