Re: [gt-user] gsiftp problem
GridFTP, like any FTP, is a two channel protocol. 2811 is for control
channel connection. You also need to open ports for data channel. You can
restrict the port range for the data channel using the environment
variable GLOBUS_TCP_PORT_RANGE. More information about this is available
at
http://www.globus.org/toolkit/docs/4.0/data/gridftp/admin-index.html#id2536766
Raj
On Fri, 26 Sep 2008, Yoichi Takayama wrote:
Hi
http://www.globus.org/toolkit/docs/4.2/4.2.0/admin/quickstart/index.html
While trying to install the 2nd Globus, the GridFTP test tries to copy a file
between two hosts. This fails.
$ globus-url-copy gsiftp://grid1.ramscommunity.org/etc/group
gsiftp://grid2.ramscommunity.org/tmp/from-grid1
error: globus_ftp_client: the server responded with an error
500 500-Command failed. : callback failed.
500-globus_xio: Unable to connect to 137.111.246.176:42777
500-globus_xio: System error in connect: No route to host
500-globus_xio: A system call failed: No route to host
500 End.
Obviously the port 42777 is not open because it is behind a Firewall.
The GridFTP is defined as gsiftp with /etc/xinetd.d/gridftp as:
service gsiftp
{
instances = 100
socket_type = stream
wait= no
user= root
env += GLOBUS_LOCATION=/sandbox/globus/globus-4.2.0
env += LD_LIBRARY_PATH=/sandbox/globus/globus-4.2.0/lib
server =
/sandbox/globus/globus-4.2.0/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
Also:
# cat /etc/services | grep gsiftp
gsiftp 2811/tcp# GSI FTP
gsiftp 2811/udp# GSI FTP
Although the port 2811/tcp and 2811/udp have been opened, this does not help
since the globus-url-copy gsiftp still wants to use some random ports other
than 2811. The command copies files OK if the iptables are switched off. so,
it is obviously the port number problem.
Is there any other place where the setting should be placed to restrict what
port the gsiftp should be using?
Thanks,
Yoichi
--
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--
MACQUARIE UNIVERSITY: CRICOS Provider No 2J
This message is intended for the addressee named and may contain confidential
information. If you are not the intended recipient, please delete it and
notify the sender. Views expressed in this message are those of the
individual sender, and are not necessarily the views of Macquarie E-Learning
Centre Of Excellence (MELCOE) or Macquarie University.
Re: [gt-user] gsiftp problem
Thanks!
The Quick Start guide does not say anything about ports and firewall,
but I am a bit embarrassed to learn that it is well documented in a
longer admin manual. Although probably I ought to have read it and
also Globus has good manuals, many of us wish not to have to read
lengthy manuals but to have concise instructions.
Perhaps there should be a very brief mention of firewall how to
restrict the ports in the Quick Start as well, because hardly any
system comes without firewall settings???
Cheers,
Yoichi
--
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--
MACQUARIE UNIVERSITY: CRICOS Provider No 2J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not necessarily
the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or
Macquarie University.
On 26/09/2008, at 1:08 AM, Raj Kettimuthu wrote:
GridFTP, like any FTP, is a two channel protocol. 2811 is for
control channel connection. You also need to open ports for data
channel. You can restrict the port range for the data channel using
the environment variable GLOBUS_TCP_PORT_RANGE. More information
about this is available at http://www.globus.org/toolkit/docs/4.0/data/gridftp/admin-index.html#id2536766
Raj
On Fri, 26 Sep 2008, Yoichi Takayama wrote:
Hi
http://www.globus.org/toolkit/docs/4.2/4.2.0/admin/quickstart/index.html
While trying to install the 2nd Globus, the GridFTP test tries to
copy a file between two hosts. This fails.
$ globus-url-copy gsiftp://grid1.ramscommunity.org/etc/group
gsiftp://grid2.ramscommunity.org/tmp/from-grid1
error: globus_ftp_client: the server responded with an error
500 500-Command failed. : callback failed.
500-globus_xio: Unable to connect to 137.111.246.176:42777
500-globus_xio: System error in connect: No route to host
500-globus_xio: A system call failed: No route to host
500 End.
Obviously the port 42777 is not open because it is behind a Firewall.
The GridFTP is defined as gsiftp with /etc/xinetd.d/gridftp as:
service gsiftp
{
instances = 100
socket_type = stream
wait= no
user= root
env += GLOBUS_LOCATION=/sandbox/globus/
globus-4.2.0
env += LD_LIBRARY_PATH=/sandbox/globus/
globus-4.2.0/lib
server = /sandbox/globus/globus-4.2.0/sbin/globus-
gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
Also:
# cat /etc/services | grep gsiftp
gsiftp 2811/tcp# GSI FTP
gsiftp 2811/udp# GSI FTP
Although the port 2811/tcp and 2811/udp have been opened, this does
not help since the globus-url-copy gsiftp still wants to use some
random ports other than 2811. The command copies files OK if the
iptables are switched off. so, it is obviously the port number
problem.
Is there any other place where the setting should be placed to
restrict what port the gsiftp should be using?
Thanks,
Yoichi
--
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--
MACQUARIE UNIVERSITY: CRICOS Provider No 2J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not necessarily
the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or
Macquarie University.
smime.p7s
Description: S/MIME cryptographic signature
Re: [gt-user] gsiftp problem
That's a good idea. I'll add a link to http://dev.globus.org/wiki/FirewallHowTo
from the quickstart.
Charles
On Sep 25, 2008, at 10:24 AM, Yoichi Takayama wrote:
Thanks!
The Quick Start guide does not say anything about ports and
firewall, but I am a bit embarrassed to learn that it is well
documented in a longer admin manual. Although probably I ought to
have read it and also Globus has good manuals, many of us wish not
to have to read lengthy manuals but to have concise instructions.
Perhaps there should be a very brief mention of firewall how to
restrict the ports in the Quick Start as well, because hardly any
system comes without firewall settings???
Cheers,
Yoichi
--
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--
MACQUARIE UNIVERSITY: CRICOS Provider No 2J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not necessarily
the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or
Macquarie University.
On 26/09/2008, at 1:08 AM, Raj Kettimuthu wrote:
GridFTP, like any FTP, is a two channel protocol. 2811 is for
control channel connection. You also need to open ports for data
channel. You can restrict the port range for the data channel using
the environment variable GLOBUS_TCP_PORT_RANGE. More information
about this is available at http://www.globus.org/toolkit/docs/4.0/data/gridftp/admin-index.html#id2536766
Raj
On Fri, 26 Sep 2008, Yoichi Takayama wrote:
Hi
http://www.globus.org/toolkit/docs/4.2/4.2.0/admin/quickstart/index.html
While trying to install the 2nd Globus, the GridFTP test tries to
copy a file between two hosts. This fails.
$ globus-url-copy gsiftp://grid1.ramscommunity.org/etc/group
gsiftp://grid2.ramscommunity.org/tmp/from-grid1
error: globus_ftp_client: the server responded with an error
500 500-Command failed. : callback failed.
500-globus_xio: Unable to connect to 137.111.246.176:42777
500-globus_xio: System error in connect: No route to host
500-globus_xio: A system call failed: No route to host
500 End.
Obviously the port 42777 is not open because it is behind a
Firewall.
The GridFTP is defined as gsiftp with /etc/xinetd.d/gridftp as:
service gsiftp
{
instances = 100
socket_type = stream
wait= no
user= root
env += GLOBUS_LOCATION=/sandbox/globus/
globus-4.2.0
env += LD_LIBRARY_PATH=/sandbox/globus/
globus-4.2.0/lib
server = /sandbox/globus/globus-4.2.0/sbin/globus-
gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
Also:
# cat /etc/services | grep gsiftp
gsiftp 2811/tcp# GSI FTP
gsiftp 2811/udp# GSI FTP
Although the port 2811/tcp and 2811/udp have been opened, this
does not help since the globus-url-copy gsiftp still wants to use
some random ports other than 2811. The command copies files OK if
the iptables are switched off. so, it is obviously the port number
problem.
Is there any other place where the setting should be placed to
restrict what port the gsiftp should be using?
Thanks,
Yoichi
--
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--
MACQUARIE UNIVERSITY: CRICOS Provider No 2J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient,
please delete it and notify the sender. Views expressed in this
message are those of the individual sender, and are not
necessarily the views of Macquarie E-Learning Centre Of Excellence
(MELCOE) or Macquarie University.
