[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[McIDAS #SRD-104827]: ADDE port trouble again

Hi Brian,

> This is third site blocking 112 for my peeps in 6 mos.


> So it isn't about us or UM or problem solving now, it's about
> a canary dying in our coal mine.

Yup, I agree.  I talked to Julien about the possibility of the IDV figuring
out if a request to an ADDE server was somehow being blocked, and, if it
is, providing a useful error/warning message to the end-user.  Julien has
added this to his list of things to do.

Also, while talking with Julien, I mused about the possibility of
doing something clever on the server machine so that ADDE requests
sent to port 80 could be redirected to ADDE which listens on port
112.  The basis for this musing was our working with SPAWAR (the
Navy's Space Warfare group in Charleston, SC) whose internal
security policy was to block virtually all outbound requests to
ports other than 80.  Jeff McWhirter created an IDV plugin that
would change ADDE requests from the IDV to go on port 80 instead
of port 112, and we setup a redirection on a machine here in the
UPC (my workstation, actually) that listened on port 80 and redirected
all ADDE traffic to the ADDE instance running on motherlode and
listening that was (and still is) listening on port 112.  This
hack was far from being a solution, but it was good as a proof of
concept exercise.  My thinking is that it may be possible to setup
something on servers in our control (e.g., motherlode.ucar.edu,
atm.ucar.edu, unidata2-new.ssec.wisc.edu and weather.rsmas.miami.edu)
that could partially interpret ADDE requests on port 80 and redirect
them to the ADDE instance that is listening on port 112.  This is
a bit tricky, but it is the same thing that is being done for
TDS and RAMADDA on all of these machines currently.  I will be talking
to Jen and Mike about whether this is possible when they are in.

The above is not a real solution, but it would allow a user who
found him/herself on a network that is blocking outbound requests
to port 112 (and, by the way, the LDM port 388) to get around the
block by installing an IDV plugin and restarting their IDV.  The
would, of course, need to delete the plugin to be able to access
ADDE servers that only get traffic on port 112.

Something to muse about while driving...


Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
Unidata HomePage                       http://www.unidata.ucar.edu

Ticket Details
Ticket ID: SRD-104827
Department: Support McIDAS
Priority: Normal
Status: Closed

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.