TWiki> Main Web>ProjectDocumentation>ProjectsUnderDiscussion>EvoServiceSA>PandaServerDetails (14 Jul 2009, BruceBecker)EditAttach

Firewall rules

Firewall rules necessary on the PANDA server 

#####
# Punch a few holes for proper Panda operation
# Connections from other Panda servers
-A RH-Firewall-1-INPUT -m udp -p udp --dport 46014 -j ACCEPT
# Connections from Koala
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 46015 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 46015 -j ACCEPT
# Connections from Mongoose
-A RH-Firewall-1-INPUT -m udp -p udp --dport 46025 -j ACCEPT
# ApMon from MonALISA
-A RH-Firewall-1-INPUT -m udp -p udp --dport 8884 -j ACCEPT
# Connections from any remote H.323/SIP clients
-A RH-Firewall-1-INPUT -m udp -p udp --dport 57000:57400 -j ACCEPT
# Remote management from MonkeySSL
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 3232 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 3233 -j ACCEPT
# Remote management from Kiwi
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 5354 -j ACCEPT
# Raccoon service
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 3332 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 3333 -j ACCEPT

Firewall rules for Koala client :

Mandatory:

While EVO works fine in a Network Address Translation environment (NAT), the local or institute firewall (if any) should permit communication on the following port : IN/OUT - UDP/TCP: 46015

Optional:

Allowing these TCP outgoing ports will offer the possibility to your Koala client to estimate in real-time what are the best Panda servers to connect to in function of your location, network parameters (bandwidth, packet loss...) and load.

OUT - TCP on specific IP

  1. LUSs Services: 4042, 4043, 4044 evo01.cern.ch (192.91.244.138) evo01.caltech.edu (131.215.116.151)
  2. Proxy Services: 60001, 60002, 60003 evo01.cern.ch (192.91.244.138) evo01.caltech.edu (131.215.116.151)
  3. Topology Services: 10090 evo01.cern.ch (192.91.244.138)
  4. SMTP service: 25 vrvs01.caltech.edu (131.215.116.52)

IN/OUT - TCP on specific IP

  1. File Sharing: 80 evo02.cern.ch (192.91.244.139)

IP Address of PANDA servers

JHB server

155.232.191.110/24 - EVO panda MERAKA01_ZA

-- BruceBecker - 11 Jun 2009

Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 14 Jul 2009 - 07:42:22 - BruceBecker
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback