[AG-TECH] Firewall Configuration document for the Access Grid

Ben Green ben.green at manchester.ac.uk
Thu May 7 11:08:12 CDT 2009

Hi Jason,

This looks quite useful.

However, I think it may over-complicate things for the average user.

Firstly, I don't think we need to spend too much time publicising how to run Toolkit servers when there are many potential VenueClient users out there who simply want to get their software running on their PC. If think anyone serious enough to consider running their own VenueServers will find the firewall the least of their worries ! We hear from many first time users who cannot get their VenueClient working due mainly to their institution's firewall and some give up in the end.

I've attached a couple of quick documents I've written up that I send out to our users (they cover IOCOM IG Client as well) to help them with the firewall.

However, the first only covers Windows users with a public IP address (a typical University user), so doesn't cover every type of situation. And I'm not 100% sure on the range of ports I've specified for the institution firewall - they certainly don't all match up with the document you have written.

I currently have 2 AG Toolkit users who are unable to get their firewalls working:

1) A MAC user.
2) Someone on a private network, i.e. a network using NAT.

I'm trying to get them both an answer, but I've not used a MAC before, and don't know whether Toolkit traverse NAT networks.

Please can you help out with these two issues I've got ? Perhaps documentation exists already in a format that can be given to a new user.

The other thing I'm unsure of is the range of UDP bi-directional ports that require opening on the institution/gateway firewall (for unicast users). Your document (http://www.accessgrid.org/node/1816) to suggest a default range of 50,000 to 52,000. But I'm sure when we've installed BridgeServer our range is 10000 - 10999. This part is quite fundamental in terms of getting Toolkit to work via a firewall, and certainly essential information for any client who's network uses NAT.

Regards, Ben.


-----Original Message-----
From: ag-tech-bounces at lists.mcs.anl.gov [mailto:ag-tech-bounces at lists.mcs.anl.gov] On Behalf Of Jason Bell
Sent: 06 May 2009 07:40
To: accessgrid-l at lists.aarnet.edu.au; AG-TECH list; AG-Tech-NZ at googlegroups.com
Subject: [AG-TECH] Firewall Configuration document for the Access Grid

G'day All (sorry for any cross postings)

AS part of ARCS (with thanks to Tom Uram), we have been developing a "Firewall Configuration for the Access Grid" document which can be found on the Global Access Grid website at http://www.accessgrid.org/node/1816.

Given that networking (especially firewalls) is something that gets regularly asked about, it was thought that a document like the following would be useful.

I would be interested in receiving any feedback to assist in making this document as useful as possible.

Many thanks in advance,

Jason Bell, B.I.T. (Honours)

Research Systems Support Officer
Information Technology Division
CQ University Australia

Australian Research Collaboration Service http://www.arcs.org.au/

E-mail : j.bell at cqu.edu.au
         jason.bell at arcs.org.au
Work   : +61 7 4930 9229
Mobile : 0409 630897
Postal : Building 19
         Central Queensland University
         Bruce Highway
         Rockhampton, Queensland, Australia, 4702
Patience is a virtue.

But if I wanted Patience,
I would have become a Doctor.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: AccessGrid Node PC Firewall Configuration.pdf
Type: application/pdf
Size: 109550 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20090507/518e1d82/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Configuring the Institution Firewall for	AccessGrid traffic-V1.0.pdf
Type: application/pdf
Size: 78063 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20090507/518e1d82/attachment-0003.pdf>

More information about the ag-tech mailing list