Close port 23 and open port 2811 instead.
Start a simple ftp service on SE (ex. service vsftpd start). Also enable
(temporarily) port 21 for it. And create a test user on SE with password
to play with. Connect to SE(call it by its public name, like the grid
software would do) from a WN (and from a worldwide location) with the
simple ftp client, in (default) passive mode. Do a dir command and watch
for the IP returned by the server. IN BOTH cases should be SE's public
IP. Then gridftp (3'rd party transfer) will work too. If you get the
local IP when talking with a WN, tell me who is the NAT for WNs and send
me that NAT's iptables file, I might be able to help.
Filippidis christos wrote:
>hi,
>at the tests i take this output:
>Checking 3rd party replication from lxn1183.cern.ch to the default SE:
>Running command : lcg-rep -v --vo dteam -d xg006.inp.demokritos.gr
>sfn://lxn1183.cern.ch/storage/dteam/generated/2005-06-16/filec6a30c8a-0ebc-420d-9cd1-5a3a7b88c56f
>the server sent an error response: 425 425 Can't open data connection.
>timed out() failed.
>
>
>when i do telnet to xg006.inp.demokritos.gr 20000 the connection is
>refused , I can telnet port 2811 .
>
>at the CE i can telnet at port 2811 and at port 20000.
>
>i try to configure the iptables but its not working.
>
>at SE the /etc/sysconfig/iptables is:
>
># Firewall configuration written by redhat-config-securitylevel
># Manual customization of this file is not recommended.
>*filter
>:INPUT ACCEPT [0:0]
>:FORWARD ACCEPT [0:0]
>:OUTPUT ACCEPT [0:0]
>:RH-Firewall-1-INPUT - [0:0]
>-A INPUT -j RH-Firewall-1-INPUT
>-A FORWARD -j RH-Firewall-1-INPUT
>-A RH-Firewall-1-INPUT -i lo -j ACCEPT
>-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
>-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
>-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
>-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
>ACCEPT
>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j
>ACCEPT
>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>20000:25000 -j ACCEPT
>-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>COMMIT
>
>could you please tell me how to modified it or what else i can do ?
>
>thanks xristos
>
>
>
>
>
>
>Christos Filippidis
>NCSR DEMOKRITOS
>Institute of Nuclear Physics
>office block 6(ktirion 6)
>Gr-15310 Agia Paraskevi
>GREECE
>Tel:2106503425
>
>http://consult.cern.ch/xwho/people/117002
>http://www.inp.demokritos.gr/~filippidisx/
>
>
>
>
>----------------------------------------------
>
>"Institute of Nuclear Physics NCSR Demokritos"
> http://www.inp.demokritos.gr/
>
>
|