perfsonar-user - Re: [perfsonar-user] Help to debug non-working perfsonar boxen
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Winnie Lacesso <>
- To: Jason Zurawski <>
- Cc:
- Subject: Re: [perfsonar-user] Help to debug non-working perfsonar boxen
- Date: Tue, 16 Dec 2014 15:43:18 +0000 (GMT)
Good afternoon!
THANKS so much for the responses.
It's perfsonar v4.3
> Next question - if the site is firewall'd, the nodes will need holes
> punched for their functions. We have a list of ports here (see "Using
The hosts are not firewalled above 1024 & should have 861 open in
institute firewall (will check that) & 80/443 to certain IP ranges only:
root@lcgnetmon>
iptables -nL | egrep "861"
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:861
root@lcgnetmon>
iptables -nL | egrep "80|443"
ACCEPT tcp -- 163.1.136.8 0.0.0.0/0 multiport ports
80,443
ACCEPT tcp -- 192.41.231.110 0.0.0.0/0 multiport ports
80,443
ACCEPT tcp -- 188.184.0.0/15 0.0.0.0/0 multiport ports
80,443
ACCEPT tcp -- 128.142.0.0/16 0.0.0.0/0 multiport ports
80,443
ACCEPT tcp -- 137.138.0.0/17 0.0.0.0/0 multiport ports
80,443
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports
80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:8000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpts:8001:8020
From outside should one be able to telnet lcgnetmon.phy.bris.ac.uk 4823
for instance & expect something to be listening there? Because that fails
with "No route to host". From 163.1 (Oxford) I can telnet to 80 & 443 to
confirm access, but not to port 4823, 8090, etc, nor to 861; so much check
that.
> Your site is registered and the "auto-mesh" URL works (try opening
> https://myosg.grid.iu.edu/pfmesh/mine/hostname/lcgnetmon.phy.bris.ac.uk
Confirmed, that works!
> The problem you are seeing is an issue with IPv6 access to the
> mesh-configuration information. The perl client is not doing the right
> thing and we have an issue open on this at
> https://code.google.com/p/perfsonar-ps/issues/detail?id=1013
Understood.
> Winnie, can you try this from your perfSONAR host:
> dig AAAA myosg.grid.iu.edu
> And let me know what it returns?
root@lcgnetmon>
dig AAAA myosg.grid.iu.edu
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> AAAA myosg.grid.iu.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10309
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;myosg.grid.iu.edu. IN AAAA
;; ANSWER SECTION:
myosg.grid.iu.edu. 3600 IN CNAME vip-myosg.grid.iu.edu.
;; AUTHORITY SECTION:
iu.edu. 300 IN SOA dns1.iu.edu.
dns-admin.indiana.edu. 2002074321 7200 3600 3600000 300
;; Query time: 287 msec
;; SERVER: 137.222.10.36#53(137.222.10.36)
;; WHEN: Tue Dec 16 15:15:52 2014
;; MSG SIZE rcvd: 118
So the expired certificate is of no import apparently.
THANK YOU immensely for your help!
- [perfsonar-user] Help to debug non-working perfsonar boxen, Winnie Lacesso, 12/15/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Jason Zurawski, 12/15/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Winnie Lacesso, 12/16/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Jason Zurawski, 12/17/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Winnie Lacesso, 12/17/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Winnie Lacesso, 12/19/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Szymon Trocha, 12/19/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Jason Zurawski, 12/17/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Winnie Lacesso, 12/16/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Shawn McKee, 12/15/2014
- Re: [perfsonar-user] Help to debug non-working perfsonar boxen, Jason Zurawski, 12/15/2014
Archive powered by MHonArc 2.6.16.