This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Jonathan, > Does a connection have to be established before it can do a FEEDME request? Yes. A TCP connection between the downstream LDM and the upstream LDM must exist prior to a FEEDME request by the downstream LDM. > I see in your first sentence that you say it would log a denied connection. > Does that mean it would log failed authentication of just a LDM connection? Yes. The LDM server logs all connection attempts that fail due to insufficient authentication. > Would the server log all generic failed connections? Yes. A failed connection attempt of any kind results in a log message. > I am definitely seeing > a connection attempt leaving the DREN network on destination port 388. We > need to find out if it is even reaching your server, and if not where it is > being dropped/blocked. The LDM server logs all connection successes and failures. Due to the lack of such messages in its log file, I conclude that the LDM server on aeolus.ucsd.edu isn't seeing any attempt to establish a TCP connection between it and any host in the nrlmry.navy.mil domain. The most likely cause is a firewall rule that discards incoming TCP connection attempts to port 388 from that domain. We were just on host aeolus and didn't see anything in its /etc/sysconfig/iptables that would prevent a connection on port 388 from any system anywhere. In fact we successfully connected to the LDM on aeolus from an LDM in Argentina. We suspect, therefore, that there is a firewall between the nrlmry.navy.mil domain and host aeolus that's dropping the connection-attempt packets on the floor. We don't, unfortunately, have any way of discovering that firewall. One thing to try is to execute the command "traceroute aeolus.ucsd.edu" on host sirocco.metoc.nrlmry.navy.mil to see where the barrier lies. If it's in the UCSD domain, then you'll have to contact the UCSD networking people. Regards, Steve Emmerson Ticket Details =================== Ticket ID: EAS-993522 Department: Support LDM Priority: Normal Status: Closed