Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Help to debug non-working perfsonar boxen

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Help to debug non-working perfsonar boxen


Chronological Thread 
  • From: Jason Zurawski <>
  • To:
  • Cc:
  • Subject: Re: [perfsonar-user] Help to debug non-working perfsonar boxen
  • Date: Wed, 17 Dec 2014 08:23:41 -0500

Hi Winnie;

On the matter of not being able to telnet to 4823 (or 861, or any of the
control ports for the tools), that would point to something either on the
host or in front of it that would be blocking ports. You can double check by
restarting the daemon (e.g. sudo /etc/init.d/bwctld restart) and perhaps
dropping the iptables and ip6tables rules (sudo /etc/init.d/iptables stop,
sudo /etc/init.d/ip6tables stop) temporarily.

Hope this helps;

-jason

On Dec 16, 2014, at 10:43 AM, Winnie Lacesso
<>
wrote:

> Good afternoon!
>
> THANKS so much for the responses.
>
> It's perfsonar v4.3
>
>> Next question - if the site is firewall'd, the nodes will need holes
>> punched for their functions. We have a list of ports here (see "Using
>
> The hosts are not firewalled above 1024 & should have 861 open in
> institute firewall (will check that) & 80/443 to certain IP ranges only:
>
> root@lcgnetmon>
> iptables -nL | egrep "861"
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW,ESTABLISHED tcp dpt:861
> root@lcgnetmon>
> iptables -nL | egrep "80|443"
> ACCEPT tcp -- 163.1.136.8 0.0.0.0/0 multiport
> ports 80,443
> ACCEPT tcp -- 192.41.231.110 0.0.0.0/0 multiport
> ports 80,443
> ACCEPT tcp -- 188.184.0.0/15 0.0.0.0/0 multiport
> ports 80,443
> ACCEPT tcp -- 128.142.0.0/16 0.0.0.0/0 multiport
> ports 80,443
> ACCEPT tcp -- 137.138.0.0/17 0.0.0.0/0 multiport
> ports 80,443
> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
> ports 80,443
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW,ESTABLISHED tcp dpt:8000
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW,ESTABLISHED tcp dpts:8001:8020
>
> From outside should one be able to telnet lcgnetmon.phy.bris.ac.uk 4823
> for instance & expect something to be listening there? Because that fails
> with "No route to host". From 163.1 (Oxford) I can telnet to 80 & 443 to
> confirm access, but not to port 4823, 8090, etc, nor to 861; so much check
> that.
>
>> Your site is registered and the "auto-mesh" URL works (try opening
>> https://myosg.grid.iu.edu/pfmesh/mine/hostname/lcgnetmon.phy.bris.ac.uk
>
> Confirmed, that works!
>
>> The problem you are seeing is an issue with IPv6 access to the
>> mesh-configuration information. The perl client is not doing the right
>> thing and we have an issue open on this at
>> https://code.google.com/p/perfsonar-ps/issues/detail?id=1013
>
> Understood.
>
>> Winnie, can you try this from your perfSONAR host:
>> dig AAAA myosg.grid.iu.edu
>> And let me know what it returns?
>
> root@lcgnetmon>
> dig AAAA myosg.grid.iu.edu
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> AAAA
> myosg.grid.iu.edu
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10309
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;myosg.grid.iu.edu. IN AAAA
>
> ;; ANSWER SECTION:
> myosg.grid.iu.edu. 3600 IN CNAME vip-myosg.grid.iu.edu.
>
> ;; AUTHORITY SECTION:
> iu.edu. 300 IN SOA dns1.iu.edu.
> dns-admin.indiana.edu. 2002074321 7200 3600 3600000 300
>
> ;; Query time: 287 msec
> ;; SERVER: 137.222.10.36#53(137.222.10.36)
> ;; WHEN: Tue Dec 16 15:15:52 2014
> ;; MSG SIZE rcvd: 118
>
> So the expired certificate is of no import apparently.
>
> THANK YOU immensely for your help!



Archive powered by MHonArc 2.6.16.

Top of Page