[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20031021: LDM 6.0.14 connection to portmap on RedHat 9

Subject: 20031021: LDM 6.0.14 connection to portmap on RedHat 9
Date: Tue, 21 Oct 2003 14:03:30 -0600

Rita & Carl,

>Date: Tue, 21 Oct 2003 13:07:09 -0500
>From: Rita Edwards <address@hidden>
>Organization: NASA/Marshal Space Flight Center
>To: Steve Emmerson <address@hidden>
>Subject: Re: 20031021: LDM - Redhat Linux 8.0 - ldmadmin start gives 
>permission denied

The above message contained the following:

> Steve, in a effort to determine if indeed this is branch
> or the firewall, I have completed the following steps.
> 1.  Modified the ldmd.conf to only accept connections for
> internal feeds. (Carl's machines no longer are accepted.)
> 2.  Setup an internal machine running 6.0.13 to serve
> as a downstream node.
> 3.  Restarted the ldm feed on branch.
> 
> Here is the interesting stuff:
> Branch's rpcinfo in now correct:
> [root@branch ~ldm]# rpcinfo -p
>    program vers proto   port
>     100000    2   tcp    111  portmapper
>     100000    2   udp    111  portmapper
>     391002    2   tcp  32768  sgi_fam
>     390113    1   tcp   7937
>     300029    6   tcp    388  ldmd
>     300029    5   tcp    388  ldmd

The above is correct behavior and new (your previous email showed
Branch's LDM listening on port 43298 instead of 388).

> The netstat is correct:
> tcp 0 0 branch.nsstc.nasa.g:ldm snet1.nsstc.nasa.:46229 ESTABLISHED

This is good.

> 4.  Ok, next step, allow Carl's machines in.
> 
> First we connected using just tarzan (Red
> Hat 8.0 ldm 6.0.13).  Branch's rpcinfo
> returned the following:
> tcp        0      0 branch.nsstc.nasa.g:ldm tarzan.caps.ou.edu:5296 
> ESTABLISHED  
> tcp        0      0 branch.nsstc.nasa.g:ldm tarzan.caps.ou.edu:5295 
> ESTABLISHED

This is good.

> Now with flash connecting, we have the high level port communication
> taking place on both systems:
> tcp 0 0 branch.nsstc.nasa.:5204 flash.nsstc.nasa.:21006 ESTABLISHED 
> tcp 0 0 branch.nsstc.nasa.:5204 flash.nsstc.nasa.:21007 ESTABLISHED  
> tcp 0 0 branch.nsstc.nasa.:5204 flash.nsstc.nasa.:21008 ESTABLISHED   
> tcp 0 0 branch.nsstc.nasa.:5204 flash.nsstc.nasa.:21009 ESTABLISHED  
> tcp 0 0 branch.nsstc.nasa.:5204 flash.nsstc.nasa.:21010 ESTABLISHED

This is bizarre.  Branch's LDM should be using port number 388 instead
of 5204.  Nothing in the LDM should cause this to occur.

We just ran an LDM 6.0.14 on our RedHat 9 system and had it request data
from Branch.  Everything went OK: we were able to receive data from
Branch:

    ~: id
    uid=8858(ldm) gid=2000(ustaff) 
groups=2000(ustaff),2010(usystem),3020(wxp),5600(lwrkshp)
    ~: uname -a
    Linux sherman.unidata.ucar.edu 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 
2003 i686 i686 i386 GNU/Linux
    ~: cat /etc/redhat-release 
    Red Hat Linux release 9 (Shrike)
    ~: grep '^[^#]' etc/ldmd.conf
    request ANY .* branch.nsstc.nasa.gov
    allow   ANY
        
^((localhost|loopback)|(127\.0\.0\.1\.?$)|([a-z].*\.unidata\.ucar\.edu\.?$))
    ~: ldmadmin start
    Checking the pqact(1) configuration-file "/usr/local/ldm/etc/pqact.conf"...
    /usr/local/ldm/etc/pqact.conf is syntactically correct
    Starting the LDM server...
    ~: cat logs/ldmd.log
    Oct 21 19:25:07 sherman rpc.ldmd[15446]: Starting Up (version: 6.0.14; 
built: Sep 15 2003 14:19:22) 
    Oct 21 19:25:07 sherman branch[15447]: Starting Up(6.0.14): 
branch.nsstc.nasa.gov: TS_ZERO TS_ENDT {{ANY,  ".*"}} 
    Oct 21 19:25:07 sherman branch[15447]: Desired product class: 
20031021182507.653 TS_ENDT {{ANY,  ".*"}} 
    Oct 21 19:25:07 sherman branch[15447]: Connected to upstream LDM-6 
    Oct 21 19:25:07 sherman branch[15447]: Upstream LDM is willing to feed 
    ~: ldmadmin watch
    (Type ^D or ^C when finished)
    Oct 21 19:25:08 pqutil:     7402 20031021182508.216   CRAFT 16002  
L2-BZIP2/KHTX/20031021182404/16/2
    Oct 21 19:25:08 pqutil:     5108 20031021182520.231   CRAFT 16003  
L2-BZIP2/KHTX/20031021182404/16/3
    Oct 21 19:25:08 pqutil:     3704 20031021182514.976   CRAFT 111011  
L2-BZIP2/KBMX/20031021182125/111/11
    ...
    ~: ldmadmin stop
    ...

This conclusively demonstrates that a downstream LDM 6.0.14 on a RedHat
9 system can successfully request and receive data from the LDM on
Branch.  Therefore, the problem must lie with the situation at CAPS or
with the interaction between CAPS and NASA.

The differences between this test and the situation at CAPS are:

    1.  The setup and configuration of the LDM on Flash; and

    2.  The existance of and configuration of the firewall at OU (we are
        outside our corporate firewall).

Could it be that the firewalls at OU and NASA are conspiring to screw
things up?

Carl,

    1.  What does the following output on Flash?  On Tarzan?

            rpcinfo -n 388 -t branch.nsstc.nasa.gov 300029 6

    2.  Is the program bin/rpc.ldmd owned by root and is it
        set-uid-owner?  If not, what happens if you make it so.

(I'm grasping at straws.)

Regards,
Steve Emmerson

Prev by Date: 20031021: Old LDM Documentation
Next by Date: 20031021: LDM - Redhat Linux 8.0 - ldmadmin start gives permission denied
Previous by thread: 20031021: Old LDM Documentation
Next by thread: Re: 20031021: LDM 6.0.14 connection to portmap on RedHat 9
Index(es):
- Date
- Thread