[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[McIDAS #CIM-341716]: ADDE protocol port usage



Hi Don,

re:
>We have an IDV user who is having trouble using ADDE because
>of their firewall.  An ADDE client makes a connection to
>port 112 on the server, but the local return connection is not
>on a specified port.  So, a couple of questions:

The local port used in the connection should be randomly chosen by the
operating system.  There is no return connection meaning that the ADDE
server should not be establishing a different connection back to the
client. If there was, the client's machine would need to be running its
own set of server code.

This should be demonstrable by initiating an ADDE request that will
take a long time to fulfill in one terminal window on the client
machine while running 'netstat' in another terminal window.  You
should see only the entry showing the user's originating port and port
112 on the server.  You should not see a new connection back from the
server to a port other than 112.

>- do you have experience getting around these firewall issues
>  with your user base?  I would imagine that places like the
>  space centers have some pretty strict rules about public ports.

The Unidata approach to setting up IPTABLES firewalls on Linux
has a line in /etc/sysconfig/iptables like:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

This says to allow traffic on a connection that is already
established.  The ADDE request initiated by the client is just such
a connection as is an LDM feed request.

Question:

- what kind of operating system is being used by the person in question?

>- is there a way to specify the return port in the request
>  to the server?

Steve Emmerson and/or Mike Schmidt should be a good resources here as
the LDM connects in the same kind of way as ADDE: random port on the
client side connects to port 388 on the server side.  I believe,
however, that the solution is for the user's firewall to be configured
to allow traffic on a connection that is already established like the
example above.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: CIM-341716
Department: Support McIDAS
Priority: Normal
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.