[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20030812: Problems connecting behind a firewall version 6

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

  • Subject: 20030812: Problems connecting behind a firewall version 6
  • Date: Tue, 12 Aug 2003 12:45:23 -0600
Robert,

>Date: Tue, 12 Aug 2003 13:02:22 -0500
>From: Robert Leche <address@hidden>
>Organization: SRCC
>To: Unidata Support <address@hidden>,
>To: ldm-users <address@hidden>
>Subject: Problems connecting behind a firewall version 6 

The above message contained the following:

> Hello Tom and all....
> 
> We ran into a problem with our LDM system: Hurricane.srcc.lsu.edu. When 
> opeating off site, Hurricane is not receiving LDM data. The offsite 
> location is the state Office of Emergency Preparedness (OEP) and this is 
> behind a firewall. This system operated, on location, until the LDM was 
> upgraded to the version 6.x. Hurricane operates correctly when running 
> locally at LSU which is the real non-firewalled open networking.
> 
> At OEP the system is connected to the internet via a NAT'ed (Network 
> Address Translation) firewalled network. As I indicated above the 
> problem has not occurred  in earlier versions  5.2x  but problems are 
> showing up in version 6.x.
> 
> The systems serving the LDM data is Datoo.srcc.lsu.edu and 
> Seistan.srcc.lsu.edu. I found the following errors in the logs:
> 
> 
> Jul 19 16:45:12 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99
> Jul 19 16:46:12 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99
> Jul 19 16:47:21 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99
> Jul 19 16:49:42 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99
> Jul 19 16:50:04 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99
> Jul 19 16:50:38 seistan rpc.ldmd[24797]: gethostbyaddr: failed for 
> 204.196.102.99

The above messages come from the same LDM 5 code that they've always
come from.  There's no difference between LDM 6 and LDM 5 in this
regard.

> The 204.196.102.99 address is the Nat'd address located on the 'real' 
> side of the internet. Seistan and Datoo are not able to reverse the 
> connection to the remote. Hurricane is able to connect to Seistan and 
> Datoo. Applications such as ssh, sftp and ldmping are able to connect to 
> Seistan and/or Datoo. LDM, however, will not complete a connection. The 
> servers, Seistan and Datoo detect connection requests, but when the 
> gethostbyaddr command fails in the reverse direction, the LDM stream is 
> not started. The servers  "error out" the connection and produce the 
> errors above.

Is there an ALLOW entry for host "204.196.102.99" in the LDM
configuration-file on Seistan and Datoo?

> I am assuming there is a reason to do a gethostbyname in LDM version 
> 6.X. I am also assuming the gethostbyaddr function was not part of the 
> earlier LDM 5.x versions as this problem was not apparent.  No changes 
> have occoured in networking between OEP and our office at LSU since we 
> used it last year.
> 
>   Can LDM be reconfigured to skip the gethostbyaddr function?. Or do I 
> need to set up another LDM server with old code?
> 
> Regards,
> Bob
> -- 
> ----------------------------------------------------------------
> Robert Leche
> System Administrator
> Louisiana State University - Southern Regional Climate Center
> E328 Howe-Russell Building
> Baton Rouge, La. 70803
> address@hidden
> 225 578 5023

Regards,
Steve Emmerson