[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IDD #DQQ-790553]: Request for help with LDM setup

Subject: [IDD #DQQ-790553]: Request for help with LDM setup
Date: Wed, 23 Apr 2014 15:49:44 -0600

Hi Wes,

re:
> Thanks for all the help again!

No worries.

re:
> I am the system admin on this server, so I feel pretty comfortable with the
> setup.  Just haven't done all the minute things associated with this before.

OK, sounds good.

re:
> I didn't realize SELINUX was on, so that has been changed.  I will restart
> the machine shortly, especially after I get the boot script worked out.  I
> can handle emailed instructions on this, just need to know what to do as
> root for this.

I am attaching an example script for you to use as a template.  The only
changes you may need to make will be at the top of the script (and I
think that I have setup those entries to match your LDM installation).

The other thing you will need to do after you copy the LDM start on
boot script to /etc/init.d/ldmd is:

<as 'root'>
chkconfig --add ldmd

re:
> I will verify that port 388 is not being blocked on the campus-wide network
> with the campus sysadmin.

You can check that outbound access to port 388 is being blocked somewhere
by:

- install telnet

  yum install telnet

- telnet idd.unidata.ucar.edu 388

  Success will look like:

Trying 128.117.140.3...
Connected to idd.unidata.ucar.edu.
Escape character is '^]'.

  Break out of this with CTRL-]

re:
> My IPTABLES look as follows (after accidentally
> executing the iptables command suggested in the Preinstall directions
> twice):
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:domain
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp
> dpt:domain
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:ftp
> ACCEPT     ah   --  anywhere             anywhere
> ACCEPT     esp  --  anywhere             anywhere
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp
> dpt:isakmp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:smtp
> ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp
> dpt:mdns
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:nfs
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp
> dpt:openvpn
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:https
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:ssh
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp
> dpt:tftp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:http
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> dpt:unidata-ldm
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> dpt:unidata-ldm
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination

I always find it easier to look at iptables directly:

less /etc/sysconfig/iptables

re:
> I suspect that I just need to add in a few things here.

iptables out of the box for CentOS 6.x does _not_ block any outbound
requests (my development environment is a CentOS 6.5 x86_64 VMware
Player virtual machine).  In order to block outbound requests, someone
would have to have purposefully made a change; I suspect that this is
at your campus level.

re:
> Help on this would
> be great, too.  (Never worked with the iptables much before, so I'm
> learning that right now.)

We can give you help on how to configure your iptables after we know
more about what you want open, and what you want closed.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: DQQ-790553
Department: Support IDD
Priority: Normal
Status: Closed

Attachment: ldmd.boot
Description: Binary data

Prev by Date: [IDD #DQQ-790553]: Request for help with LDM setup
Next by Date: [IDD #RFC-237182]: broken link
Previous by thread: [IDD #DQQ-790553]: Request for help with LDM setup
Next by thread: [IDD #DQQ-790553]: Request for help with LDM setup
Index(es):
- Date
- Thread