*:The execute machine with the condor_startd is installed on a machine named E with IP address 192.168.0.2. -*:The firewall has an external, Internet facing, IP address of 10.0.0.1, and an internal, local network facing, IP address of 192.168.0.250 on a machine named F. IP address 10.0.0.1 is actually not a routable address, but pretend that it is for the duration of this document. S and E are in the domain =mydomain.net=. +*:The firewall has an external, Internet facing, IP address of 10.0.0.1, and an internal, local network facing, IP address of 192.168.0.250 on a machine named F. IP address 10.0.0.1 is actually not a routable address, but pretend that it is for the duration of this document. +*:S and E are in the domain =mydomain.net=. -Then we will make the following changes to =condor_config.local= on S (the schedd). To find your HTCondor configuration files, the command =condor_config_val -dump= will be a big help, as the files are listed in the header of the output +Make changes to file =condor_config.local= on machine S. To find this configuration file, see the very beginning of the output generated by the command =condor_config_val -dump=. {code} USE_SHARED_PORT = True @@ -22,7 +23,7 @@ PRIVATE_NETWORK_INTERFACE = eth0 TCP_FORWARDING_HOST = 10.0.0.1 {endcode} -In the configuration settings above, the port 9617 was chosen out of a hat; there is no reason it cannot be any port on the system. 9618 is often chosen; it is the well-known port of the HTCondor collector. In our setup, we are not assuming that there is a collector in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; but you may well want to avoid 9618 if you have an internal collector. Note that the =TCP_FORWARDING_HOST= must match the external address of the collector. +In these configuration settings, the port 9617 was chosen out of a hat; there is no reason it cannot be any port on the system. 9618 is often chosen; it is the well-known port of the HTCondor collector. In our setup, we are not assuming that there is a collector in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; but you may well want to avoid 9618 if you have an internal collector. Note that the =TCP_FORWARDING_HOST= must match the external address of the collector. On the execute node E, we have similar configuration changes, except for the shared port: {code}