PRIVATE_NETWORK_INTERFACE = eth0 TCP_FORWARDING_HOST = 10.0.0.1 {endcode} -In these configuration settings, the port 9617 was chosen out of a hat; there is no reason it cannot be any port on the system. 9618 is often chosen; it is the well-known port of the HTCondor collector. In our setup, we are not assuming that there is a collector in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; but you may well want to avoid 9618 if you have an internal collector. Note that the =TCP_FORWARDING_HOST= must match the external address of the collector. +In these configuration settings, the choice of port 9617 is random; it may be any port on the system. 9618 is often chosen; it is the well-known port of the condor_collector daemon. In this example, there is no condor_collector daemon in the 192.168.0.0/24 network that will be contacted from outside 192.168.0.0/24, so 9618 is also a valid port number; avoid port 9618 if you have an internal condor_collector daemon. Note that the configuration variable =TCP_FORWARDING_HOST= must match the external address of the condor_collector daemon. -On the execute node E, we have similar configuration changes, except for the shared port: +On the execute node E, there are similar configuration changes, except for the shared port: {code} USE_SHARED_PORT = True SHARED_PORT_ARGS = -p 9616 @@ -33,9 +33,9 @@ PRIVATE_NETWORK_INTERFACE = eth0 TCP_FORWARDING_HOST = 10.0.0.1 {endcode} -The use of =PRIVATE_NETWORK_NAME= on S and E allow them to communicate _directly_ without going through the firewall F. The port choice of 9616 is arbitrary. +The use of configuration variable =PRIVATE_NETWORK_NAME= on S and E allow them to communicate _directly, without going through the firewall F. The port choice of 9616 is arbitrary. -Now, on the firewall F, we run the following commands to redirect connections from the Internet to ports 9617 and 9616 on F to the corresponding ports on S and E: +On firewall F, run the following commands to redirect connections from the Internet to ports 9617 and 9616 on F and to the corresponding ports on S and E: {code} iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9617 -j DNAT --to-destination 192.168.0.1 iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9616 -j DNAT --to-destination 192.168.0.2