needed network Ports and IPs to get CMS work through a firewall

Author	Message
Yeti Send message Joined: 29 May 15 Posts: 147 Credit: 2,842,484 RAC: 0	Message 564 - Posted: 14 Aug 2015, 11:08:42 UTC It took me quit some time to figure out what CMS Needs to get through my restriktive Firewall. From other CERN-Projects I had follwoing already configured: •Jabber messaging which needs XMPP (port 5222), •Chirp (port 9094) for moving data in and out, •HTTP (port 80) and •HTTPS (port 443) And if you want, you can grant access to the entire CERN network: •137.138.0.0/16 •128.141.0.0/16 •128.142.0.0/16 Now I had to add: 130.246.180.119-120 with TCP-Ports 8319,9620-9623,9817,9818 188.184.134.98 with TCP-Port 3128 188.184.140.166 with TCP-Port 3128 128.142.166.0/255.255.255.0 with TCP-Port 8884 It would be good and helpfull if someone from the Project-Team can check and confirm or correct this table Thanks in Advance Yeti ID: 564 · Rating: 0 · rate: / Reply Quote

Laurence Project administrator Project developer Project tester Send message Joined: 12 Sep 14 Posts: 1069 Credit: 334,882 RAC: 0	Message 565 - Posted: 14 Aug 2015, 12:22:16 UTC - in response to Message 564. Yes, we should provide this information. Are you referring to only incoming traffic or also outgoing? Jabber and Chirp are required for test4theory but should not be required in the future when it is migrated to different infrastructure. We use Condor and this can require some ports but I don't have the exacts details right now. It might be possible to configure Condor in such away that this isn't required. There may also be some other CMS magic going on that I haven't identified yet. ID: 565 · Rating: 0 · rate: / Reply Quote

Yeti Send message Joined: 29 May 15 Posts: 147 Credit: 2,842,484 RAC: 0	Message 566 - Posted: 14 Aug 2015, 12:35:23 UTC - in response to Message 565. Yes, we should provide this information. Are you referring to only incoming traffic or also outgoing? All that is needed to get it work. Usually you configure something in one direction and the Firewall accepts the answering automatic. So for my System I have configured the outgoing Connections and my Firewall lets the reply pass through. ID: 566 · Rating: 0 · rate: / Reply Quote

Yeti Send message Joined: 29 May 15 Posts: 147 Credit: 2,842,484 RAC: 0	Message 1104 - Posted: 17 Sep 2015, 18:03:07 UTC Today I had to make following Change: 130.246.180.119-120 with TCP-Ports 8319,9619-9623,9817,9818 ID: 1104 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4	Message 1107 - Posted: 18 Sep 2015, 9:30:11 UTC - in response to Message 1104. Today I had to make following Change: 130.246.180.119-120 with TCP-Ports 8319,9619-9623,9817,9818 A site admin replies: The condor glideins should only require outgoing connections. My (test) glideinWMS is configured to have 4 collectors, using ports 9619 to 9623, on the host 130.246.180.120. Config files need to be downloaded from the same host on port 8319, as well as from 130.246.180.119 on the same port (8319). ID: 1107 · Rating: 0 · rate: / Reply Quote

Development for LHC@home