help with vic firewall issue
Eric Olson
eolson at mcs.anl.gov
Mon Feb 16 11:56:36 CST 2004
There's been a firewall issue with vic that's been on ag-tech recently.
Basically, sockets' local ports (not normally important) need to be set
correctly to get through some firewalls when using unicast.
Here's a more complete description:
http://www-unix.mcs.anl.gov/web-mail-archive/lists/ag-tech/2004/01/msg00129.html
A patch was checked in (cvs: ag-media/net/net-ip.cpp) that fixed the
windows version (in my tests), but gives a "port in use" error in linux.
http://fl-cvs.mcs.anl.gov/viewcvs/viewcvs.cgi/ag-media/vic/net/net-ip.cpp.diff?r2=1.2&r1=1.1&diff_format=l
Setting the ports to be reuseable (SO_REUSEADDR) got rid of the error, but
didn't show me any streams in vic (and no firewall was in use).
Anyone have any suggestions to try?
If you want to reproduce the problem from mcs (outside argonne could be
blocked by other firewall issues):
Go to aps BM Beamline venue (url below), you will see a stream in
multicast, but not in unicast due to the firewall (unless you have the
windows patched vic).
https://bmc90.ser.aps.anl.gov:8000/Venues/000000f9613ebb60007f00000000000101e
Shortcuts for testing
APS BM Beamline venue bridge and multicast
./vic -K 7046b5a1 bmc90.ser.aps.anl.gov/9008
./vic -K 7046b5a1 -t 127 224.1.2.5/1234
I also have a local stream up for testing (although it's blue).
FL Hangount on ag2-test:8000 bridge and multicast:
./vic -K 4fc7b938 ag-tech.mcs.anl.gov/25000
./vic -K 4fc7b938 -t127 224.2.224.69/64020
https://ag-2.mcs.anl.gov:8000/Venues/000000f744de3387008c00dd000b004f3ea
Also, /usr/sbin/lsof -i will show what ports are being used on both sides
of socket connections. Here's sample output from the old vic using a
bridge; notice the ports on the fourth line do not match.
vic UDP eolson-laptop-34:32793->ag-tech.mcs.anl.gov:25000
vic UDP *:47000
vic UDP eolson-laptop-34:25000->ag-tech.mcs.anl.gov:*
vic UDP eolson-laptop-34:32794->ag-tech.mcs.anl.gov:25001
vic UDP eolson-laptop-34:25001->ag-tech.mcs.anl.gov:*
I'd welcome any suggestions or help.
Thanks,
Eric
More information about the ag-dev
mailing list