Hi Gianfranco,
On 22/01/08 17:00, Gianfranco Sciacca wrote:
> at UCL-HEP I had an expired host certificate for the Atlas DPM pool
> node. I have just installed the new cert and the most recent test went
> green.
Great, thanks!
> On a side note: we are cleaning up the firewall rules, as all our
> machines are going behind a new campus firewall shortly.
>
> Can you confirm that the following is correct/sufficient for the DPM:
>
> Head node:
> TCP 5010 (DPNS) open to world
> TCP 5015 (DPM) open to local pool nodes
> TCP 8446 (SRMv2.2) open to world
> TCP 2811 (GSIFTP control) open to world
Have a look here for the complete list for all middleware:
https://twiki.cern.ch/twiki/bin/view/LCG/LCGPortTable#The_middleware_port_list
You do not need to open up 5010 or 5015 to the outside, these are only
required for internal DPM communications. That being said, having access
to these ports from outside makes it easier to debug problems for people
like me. I would also recommend having access to them from a UI.
You will need 8443 (SRMv1) open for a while yet. You shouldn't be
running a GridFTP server on the head node, unless it is also acting as a
pool node. 8444 (SRMv2.0) is not required.
> Pool node:
> TCP 2811 (GSIFTP control) open to world
> 20000:25000 (GSIFTP data) open to world
Yes, that is correct. You will also need to have rfio to allow for your
worker nodes to communicate with the pool nodes using RFIO (port 5001).
Cheers,
Greig
|