Yeah, that may be what I end up doing -- just forcing everyone to run their stuff from the gateway computer. Definitely not ideal, though.<br><br>In my specific application the amount of message passing is pretty minimal -- send a task to a computer, wait 10-15 minutes, get the results back. I think a single NAT could handle that.
<br><br>Thanks,<br>-Matt<br><br><br><div><span class="gmail_quote">On 4/20/07, <b class="gmail_sendername">Anthony Chan</b> <<a href="mailto:chan@mcs.anl.gov">chan@mcs.anl.gov</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>Wouldn't that be easier to use one (or couple) of the machines behind the<br>firewall as the frontend(s) of your cluster. Anyone who wants to run<br>spmd/MPI job will need to login to the frontend(s) and run from there ?
<br>I think there may be performance hit to have all messages route through<br>the NAT'ed machine (don't know how big though) even if what you are asking<br>can be done.<br><br>A.Chan<br><br>On Fri, 20 Apr 2007, Matt Valerio wrote:
<br><br>> Hi everyone,<br>><br>> Thanks for your responses. I think they've answered my question, and the<br>> answer is that what I want to do is not possible.<br>><br>> Yes, Matthew Chambers has it right.
<br>><br>> My current grid setup involves a number of computers (192.168.0.*), each<br>> running smpd on port 8676. I have one of those computers as the "gateway",<br>> that has 2 network cards, with one connected to the public network and one
<br>> connected to the private network. I want to give any computer in the public<br>> network access to the computers on the private network by opening up a range<br>> of ports on the gateway computer. This approach is exactly how I open up
<br>> Remote Desktop (RDP) currently.<br>><br>> So for example, I want to set up the forwarding as:<br>> gateway:10101 --> slave01:8676<br>> gateway:10102 --> slave02:8676<br>> gateway:10103 --> slave03:8676
<br>> etc.<br>><br>> As you've said, this approach is currently not possible -- the machine file<br>> doesn't allow it. For various reasons, I cannot put all of the computers on<br>> the private network onto the public network -- using NAT is my only option.
<br>><br>> Sorry for the confusion of firewall vs. NAT. The port forwarding rules are<br>> firewall exceptions in the control panel, so I get confused.<br>><br>> So.....does anyone know if there are plans to implement this kind of
<br>> fine-grained control over the network connections? I think it would greatly<br>> enhance the ways that MPICH2 clusters can be deployed.<br>><br>> Thanks for your help,<br>> -Matt<br>><br>><br>> On 4/20/07, Matthew Chambers <
<a href="mailto:matthew.chambers@vanderbilt.edu">matthew.chambers@vanderbilt.edu</a>> wrote:<br>> ><br>> > I don't understand how that could solve his problem. I think Matt<br>> > Valerio's initial description of the problem was misleading, though. It
<br>> > seems to me that he is not trying to connect through a simple firewall, he<br>> > is trying to connect through a NAT. It seems he wants to use port<br>> > forwarding set up on the NAT in way that will enable him, from a computer
<br>> > outside the NAT, to create a machine config file that connects to the same<br>> > host IP (e.g. the WAN IP of the NAT) with different ports, which will<br>> > logically connect to multiple machines inside of the NAT. However, as you
<br>> > say, that is not possible with the current SMPD machine config file. I do<br>> > think that is bad design on the part of the config file though. Would it be<br>> > very difficult to extend the config file to support specification of port as
<br>> > well as host/IP?<br>> ><br>> ><br>> > ------------------------------<br>> ><br>> > *From:* <a href="mailto:owner-mpich-discuss@mcs.anl.gov">owner-mpich-discuss@mcs.anl.gov</a>
[mailto:<a href="mailto:owner-">owner-</a><br>> > <a href="mailto:mpich-discuss@mcs.anl.gov">mpich-discuss@mcs.anl.gov</a>] *On Behalf Of *Jayesh Krishna<br>> > *Sent:* Friday, April 20, 2007 10:56 AM<br>> > *To:* 'Matt Valerio'
<br>> > *Cc:* <a href="mailto:mpich-discuss@mcs.anl.gov">mpich-discuss@mcs.anl.gov</a><br>> > *Subject:* RE: [MPICH] Re: Using MPICH2 on different ports<br>> ><br>> ><br>> ><br>> > Hi,<br>
> ><br>> > SMPD, by default, runs on the same port (8676) on all computers. However<br>> > you can specify the port that smpd needs to run using the "-port" option<br>> > while starting smpd (You can also ask smpd to run on any port assigned by OS
<br>> > using the "-anyport" option). The machine config file does not support<br>> > specifying port names along with the machine name & number of procs.<br>> ><br>> > Instead of mapping the port numbers to IP+port you could allow
<br>> > connections from a certain list of client machines/IPs to certain port (say<br>> > 8000) numbers on computer1/2/..<br>> ><br>> > Let us know if you require any further information.<br>> >
<br>> ><br>> ><br>> > Regards,<br>> ><br>> > Jayesh<br>> ><br>> ><br>> > ------------------------------<br>> ><br>> > *From:* <a href="mailto:owner-mpich-discuss@mcs.anl.gov">
owner-mpich-discuss@mcs.anl.gov</a> [mailto:<a href="mailto:owner-">owner-</a><br>> > <a href="mailto:mpich-discuss@mcs.anl.gov">mpich-discuss@mcs.anl.gov</a>] *On Behalf Of *Matt Valerio<br>> > *Sent:* Wednesday, April 18, 2007 11:04 AM
<br>> > *To:* <a href="mailto:mpich-discuss@mcs.anl.gov">mpich-discuss@mcs.anl.gov</a><br>> > *Subject:* [MPICH] Re: Using MPICH2 on different ports<br>> ><br>> > Ok, let me try to simplify the question.
<br>> ><br>> > Does smpd need to run on the same port on all computers?<br>> > Can I tell mpiexec that it needs to connect to all of the smpd computers<br>> > on different ports?<br>> ><br>> > I know that the machine config file can specify different computers, but
<br>> > the same port. I am just curious if the machine config file can specify<br>> > different computers as well as different ports.<br>> ><br>> > Any help would be greatly apppreciated. Thanks!
<br>> > -Matt<br>> ><br>> ><br>> > On 4/16/07, *Matt Valerio* <<a href="mailto:matt.valerio@gmail.com">matt.valerio@gmail.com</a> > wrote:<br>> ><br>> > Hello MPICH2 users,<br>> >
<br>> > I am wondering if there is a way to instruct mpiexec to use multiple<br>> > computers running smpd on different ports.<br>> ><br>> > For example, I have 10 computers behind a firewall. Each of those 10
<br>> > computers is running smpd on the same port (let's say 8000).<br>> > I want to put rules into a firewall computer that maps an<br>> > externally-available port to the specific computer<br>> >
<br>> > firewall:8001 ----(maps to)----------> computer1:8000<br>> > firewall:8002 ----(maps to)----------> computer2:8000<br>> > ...<br>> > firewall:8010 ----(maps to)----------> computer10:8000
<br>> ><br>> > Then in the machine configuration file, I need to be able to tell mpiexec<br>> > that it can use the same computer but different ports (8000-8010), like<br>> ><br>> > firewall:8001
<br>> > firewall:8002<br>> > ...<br>> > firewall:8010<br>> ><br>> > etc.<br>> ><br>> > Is this currently possible? I know the machine file format is wrong<br>> > because the number after the colon specifies the number of processes, not
<br>> > the port number.<br>> ><br>> > Does anyone have any ideas as to whether this kind of thing could work?<br>> > Is there a better way? Any help would be greatly appreciated.<br>> ><br>
> > Thanks!<br>> > -Matt<br>> ><br>> ><br>> ><br>> ><br>><br></blockquote></div><br>