<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Dear AG Colleagues,<br>
<br>
I am trying to configure a small SonicWall network security appliance
to allow Access Grid to<br>
work well. I am using a cable broadband provider that does not support
multicast, wo will be<br>
using bridges. Before proceeding I wanted to seek wider advice.
Several year ago I exracted a list<br>
of ports/services from the excellent document put together at
Manchester in 2005 by Javier Gomez<br>
Alonso (<a class="moz-txt-link-freetext" href="http://www.accessgrid.org/agdp/guide/ports.html">http://www.accessgrid.org/agdp/guide/ports.html</a>). To boil it
down to its essence, it looks<br>
something like this:<br>
<br>
port 8000/TCP for venue server<br>
port 8002/TCP event<br>
port 8004/TCP text<br>
port 8006/TCP data<br>
port 5222/TCP Jabber server<br>
port 7777/TCP NCSA Jabber server<br>
port 4561/TCP for distributed powerpoint server<br>
port 5001/TCP for distributed powerpoint server<br>
[subtotal: 9]<br>
ports 5800-5999 for VNC server<br>
[subtotal: 200]<br>
ports 49152-65535 for unicast bridge<br>
[subtotal: 16384]<br>
[grand total: 16593]<br>
<br>
of which I was assuming one could ignore all but 5800-5999 and
49152-65535 because<br>
in other cases the connection is established by the client coming into
the server (though I'm not at<br>
all certain of this in the case of shared powerpoint, or for all of the
800x ports). But its not<br>
clear if one really needs ALL of these ports. To further confuse
things, there is a document<br>
at: <a class="moz-txt-link-freetext" href="http://www.accessgrid.org/node/898">http://www.accessgrid.org/node/898</a><br>
which states that the following firewall rules are required:<br>
<ul>
<li>Accept all traffic from localhost (Required for things like rat,
etc)</li>
<li>Accept all multicast traffic (224.0.0.0/4)</li>
<li>Accept all port 21 traffic (FTP)</li>
<li>Accept all port 22 traffic (SSH)</li>
<li>Accept all port 80 traffic (HTTP)</li>
<li>Accept all port 443 traffic (TLS/SSL)</li>
<li>Accept all port 631 traffic (IPP)</li>
<li>Accept all port 5353 traffic (Multicast DNS)</li>
<li>Accept icmp traffic (ping)</li>
<li>Accept traffic from ports 5900-5920 (Required for VenueVNC)</li>
<li>Accept traffic from ports 8000, 8002 and 8004 (Required for
Multicast Beacon)</li>
<li>Accept traffic from ports 10000, 10002 and 10004 (Required for
VenueServer)</li>
<li>Accept traffic from ports 11000, 11100 (Required for NodeService
Manager)</li>
<li>Accept traffic from ports 20000-20020 (Required for BridgeServer)</li>
</ul>
which is quite at variance with my list, even discounting the fact that
many of the above<br>
rules seem concerned not with AG but with standard services that might
be of interest<br>
at that site. This may reflect misunderstandings on the part of me,
the second source, or both.<br>
Anyone have suggestions as to how best to proceed?<br>
<br>
Thanks in advance for any helpful guidance.<br>
<br>
Thanks and Best Regards, Rick Rodgers<br>
<br>
</body>
</html>