Hi All,
You can find an admin wiki about nat sites here:
http://goc.grid.sinica.edu.tw/gocwiki/LCG2_NAT_Network_Installation
You are encouraged to add your own experience here.
Cheers,
Min
-----Original Message-----
From: LHC Computer Grid - Rollout [mailto:[log in to unmask]]
On Behalf Of Dan Schrager
Sent: Wednesday, July 06, 2005 10:33 AM
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] natted wn's
Hi Kashyap,
I could guess that your main problem is the gridftp (3'rd party
transfer) test.
From my own experience, I would recommend testing your site with the
simple ftp program (service vsftpd start/stop).
For example, start vftpd on SE. Then connect with the (simple) ftp
client to it from a WN, from CE and from outside your network. In
passive mode, so that you'd see the IP reported by the server. If it's
its public IP, then gridftp will work too. Take care to name your SE
with its public name even when connecting from inside (a WN).
Regards,
Dan
[log in to unmask] wrote:
> Hi,
> Does anybody have the full test-suite for checking the data management
> tools? Something similar to what Piotr Nyczyk uses on lcg-testzone.
>
> The bunch of tests that are given in the site-testing document are all
> working on our site. However a few of the tests from lcg-testzone are
> failing.
>
> If anyone has a more comprehensive test-suite could you please mail it
> to me.
>
> Thanks
> Kashyap
>
> On Tue, 5 Jul 2005, Dan Schrager wrote:
>
>> Hi Kashyap,
>>
>> Public IPs with public names only (from grid's point of view).
>> Private WNs with their private IP known to CE, SE, RB but NAT-ed to
>> the world.
>>
>> Regards,
>> Dan
>>
>>
>>
>>
>> [log in to unmask] wrote:
>>
>>> There was previously a discussion on this list regarding having
>>> worker nodes behind a NAT box.
>>> At our site we've now put our worker nodes behind a NAT. There are
>>> some issue regarding the configuration.
>>>
>>> the private subnet is under the domain .tifr-mcfarm and our site
>>> subnet(public) is .tifrgrid.res.in
>>>
>>> now the fqdn's cms-ce.tifrgrid.res.in and cms-ce.tifr-mcfarm both
>>> resolve to the private ip of the CE. And the same goes for the SE.
>>>
>>> Previously the tifrgrid.res.in domains used to resolve to the public
>>> ips (which got routed through the nat).
>>>
>>> Now, which is the correct method?
>>> To let the public fqdn resolve to the public ip or the private ip?
>>>
>>> Thanks
>>> Kashyap
>>>
>>> Quoth the Penguin, "pipe grep
>>> more!" .
>>> ........................................................................
>>>
>>> Kashyap
>>> Paidmarri .
>>> Summer Intern Senior
>>> Undergraduate.
>>> DHEP, TIFR, Mumbai IIT
>>> Bombay .
>>
>>
>
> Quoth the Penguin, "pipe grep more!" .
> ........................................................................
> Kashyap Paidmarri .
> Summer Intern Senior Undergraduate.
> DHEP, TIFR, Mumbai IIT Bombay .
|