[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20050608: LDM problem: new setup



>From: Dave Dempsey <address@hidden>
>Organization: SFSU
>Keywords: 200506082323.j58NNnZu018248 LDM

Hi Dave,

>I've just installed and configured LDM 6.3.0 on a Linux PC running Red Hat
>Enterprise Linux WS release 3 (Taroon Update 4) for the National Weather
>Service in Monterey.

OK, I have direct experience with loading the LDM on this platform (and
have had no problems with it).

>As I understand it, the machine is installed on the
>Naval Postgraduate School network because NWS offices are so heavily
>firewalled. The machine has an IP address only (205.155.73.71), no fully
>qualified domain name.

OK.

>I've configured it to feed from norte.sfsu.edu (130.212.21.17). However,
>when I start the LDM the following message appears in the ldmd.log file:
>
>   Jun 08 22:43:24 model 130.212.21.17[5287]: ERROR: requester6.c:457;
>ldm_clnt.c:277: Couldn't connect to LDM 6 on 130.212.21.17 using either port
>388 or portmapper; ldm_clnt.c:116: : RPC: Remote system error - Connection
>timed out 

Is there a firewall on the 205.155.73.71 machine?  The connection timed
out error typically indicates that the request is not getting to the
destination.

>So I know that the two machines aren't making contact correctly. The
>upstream machine won't respond to pings, nor can it issue pings, because
>pinging has been disabled as a security measure at our institution.

OK.

>However,
>is feeding happily from a machine upstream of it, and it permits ssh logins
>and ftp (both directions), so it's certainly on-line.

Got it.

>The question is, why might the LDM software on the two machines not be
>connecting properly, and what might I do about it?

I suspect the firewall on the downstream machine, and/or a firewall on
the upstream machine, and/or firewalls at the sites where the machines
are hosted.  The reason I say this is that it is very easy to configure
a firewall to disable traffic to particular domains or to allow traffic
to/from specific domains.

>Here's some configuration information:
>
>On norte.sfsu.edu (130.212.21.17) (the upstream machine):
>
>   (1)  The ldmd.conf file contains the line:
>
>           allow   ANY     ^(205\.155\.73\.71\.?$)
>
>       (Those are tabs in there, not spaces, in case it matters here.)

Tabs are not necessary here.  Your specification for the downstream machine
is OK, but it could also be written as:

allow   ANY     ^205\.155\.73\.71$

>On 205.155.73.71 (the downstream machine):
>
>   (1) The ldmd.conf file contains the line:
>
>           request WMO     ".*"    130.212.21.17
>
>       (Tabs separate everything.)

Tabs are not crutial here either (but they may help readability.

>   (2) The /etc/services file contains the lines:
>
>          # LDM Services
>          ldm             388/udp ldm                     # UCAR Unidata LDM
>          ldm             388/tcp ldm                     # UCAR Unidata LDM

The LDM only uses tcp, so the 388/udp line can safely be removed.  also,
I would change the entry to:

ldm     388/tcp         ldmd            # Unidata LDM-6

The comment doesn't matter...

>       (Tab between the first two items on each line but not between the
>second and third items.)

Tabs are important here.

>   (3) The /etc/rpc file contains the line:
>
>            ldmd            300029 ldm
>
>       (Tab between the first two items but not the second and third items.)

This should be:

ldm     300029  ldm

>I've attached the LDM config.log file. Anything else that I should be
>passing along?

There is noting in config.log or in your configuration.  I really suspect
that the problem is related to a firewall somewhere (especially since
we are talking about the NPS).

Cheers,

Tom
--
NOTE: All email exchanges with Unidata User Support are recorded in the
Unidata inquiry tracking system and then made publicly available
through the web.  If you do not want to have your interactions made
available in this way, you must let us know in each email you send to us.


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.