This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Hi Don, re: >We have an IDV user who is having trouble using ADDE because >of their firewall. An ADDE client makes a connection to >port 112 on the server, but the local return connection is not >on a specified port. So, a couple of questions: The local port used in the connection should be randomly chosen by the operating system. There is no return connection meaning that the ADDE server should not be establishing a different connection back to the client. If there was, the client's machine would need to be running its own set of server code. This should be demonstrable by initiating an ADDE request that will take a long time to fulfill in one terminal window on the client machine while running 'netstat' in another terminal window. You should see only the entry showing the user's originating port and port 112 on the server. You should not see a new connection back from the server to a port other than 112. >- do you have experience getting around these firewall issues > with your user base? I would imagine that places like the > space centers have some pretty strict rules about public ports. The Unidata approach to setting up IPTABLES firewalls on Linux has a line in /etc/sysconfig/iptables like: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT This says to allow traffic on a connection that is already established. The ADDE request initiated by the client is just such a connection as is an LDM feed request. Question: - what kind of operating system is being used by the person in question? >- is there a way to specify the return port in the request > to the server? Steve Emmerson and/or Mike Schmidt should be a good resources here as the LDM connects in the same kind of way as ADDE: random port on the client side connects to port 388 on the server side. I believe, however, that the solution is for the user's firewall to be configured to allow traffic on a connection that is already established like the example above. Cheers, Tom -- **************************************************************************** Unidata User Support UCAR Unidata Program (303) 497-8642 P.O. Box 3000 address@hidden Boulder, CO 80307 ---------------------------------------------------------------------------- Unidata HomePage http://www.unidata.ucar.edu **************************************************************************** Ticket Details =================== Ticket ID: CIM-341716 Department: Support McIDAS Priority: Normal Status: Closed