NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Robert, >Date: Tue, 12 Aug 2003 13:02:22 -0500 >From: Robert Leche <rleche@xxxxxxxxxxxx> >Organization: SRCC >To: Unidata Support <support@xxxxxxxxxxxxxxxx>, >To: ldm-users <ldm-users@xxxxxxxxxxxxxxxx> >Subject: Problems connecting behind a firewall version 6 The above message contained the following: > Hello Tom and all.... > > We ran into a problem with our LDM system: Hurricane.srcc.lsu.edu. When > opeating off site, Hurricane is not receiving LDM data. The offsite > location is the state Office of Emergency Preparedness (OEP) and this is > behind a firewall. This system operated, on location, until the LDM was > upgraded to the version 6.x. Hurricane operates correctly when running > locally at LSU which is the real non-firewalled open networking. > > At OEP the system is connected to the internet via a NAT'ed (Network > Address Translation) firewalled network. As I indicated above the > problem has not occurred in earlier versions 5.2x but problems are > showing up in version 6.x. > > The systems serving the LDM data is Datoo.srcc.lsu.edu and > Seistan.srcc.lsu.edu. I found the following errors in the logs: > > > Jul 19 16:45:12 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 > Jul 19 16:46:12 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 > Jul 19 16:47:21 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 > Jul 19 16:49:42 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 > Jul 19 16:50:04 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 > Jul 19 16:50:38 seistan rpc.ldmd[24797]: gethostbyaddr: failed for > 204.196.102.99 The above messages come from the same LDM 5 code that they've always come from. There's no difference between LDM 6 and LDM 5 in this regard. > The 204.196.102.99 address is the Nat'd address located on the 'real' > side of the internet. Seistan and Datoo are not able to reverse the > connection to the remote. Hurricane is able to connect to Seistan and > Datoo. Applications such as ssh, sftp and ldmping are able to connect to > Seistan and/or Datoo. LDM, however, will not complete a connection. The > servers, Seistan and Datoo detect connection requests, but when the > gethostbyaddr command fails in the reverse direction, the LDM stream is > not started. The servers "error out" the connection and produce the > errors above. Is there an ALLOW entry for host "204.196.102.99" in the LDM configuration-file on Seistan and Datoo? > I am assuming there is a reason to do a gethostbyname in LDM version > 6.X. I am also assuming the gethostbyaddr function was not part of the > earlier LDM 5.x versions as this problem was not apparent. No changes > have occoured in networking between OEP and our office at LSU since we > used it last year. > > Can LDM be reconfigured to skip the gethostbyaddr function?. Or do I > need to set up another LDM server with old code? > > Regards, > Bob > -- > ---------------------------------------------------------------- > Robert Leche > System Administrator > Louisiana State University - Southern Regional Climate Center > E328 Howe-Russell Building > Baton Rouge, La. 70803 > rleche@xxxxxxxxxxxx > 225 578 5023 Regards, Steve Emmerson
ldm-users archives: