Hi Folks,
Ok, so I now have a firewall log for 4am Monday through 4am Tuesday.
Interesting stuff...
Apart from the usual bad-guy port-scans it shows lots of external lcg1
machines trying to communicate with our RB and the CE - mostly on ports
blocked at the firewall. Not really a surprise, given the woes we have had ;-)
A question:
The SITE_GLOBUS_TCP_RANGE is set to 50000 52000 as prescribed in site-cfg.h.
However, the edg system appears to be using the default local port range as
set in /proc/sys/net/ipv4/ip_local_port_range (32768 61000) and the callback
fails. Should I expect the edg stuff to use the defined port range for
callback (as in SITE_GLOBUS_TCP_RANGE) or do I have to explicity make all
nodes use the correct range by massaging /proc/sys/net/ipv4/ip_local_port_range?
The answer to this and the method of doing it via LCFG will go a long way to
solving some at least of our problems. Emanuele...?
Martin.
|