You can use the environment variables GLOBUS_TCP_PORT_RANGE and GLOBUS_TCP_SOURCE_RANGE (http://globus.org/toolkit/docs/5.0/5.0.4/data/gridftp/admin/#gridftp-config-security-firewalls). By default for GridFTP server and client Linux kernel opens ephemeral ports. A range of these ports is defined in /proc/sys/net/ipv4/ip_local_port_range.
However, to investigate your firewall issue you do not need to use above environment variables. Lukasz On 5/25/11 3:57 AM, 盧馥君 wrote: > Hello Lukasz, > > I use globus-url-copy again, but each time executed has a different > number. > How do I set the value? Setting fixed or a range port? Please give me some > advice~Thanks > The info : > debug: sending command to gsiftp://dl3601/tmp/test04: > PORT 192,168,1,119,154,40 > > 2011/5/24 Lukasz Lacinski <[email protected] > <mailto:[email protected]>> > > Hi Nicole, > > Debug info shows that globus-url-copy communicates with a GridFTP > server on control channel, opens and listens locally > (192.168.1.119) port 57333 and waits for a data connection from > the GridFTP server. I suspect that there is a firewall somewhere > between globus-url-copy and the GridFTP server blocking TCP > connection needed to open data channel. You can use: > > # netstat -atnp > > to see open TCP ports and established TCP connections. > > If it does not help you can use 'tcpdump' or more friendly > 'wireshark' to capture packets sent between client and server > machines and investigate if any of those packets were dropped > between those two machines. > > Regards, > Lukasz > > On 5/24/11 8:36 AM, Nicole wrote: > > Hello , > > I have a question of globus-url-copy, I use two PC, create CA > server and client > i can use client send to server, but when server send to > client ,it waited 10 > minutes but nothing happened. Please give me some > advice..thank you. > > This is my debug info: > > debug: sending command to gsiftp://client/tmp/testp: > TYPE I > debug: response from gsiftp://client/tmp/testp: > 200 Type set to I. > debug: sending command to gsiftp://client/tmp/testp: > MODE E > debug: response from gsiftp://client/tmp/testp: > 200 Mode set to E. > debug: sending command to gsiftp://client/tmp/testp: > PBSZ 1048576 > debug: response from gsiftp://client/tmp/testp: > 200 PBSZ=1048576 > debug: sending command to gsiftp://client/tmp/testp: > PASV > debug: response from gsiftp://client/tmp/testp: > 227 Entering Passive Mode (192,168,1,119,225,133) > debug: sending command to gsiftp://client/tmp/testp: > ALLO 5 > debug: response from gsiftp://client/tmp/testp: > 200 ALLO command successful. > debug: sending command to gsiftp://client/tmp/testp: > STOR /tmp/testp > debug: sending command to gsiftp://server/home/select/test: > MODE E > debug: response from gsiftp://server/home/select/test: > 200 Mode set to E. > debug: sending command to gsiftp://server/home/select/test: > PBSZ 1048576 > debug: response from gsiftp://server/home/select/test: > 200 PBSZ=1048576 > debug: sending command to gsiftp://server/home/select/test: > PORT 192,168,1,119,225,133 > debug: response from gsiftp://server/home/select/test: > 200 PORT Command successful. > debug: sending command to gsiftp://server/home/select/test: > RETR /home/select/test > > > > > > > > -- > Sincerely, > > 高雄應用科技大學 碩電二甲 盧馥君
