[Swift-user] using swift in an IP-impoverished environment

Andriy Fedorov fedorov at cs.wm.edu
Fri Feb 20 12:32:35 CST 2009

> On Fri, 2009-02-20 at 15:59 +0000, Ben Clifford wrote:
>> > 2. Run behind NAT/Firewall. I found a document describing client-side
>> > reqs for this kind of situation here
>> > (http://dev.globus.org/wiki/FirewallHowTo section called "Network
>> > Address Translation (NAT)").
>> > Does anyone have experience in running swift in this mode?
>> I've never run it from behind a NAT.
> I do that fairly often.
> It involves forwarding a range of ports (a hundred of them or more) to
> your "submit" machine, setting GLOBUS_TCP_PORT_RANGE to that range and
> making sure that GLOBUS_HOSTNAME has your external IP address.


I am not familiar at all with NAT, but I have a similar configuration
of the network, with all organization hosts behind the firewall, and
with no control over firewall configuration. I thought it is not
possible to run swift client with full functionality supported in such
an environment. In my organization, in order to log to a host from
outside, I need to first ge authenticated with the gatekeeper host,
which will next allow me to log on an intranet host.

It seems to me unlikely that it is possible to configure a host behind
a firewall in such a way that allows direct connection to that host
avoiding the firewall. Seems like a security breach... Unless NAT has
to be configured on the firewall host, which is not an option for me.

If I was wrong, could you give some more details on how something like
this can be configured with NAT or anything else?


Andriy Fedorov

More information about the Swift-user mailing list