[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20030623: 20030623: HDS feed to/from seistan (cont.)

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

  • Subject: 20030623: 20030623: HDS feed to/from seistan (cont.)
  • Date: Mon, 23 Jun 2003 13:08:41 -0600
>From: Robert Leche <address@hidden>
>Organization: LSU
>Keywords: 200306161954.h5GJs2Ld016710 LDM-6 IDD

Bob,

>If you have connection problems with Sirroco , ipchains will very likly need
>adjusting to your host(s). I can help if you need it. I will need the host
>name(s) of your systems.

OK, we are looking at the ipchains setup on seistan and think that it
could be setup a lot more efficiently.  But first:

- we can not get onto datoo using the 'ldm' password; we want access
  to datoo to see how its security is setup so we can contrast it
  to the setup on seistan and sirocco

- re: ipchains configuration on seistan:  the set of IP chains
  rules you have in place currently looks to be overly long and
  not properly priortized, but, then again, we don't know what
  your exact security objectives actually are (e.g., we don't
  know if there is a good reason you don't just allow all srcc.lsu.edu
  machines full access, etc.)

We are proposing to do the following as a test:

1) flush the IP chains rule set that is in place right now on seistan
2) install a new rule set that consolidates the restrictions you currently
   have in place
3) return the HDS feed from seistan to zero.unidata.ucar.edu to see if
   the large latencies drop to zero

Is there any reason that we should _not_ run this test?

Tom