You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PS firewall port comment--
A recent problem with my deployment prompted a deeper look at the whole firewall setup for PS Agents. Below are the issues I found.
The first thing I wanted to confirm were the ports involved in the listed 'services' line. traceroute, bwctl, owamp-control & twamp-control don't match the ports detailed in the docs,
The /etc/services file suggest traceroute only uses port 33434/tcp when it really should cover 33434 - 33634/udp
The bwctl port listing is no longer included in the file at all.
The /etc/services files has owamp-control and twamp-control using ports 861/tcp&udp and 862/tcp&udp respectively (RFC's note that only the TCP port is used but the UDP is also reserved), the docs page suggest only the tcp ports. (not really an issue, just a comment)
Lastly, the docs say nuttcp uses ports 5000, 5101, yet the web page at nuttcp.net has it using port 5000/tcp to listen for commands and ports 5001/tcp and up for transfer streams. Maybe 5001-5004. This would conflict with the Iperf2 test port. Does the perfSONAR code take this into account and intentionally use port 5101 instead of the suggested 5001?
The text was updated successfully, but these errors were encountered:
PS firewall port comment--
A recent problem with my deployment prompted a deeper look at the whole firewall setup for PS Agents. Below are the issues I found.
The stock rules from perfsonar-toolkit-security look like this:
services: ssh dhcpv6-client ntp traceroute bwctl owamp-control twamp-control http https
ports: 8760-9960/udp 8760-9960/tcp 18760-19960/udp 18760-19960/tcp 5201/tcp 5201/udp 5001/tcp 5001/udp 5000/tcp 5101/tcp 5000/udp 5101/udp 5890-5900/tcp
The first thing I wanted to confirm were the ports involved in the listed 'services' line. traceroute, bwctl, owamp-control & twamp-control don't match the ports detailed in the docs,
The /etc/services file suggest traceroute only uses port 33434/tcp when it really should cover 33434 - 33634/udp
The bwctl port listing is no longer included in the file at all.
The /etc/services files has owamp-control and twamp-control using ports 861/tcp&udp and 862/tcp&udp respectively (RFC's note that only the TCP port is used but the UDP is also reserved), the docs page suggest only the tcp ports. (not really an issue, just a comment)
Lastly, the docs say nuttcp uses ports 5000, 5101, yet the web page at nuttcp.net has it using port 5000/tcp to listen for commands and ports 5001/tcp and up for transfer streams. Maybe 5001-5004. This would conflict with the Iperf2 test port. Does the perfSONAR code take this into account and intentionally use port 5101 instead of the suggested 5001?
The text was updated successfully, but these errors were encountered: