Piotr Siwczak wrote:
> Hi Everybody
>
> I'm manually setting up a firewall for a CE and SE. For the purpose of this I
> am using the document lcg-port-table.pdf. From grid-deployment.web.cern.ch.
>
> I have a few doubts to clear:
> Does the following statement appearing in the document: "*{UI,SE,CE,WN}"
> mean all the UIs SEs ... present on the grid (i.e. accept the traffic comming
Not every combination is actually used, but for gridftp we have at least
the following:
CE <-- local WN
SE <-- local WN/UI, remote WN/UI/SE
> from other sites), or only these located at my site? This statement appears
> with gridftp service, describing the hosts from which traffic should be
> allowed.
So, for gridftp the firewall on the CE could be set tighter than on the SE.
However, if you do so, it may be harder for the Grid Deployment group to debug
your CE, since one can no longer do edg-gridftp-ls or globus-url-copy.
|