[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20010216: 20010215: Starting the LDM

Erick,

LDM uses the Unidata regiestered port of 388. The default ldmd.conf
file distributed with LDM has an allow line for *.unidata.ucar.edu
that allows me to run notifyme to your machine such as I did last night.

The rpd.ldmd program is installed setuid so that it can connect to port 388
initially. After that point, the program has no root privaleges.
If you do not run rpc.ldmd with the setuid bit set, then user level 
will not be able to connect to port 388. In this case, the LDM will be assigned
a port at runtime by the portmapper (sunrpc 111). If the LDM is not running on
port 388, then you would have to expose port 111 to the downstream, as well
as the user port access which generally are ports greater than 1024.
It is generally better to have LDM running on port 388. Then you should be able
to use TCP wrappers on that 1 port, instead of a dynamically assigned port.

Steve Chiswell
Unidata User Support



>From: Erick Lorenz <address@hidden>
>Organization: UCAR/Unidata
>Keywords: 200102170001.f1H01IL10914

>At 09:37 PM 2/15/01 -0700, you wrote:
>>
>>Erick,
>>
>>I ran notifyme to ATM20 and still don't see any data files in your queue.
>>Everything appears correct- but can you check your system date/time
>>to make sure you have the correct time.
>>
>>If your system clock is off, then all data that arrives at your end could
>>be ignored as too old.
>
>The clock was in fact off by about an hour.  As soon as I reset it the data
>began to pour in.  At first only AREA files were being saved but after I
>remembered to run McIDAS REDIRECT and set up a symbolic link in /var/data
>then the XCD data began to show up as well.
>
>Your use of notifyme reminds me that I had a question about increasing
>security on my machine with the use of wrappers.  I asked a two part
>question a while back in which I wondered what network utilities were
>necessary for the ldm to receive data and also which ones were needed for
>the same machine to act as an ADDE server to some McIDAS clients.
>
>The question did get to Tom Yoksas who answered the McIDAS part.  I
>wondered if the LDM part got lost in the shuffle.
>
>To repeat I put ALL:ALL IN my /etc/hosts.deny. Then I put entries in my
>/etc/hosts.allow to give limited access to my McIDAS clients (I haven't
>tested this yet) and ALL to my office desktop and (for the moment) ALL to
>my two upstream providers.  My question is what network services does the
>LDM need to receive data from its upstream provider.  I would like to limit
>the network services to them to the minimum to hinder spoofing.
>
>Also your ability to use notifyme puzzles me.  You were able to examine my
>system with it even though my hosts.allow file does not include your
>computer and the default is to deny all access.  Does the LDM set of
>services bypass the usual network protocols?
>
>Thanks
>
>Erick
>
>
>
>
>
>
>
>  +--------------------------------------------------------------------------+
>  | Erick Lorenz, Programmer/Analyst                     Voice: 530-752-8297 |
>  | Atmospheric Science                                  FAX:   530-752-1552 |
>  | Land, Air & Water Resources                                              |
>  | University of California, Davis            e-mail:  address@hidden |
>  +--------------------------------------------------------------------------+
>