How To Mix Firewalls And Ht Condor

Not logged in

• Browse
• Help
• Home
• Login
• Reports
• Search
• Timeline
• Wiki

• Contents
• No-Diff
• Text

 PRIVATE_NETWORK_INTERFACE = eth0
 TCP_FORWARDING_HOST = 10.0.0.1
 {endcode}
-In these configuration settings, the port 9617 was chosen out of a hat; there is no reason it cannot be any port on the system.  9618 is often chosen; it is the well-known port of the HTCondor collector.  In our setup, we are not assuming that there is a collector in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; but you may well want to avoid 9618 if you have an internal collector.  Note that the =TCP_FORWARDING_HOST= must match the external address of the collector.
+In these configuration settings, the choice of port 9617 is random; it may be any port on the system.  9618 is often chosen; it is the well-known port of the condor_collector daemon.  In this example, there is no condor_collector daemon in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; avoid port 9618 if you have an internal condor_collector daemon.  Note that the configuration variable =TCP_FORWARDING_HOST= must match the external address of the condor_collector daemon.
 
-On the execute node E, we have similar configuration changes, except for the shared port:
+On the execute node E, there are similar configuration changes, except for the shared port:
 {code}
 USE_SHARED_PORT = True
 SHARED_PORT_ARGS = -p 9616
@@ -33,9 +33,9 @@
 PRIVATE_NETWORK_INTERFACE = eth0
 TCP_FORWARDING_HOST = 10.0.0.1
 {endcode}
-The use of =PRIVATE_NETWORK_NAME= on S and E allow them to communicate _directly_ without going through the firewall F. The port choice of 9616 is arbitrary.
+The use of configuration variable =PRIVATE_NETWORK_NAME= on S and E allow them to communicate _directly, without going through the firewall F. The port choice of 9616 is arbitrary.
 
-Now, on the firewall F, we run the following commands to redirect connections from the Internet to ports 9617 and 9616 on F to the corresponding ports on S and E:
+On firewall F, run the following commands to redirect connections from the Internet to ports 9617 and 9616 on F and to the corresponding ports on S and E:
 {code}
 iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9617 -j DNAT --to-destination 192.168.0.1
 iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9616 -j DNAT --to-destination 192.168.0.2

This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Site built using CVSTrac.