[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #EAS-993522]: FW: DREN Ticket 3475

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

Subject: [LDM #EAS-993522]: FW: DREN Ticket 3475
Date: Tue, 27 Feb 2007 15:41:06 -0700

Jonathan,

> Does a connection have to be established before it can do a FEEDME request?

Yes.  A TCP connection between the downstream LDM and the upstream
LDM must exist prior to a FEEDME request by the downstream LDM.

> I see in your first sentence that you say it would log a denied connection.
> Does that mean it would log failed authentication of just a LDM connection?

Yes.  The LDM server logs all connection attempts that fail
due to insufficient authentication.

> Would the server log all generic failed connections?

Yes.  A failed connection attempt of any kind results in a
log message.

> I am definitely seeing
> a connection attempt leaving the DREN network on destination port 388. We
> need to find out if it is even reaching your server, and if not where it is
> being dropped/blocked.

The LDM server logs all connection successes and failures.  Due to
the lack of such messages in its log file, I conclude that the
LDM server on aeolus.ucsd.edu isn't seeing any attempt to 
establish a TCP connection between it and any host in the
nrlmry.navy.mil domain.

The most likely cause is a firewall rule that discards
incoming TCP connection attempts to port 388 from that
domain.  We were just on host aeolus and didn't see 
anything in its /etc/sysconfig/iptables that would prevent
a connection on port 388 from any system anywhere.  In fact
we successfully connected to the LDM on aeolus from an
LDM in Argentina.  We suspect, therefore, that there is a
firewall between the nrlmry.navy.mil domain and host aeolus
that's dropping the connection-attempt packets on the floor.
We don't, unfortunately, have any way of discovering that firewall.

One thing to try is to execute the command "traceroute
aeolus.ucsd.edu" on host sirocco.metoc.nrlmry.navy.mil to
see where the barrier lies.  If it's in the UCSD domain,
then you'll have to contact the UCSD networking people.

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: EAS-993522
Department: Support LDM
Priority: Normal
Status: Closed

Prev by Date: Re: information before March meeting
Next by Date: Re: information before March meeting
Previous by thread: [LDM #EAS-993522]: FW: DREN Ticket 3475
Next by thread: [LDM #EAS-993522]: FW: DREN Ticket 3475
Index(es):
- Date
- Thread