perfSONAR User Q&A and Other Discussion

[Jason Zurawski <>]

Hi Winnie;

On the matter of not being able to telnet to 4823 (or 861, or any of the 
control ports for the tools), that would point to something either on the 
host or in front of it that would be blocking ports.  You can double check by 
restarting the daemon (e.g. sudo /etc/init.d/bwctld restart) and perhaps 
dropping the iptables and ip6tables rules (sudo /etc/init.d/iptables stop, 
sudo /etc/init.d/ip6tables stop) temporarily.  

Hope this helps;

-jason

On Dec 16, 2014, at 10:43 AM, Winnie Lacesso 
<>
 wrote:

> Good afternoon!
> 
> THANKS so much for the responses.
> 
> It's perfsonar v4.3
> 
>> Next question - if the site is firewall'd, the nodes will need holes 
>> punched for their functions. We have a list of ports here (see "Using 
> 
> The hosts are not firewalled above 1024 & should have 861 open in 
> institute firewall (will check that) & 80/443 to certain IP ranges only: 
> 
> root@lcgnetmon>
>  iptables -nL | egrep "861"
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state 
> NEW,ESTABLISHED tcp dpt:861 
> root@lcgnetmon>
>  iptables -nL | egrep "80|443"
> ACCEPT     tcp  --  163.1.136.8          0.0.0.0/0           multiport 
> ports 80,443 
> ACCEPT     tcp  --  192.41.231.110       0.0.0.0/0           multiport 
> ports 80,443
> ACCEPT     tcp  --  188.184.0.0/15       0.0.0.0/0           multiport 
> ports 80,443
> ACCEPT     tcp  --  128.142.0.0/16       0.0.0.0/0           multiport 
> ports 80,443
> ACCEPT     tcp  --  137.138.0.0/17       0.0.0.0/0           multiport 
> ports 80,443
> DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport 
> ports 80,443 
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state 
> NEW,ESTABLISHED tcp dpt:8000 
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state 
> NEW,ESTABLISHED tcp dpts:8001:8020 
> 
> From outside should one be able to telnet lcgnetmon.phy.bris.ac.uk 4823 
> for instance & expect something to be listening there? Because that fails 
> with "No route to host". From 163.1 (Oxford) I can telnet to 80 & 443 to 
> confirm access, but not to port 4823, 8090, etc, nor to 861; so much check 
> that. 
> 
>> Your site is registered and the "auto-mesh" URL works (try opening 
>> https://myosg.grid.iu.edu/pfmesh/mine/hostname/lcgnetmon.phy.bris.ac.uk 
> 
> Confirmed, that works!
> 
>> The problem you are seeing is an issue with IPv6 access to the
>> mesh-configuration information. The perl client is not doing the right 
>> thing and we have an issue open on this at
>> https://code.google.com/p/perfsonar-ps/issues/detail?id=1013
> 
> Understood.
> 
>> Winnie, can you try this from your perfSONAR host:
>> dig AAAA myosg.grid.iu.edu
>> And let me know what it returns?
> 
> root@lcgnetmon>
>  dig AAAA myosg.grid.iu.edu
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> AAAA 
> myosg.grid.iu.edu
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10309
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;myosg.grid.iu.edu.             IN      AAAA
> 
> ;; ANSWER SECTION:
> myosg.grid.iu.edu.      3600    IN      CNAME   vip-myosg.grid.iu.edu.
> 
> ;; AUTHORITY SECTION:
> iu.edu.                 300     IN      SOA     dns1.iu.edu. 
> dns-admin.indiana.edu. 2002074321 7200 3600 3600000 300
> 
> ;; Query time: 287 msec
> ;; SERVER: 137.222.10.36#53(137.222.10.36)
> ;; WHEN: Tue Dec 16 15:15:52 2014
> ;; MSG SIZE  rcvd: 118
> 
> So the expired certificate is of no import apparently. 
> 
> THANK YOU immensely for your help!