[AG-TECH] Firewall and unicast questions

Andrew A Rowley Andrew.Rowley at manchester.ac.uk
Mon Apr 10 04:02:05 CDT 2006 

Hi,

One idea for anyone that has to move a multicast node behind a non-multicast compatible firewall is to set up a machine as an AG-connector server and put that machine outside the firewall.  You can then just open the firewall on port 8010 to and from that machine.  You will then also not be dependant on other people running bridges.  Your bridge will also be under no more load than your AG node would have been (probably much less since it is not decoding any streams), and so that machine would not have to be very powerful.

If I am correct, some firewalls won't even need you to open port 8010 as this will be opened automatically when you connect.  This will depend on the type of firewall, but you can always try it and see if it works.

Andrew :)

============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester, 
M13 9PL, 
UK
Tel: +44(0)161-275 0685
Email: Andrew.Rowley at manchester.ac.uk 
> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov] On
> Behalf Of NamGon Kim
> Sent: 07 April 2006 23:00
> To: jeremy at biochem.uthscsa.edu
> Cc: ag-tech at mcs.anl.gov
> Subject: RE: [AG-TECH] Firewall and unicast questions
> 
> You can find umtp executable(umtp_win32 or umtp_linux) from AG
> Connector_0.5.zip file.
> You can run your own UMTP Server with this command.
> 
> Linux > umtp_linux -s [server_ip] 8010
> Windows > umtp_win32 -s [server_ip] 8010
> 
> Be sure that the UMTP Server is in multicast network.
> 
> Thanks.
> 
> - Namgon
> 
> -----Original Message-----
> From: Jeremy Mann [mailto:jeremy at biochem.uthscsa.edu]
> Sent: Saturday, April 08, 2006 12:23 AM
> To: NamGon Kim
> Cc: Nagykaldi, Zsolt F. (HSC); ag-tech at mcs.anl.gov
> Subject: RE: [AG-TECH] Firewall and unicast questions
> 
> NamGon, do you know how we can run our own UMTP server?
> 
> 
> NamGon Kim said:
> > I am really sorry for that.
> >
> >
> >
> > This time, before release, I am running the UMTP Server at
> > 150.183.253.143/8010 instead of umtp.mcs.anl.gov.
> >
> >
> >
> > You can download new AG Connector from AG Connector web page.
> >
> >
> >
> > Please note that this new version is not compatible with previous
> > version.
> >
> >
> >
> > - Namgon
> >
> >
> >
> >   _____
> >
> > From: Nagykaldi, Zsolt F. (HSC) [mailto:Zsolt-Nagykaldi at ouhsc.edu]
> > Sent: Friday, April 07, 2006 11:49 AM
> > To: NamGon Kim; ag-tech at mcs.anl.gov
> > Subject: RE: [AG-TECH] Firewall and unicast questions
> >
> >
> >
> >
> >
> > The UMTP server associated with the AG connector has been unreachable
> > for over a month. The connector comes back with an error message and
> > prompts to "use other server..", but there are no other options given.
> > Any suggestions on what we supposed to do?
> >
> >
> >
> > Zsolt
> >
> >
> >
> >
> >
> > _ _ _
> >
> >
> >
> > Zsolt Nagykaldi, PhD
> >
> > Research Associate, Clinical IT Specialist
> >
> > University Of Oklahoma Health Sciences Center
> >
> > Department Of Family And Preventive Medicine
> >
> > Oklahoma Center For Family Medicine Research
> >
> >
> >
> > 900 NE 10th Street
> >
> > Oklahoma City, OK 73104
> >
> > Phone: (405) 271-8000 Ext.:1-32212
> >
> > Fax:     (405) 271-1682
> >
> >
> >
> >   _____
> >
> > From: owner-ag-tech at mcs.anl.gov on behalf of NamGon Kim
> > Sent: Thu 4/6/2006 7:42 PM
> > To: Masullo, Chris F; ag-tech at mcs.anl.gov
> > Subject: RE: [AG-TECH] Firewall and unicast questions
> >
> > Dear Chris,
> >
> > My name is Namgon Kim.
> > I am developing a multicast connectivity solution for AG which can be
> > used under firewall.
> > AG Connector is the name of my solution.
> > I hope you to test AG Connector in your network.
> >
> > It encapsulates multicast data of AG and uses one port number (8010)
> for
> > connection with outside of firewall.
> >
> > If you use AG Connector, since what you need to do is opening 8010
> port,
> > firewall traversal will be easier.
> >
> > Your can download and see some documentation from here.
> > http://ace.nm.gist.ac.kr/AG_Connector/
> >
> > If you need any question about AG Connector, let me know.
> >
> > - Namgon
> >
> >
> >> -----Original Message-----
> >> From: Masullo, Chris F [mailto:masullo at bnl.gov]
> >> Sent: Friday, April 07, 2006 1:04 AM
> >> To: ag-tech at mcs.anl.gov
> >> Subject: [AG-TECH] Firewall and unicast questions
> >>
> >> Hello All,
> >>
> >> We currently have our AG nodes outside our firewall, however cyber
> >> security
> >> has told us that we need to move the systems inside our firewall.
> The
> >> last
> >> time I brought up this issue a number of years ago I was told that
> >> multicast
> >> would not get past our firewall. I have some questions regarding this
> >> issue.
> >>
> >> Has anyone successfully placed an AG VTC system behind a Cisco
> > Firewall?
> >> Are there any issues using unicast mode for and AG node behind a
> >> firewall?
> >> If not then why not run unicast?
> >>
> >> I have looked through the mailer however I do not see any answers to
> >> these
> >> Questions.
> >>
> >> Thanks in advance
> >>
> >>
> >>
> >> Chris Masullo                     Information Technology Division
> >> Brookhaven National Laboratory    Network Engineering & Operations
> >> 61 Brookhaven Ave.                Phone:  (631) 344-2326
> >> Upton, NY 11973                   Fax:    (631) 344-7688
> >
> >
> >
> >
> >
> 
> 
> --
> Jeremy Mann
> jeremy at biochem.uthscsa.edu
> 
> University of Texas Health Science Center
> Bioinformatics Core Facility
> http://www.bioinformatics.uthscsa.edu
> Phone: (210) 567-2672
> 
>

More information about the ag-tech mailing list