[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 19991004: Setting Up LDM, Firewall
- Subject: RE: 19991004: Setting Up LDM, Firewall
- Date: Mon, 4 Oct 1999 15:15:56 -0600 (MDT)
Vic,
Since you did the commands on nlmoc2 to charon and they worked, then your
configurations should be correct. I noticed in your first e-mail that the
first ldmsend was successful, so the data was sent to charon then krusty.
> > % ./ldmsend -v -h nlmoc2 /home/ldm/test.txt
> > ldmsend: nlmoc2: reclass: 19991004105323.984 TS_ENDT {{EXP, ".*"}}
> > ldmsend: Sending /home/ldm/test.txt, 25 bytes
> >
> > % ./ldmsend -v -h charon /home/ldm/test.txt
> > ldmsend: clnt_create(charon, 300029, 5, "tcp"): charon:
RPC_PMAP_FAILURE
> -
> > RPC_TIMED_OUT
The second one seemed to take to long and the it had a RPC_TIMED_OUT
failure.
It might help if you look at the workshop tuturial, it's at:
http://www.unidata.ucar.edu/packages/ldm/ws/ws.html#schedule
Robb...
On Mon, 4 Oct 1999, Ross, Victor wrote:
> Robb,
>
> Here are the results of the commands that you asked about. They both seem
> to be working fine.
>
> % ./ldmping -i 5 -h charon
> Oct 04 17:10:19 State Elapsed Port Remote_Host rpc_stat
> Oct 04 17:10:19 RESPONDING 0.071089 388 charon
> % notifyme -vl - -h charon
> Oct 04 17:10:35 notifyme[2143]: Starting Up: charon: 19991004171035.162
> TS_ENDT
> {{ANY, ".*"}}
> Oct 04 17:10:35 notifyme[2143]: NOTIFYME(charon): OK
> Oct 04 17:11:36 notifyme[2143]: Interrupt
> Oct 04 17:11:36 notifyme[2143]: exiting
> %
>
> Here is the section from my ldmd.conf file on nlmoc2
> #
> # Giving permission to your own machine and Unidata
> allow ANY charon.nlmoc.navy.mil
> #allow ANY ^[a-z].*\.nlmoc\.navy\.mil\.?$
> allow ANY charon.nlmoc.navy.mil
> allow ANY
> ^((localhost|loopback)|(127\.0\.0\.1\.?$)|([a-z].*\.nlmoc\.navy\.mil\.
> ?$))
> #
> ############################################################################
> ###
> # Accept Entries
> ############################################################################
> ###
> # ACCEPT: Who can feed us, currently this action is ONLY needed for WSI data
> #
> # accept <feedset> <pattern> <hostname pattern>
> #
> # accept anything from yourself
> #
> accept ANY ".*" ^((localhost|loopback)|(127\.0\.0\.1\.?$))
> accept ANY ".*" nlmoc2.nlmoc.navy.mil
> accept ANY ".*" charon.nlmoc.navy.mil
> #
> # accept from your upstream site
> #
>
>
> Here is the section from my ldmd.conf file on nlmoc2
>
>
> #
> # Giving permission to your own machine and Unidata
> allow ANY krusty.nlmoc.navy.mil
> allow ANY gatekeep.nlmoc.navy.mil
> allow ANY ^[a-z].*\.nlmoc\.navy\.mil$
> allow ANY
> ^((localhost|loopback)|(127\.0\.0\.1$)|([a-z].*\.nlmoc\.navy\.mil$))
> #
> ############################################################################
> ###
> # Accept Entries
> ############################################################################
> ###
> # ACCEPT: Who can feed us, currently this action is ONLY needed for WSI data
> #
> # accept <feedset> <pattern> <hostname pattern>
> #
> # accept anything from yourself
> #
> accept ANY ".*" krusty.nlmoc.navy.mil
> accept ANY ".*" gatekeep.nlmoc.navy.mil
> accept ANY ".*" ^((localhost|loopback)|(127\.0\.0\.1\.?$))
> #
> # accept from your upstream site
> #
>
>
> The name of the upstream site is krusty, but that is not resolvable outside
> of the firewall(charon). I have a direct port for all requests from nlmoc2
> on port 388 go straight to krusty on port 388. I have the same redirection
> set up for all requests to gatekeep(internal firewall name) on port 388 to
> nlmoc2 on port 388.
>
> It just seems really weird that the machines have the link open and I can
> see when I bring an LDM up or down on either side of the firewall, but I
> can't get them to pass data successfully.....
>
>
> Is there anything I might be overlooking??? Is there a number that I might
> contact someone about this?? My CO is suddenly hot on LDM as a Y2K
> contingency plan.....
>
>
> Thanks,
>
> Vic
>
> LT Victor B Ross III, USN
> Systems Integration Officer
> 9141 Third Ave
> Norfolk, VA 23511-2394
> COMM: (757)444-4942 DSN:564-4942
> address@hidden
>
> > -----Original Message-----
> > From: Robb Kambic [SMTP:address@hidden]
> > Sent: Monday, October 04, 1999 1:00 PM
> > To: Ross, Victor
> > Cc: support-ldm
> > Subject: Re: 19991004: Setting Up LDM, Firewall
> >
> > On Mon, 4 Oct 1999, Unidata Support wrote:
> >
> > >
> > > ------- Forwarded Message
> > >
> > > >To: "'address@hidden'" <address@hidden>
> > > >From: "Ross, Victor" <address@hidden>
> > > >Subject: Setting Up LDM for the first time.
> > > >Organization: .
> > > >Keywords: 199910041243.GAA11553
> > >
> > > Sirs,
> > >
> > > I am LT Vic Ross, and I am currently working the the Naval Atlantic
> > > Meteorology & Oceanography Center (NLMOC) in Norfolk, VA.
> > >
> > > I have been working with Mr. Carven Scott, NWS-SOO, Anchorage, AK to set
> > up
> > > LDM for NOAAPORT data distribution at our center and related facilities
> > in
> > > the Atlantic.
> > >
> > > Mr Scott has the LDM up and running on 2 machines here at NLMOC, but we
> > are
> > > having a problem with the transmission of data through the firewall.
> > >
> > > The upstream server runs on a private network behind charon. I have
> > opened
> > > port 388 between nlmoc2 and the upstream server.
> > >
> > > I can send to the machine from itself, but I can't get the pass to go
> > > through the firewall. Any suggestions?
> > >
> > > I am enclosing the command line info so you can see what I am getting
> > back.
> > >
> > > % ./ldmping charon
> > > Oct 04 11:51:08 State Elapsed Port Remote_Host
> > rpc_stat
> > > Oct 04 11:51:09 RESPONDING 0.073341 388 charon
> >
> > Vic,
> >
> > I'm a little confused about which is the upstream node, I'll assume it's
> > charon here. Here's what I would do to check the connections with ldmping
> > and notifyme.
> >
> > From the nlmoc2 machine, do the following:
> >
> > % ldmping -i 5 -h charon (needs the fully qualified hostname for charon)
> > % notifyme -vl - -h charon (same as above)
> >
> > This will show if your configurations are correct.
> > Also, make sure your firewall is not set to turn off the portmapper look
> > ups with one of the commands, bind, rpcbind, portmapper, etc. The LDM
> > needs to lookup the port the remote LDM is running on, default is 388
> >
> >
> > The upstream node needs to have an allow statements in the ldmd.conf for
> > the downstream nodes.
> >
> >
> > Robb...
> >
> > >
> > > % ./ldmping nlmoc2
> > > Oct 04 11:52:57 State Elapsed Port Remote_Host
> > rpc_stat
> > > Oct 04 11:52:57 RESPONDING 0.130362 388 nlmoc2
> > >
> > > % ./ldmsend -v -h nlmoc2 /home/ldm/test.txt
> > > ldmsend: nlmoc2: reclass: 19991004105323.984 TS_ENDT {{EXP, ".*"}}
> > > ldmsend: Sending /home/ldm/test.txt, 25 bytes
> > >
> > > % ./ldmsend -v -h charon /home/ldm/test.txt
> > > ldmsend: clnt_create(charon, 300029, 5, "tcp"): charon: RPC_PMAP_FAILURE
> > -
> > > RPC_TIMED_OUT
> > >
> > > Thank you in advance,
> > >
> > > LT Vic Ross
> > >
> > > LT Victor B Ross III, USN
> > > Systems Integration Officer
> > > 9141 Third Ave
> > > Norfolk, VA 23511-2394
> > > COMM: (757)444-4942 DSN:564-4942
> > > address@hidden
> > >
> > >
> > > ------- End of Forwarded Message
> > >
> >
> > ==========================================================================
> > =====
> > Robb Kambic Unidata Program Center
> > Software Engineer III Univ. Corp for Atmospheric
> > Research
> > address@hidden WWW: http://www.unidata.ucar.edu/
> > ==========================================================================
> > =====
>
===============================================================================
Robb Kambic Unidata Program Center
Software Engineer III Univ. Corp for Atmospheric Research
address@hidden WWW: http://www.unidata.ucar.edu/
===============================================================================