Hi Wei, you mean forcing client to use SOCKS4 by setting an envvar? Sure why not? I will add it to my TODO, but I cannot promise to do it fast. Cheers, Lukasz On 02.07.2013 22:13, Yang, Wei wrote: > Hi Lukasz, > > What about the suggestion of xrootd_proxy environment? Does it make things easier for clients that are behind firewall with no outbound TCP? It is rare but does exist (e.g. SLAC). > > regards, > Wei Yang | [log in to unmask] | 1-650-926-3338 > > > > > On Jul 2, 2013, at 2:30 AM, Lukasz Janyst <[log in to unmask]> wrote: > >> Hi Victor, >> >> yes. However, this currently works only for the old client, which >> should be good enough for the current production code. Since there are >> some use cases, I will add support for it in the new one as well in one >> of the next releases. >> >> Cheers, >> Lukasz >> >> On 27.06.2013 21:19, Victor Kotlyar wrote: >>> Hi all >>> I've found something about SOCKS4 proxy is it still supported? >>> {{{ >>> >>> TString >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTString.html> >>> socks4Host =gEnv >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Host",""); >>> >>> Int_t >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2Rtypes_8h.html#3885b911a54b47a4e61671f45dd45d0b> >>> socks4Port =gEnv >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue >>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Port",-1); >>> >>> >>> }}} >>> >>> So If we define two variables and install SOCKS4 proxy server will it >>> forward all traffic through that server? >>> Sorry about silly questions but there is not too much fresh >>> documentation about such setups. >>> >>> Regards, >>> Victor >>> >>> >>> 27.06.2013 10:27, Yang, Wei : >>>> Hi Victor, >>>> >>>> Indeed I also think this is an interesting and useful ideal, and it is >>>> likely easy to do. Something for Lukasz to think of … >>>> >>>> In your case, you probably can use the following example in >>>> /etc/sysconfig/iptables on batch nodes >>>> >>>> *nat >>>> :PREROUTING ACCEPT [0:0] >>>> :OUTPUT ACCEPT [0:0] >>>> :POSTROUTING ACCEPT [0:0] >>>> # Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected >>>> to 134.79.198.159:5010 >>>> -A PREROUTING -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT >>>> --to-destination 134.79.198.159:5010 >>>> -A OUTPUT -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT >>>> --to-destination 134.79.198.159:5010 >>>> -A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT >>>> --to-source 192.12.15.102:5010 >>>> >>>> >>>> Wei Yang | [log in to unmask] | 650-926-3338(O) >>>> >>>> >>>> >>>> On Jun 26, 2013, at 10:10 PM, Victor Kotlyar<[log in to unmask]> >>>> wrote: >>>> >>>>> Hi Wei >>>>> >>>>> on 26.06.2013 23:18, Yang, Wei wrote: >>>>>> Hi Victor, >>>>>> >>>>>> Try to understand your question: is this about something like >>>>>> root_proxy variable? Since you have done a proxy setup so I suppose >>>>>> your question is not about if and how for setting up a proxy. I >>>>>> don't think we currently have this. But I think you can request such >>>>>> a feature to be implemented. In the mean time, I am doing similar >>>>>> things at SLAC by manipulating the NAT table in iptables (modify TCP >>>>>> head so that traffic to host A is sent to host B, etc.) >>>>> Yes it is like a root_proxy variable. >>>>> I do not know if it will be widely used but maybe idea is interesting. >>>>> When everybody and everywhere in HEP switched to root it might be >>>>> useful. >>>>> >>>>> >>>>> In our case: >>>>> we have WN's after GW (NAT) in our network and a server outside our >>>>> network. We would like to reroute all xroot\root traffic to our WNs GW >>>>> through that particular server. >>>>> >>>>> If you have similar setup could you please describe it a little bit. >>>>> >>>>> Best regards, >>>>> Victor Kotlyar >>>>> >>>>>> regards, >>>>>> Wei Yang | [log in to unmask] | 1-650-926-3338 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Jun 26, 2013, at 11:43 AM, Victor >>>>>> Kotlyar<[log in to unmask]> wrote: >>>>>> >>>>>>> Dear xrootd experts. >>>>>>> >>>>>>> Since 6th of June we have problems with connection to outside >>>>>>> Russia for >>>>>>> our institute. >>>>>>> We investigate any possibility to use another Institutes for rerouting >>>>>>> our Grid traffic. >>>>>>> >>>>>>> So I have a very simple question: is it possible to create a proxy >>>>>>> server for xroot? >>>>>>> >>>>>>> For example we use http_proxy environment variable to redirect all >>>>>>> http >>>>>>> traffic through http proxy server on WorkingNodes. >>>>>>> >>>>>>> On our Grid site Alice experiment initiates many connections on >>>>>>> 1095tcp >>>>>>> port to outside storage servers and it would be very usefull just >>>>>>> to set >>>>>>> xroot_proxy environment variable and install xrootd in proxy mode on >>>>>>> other site. >>>>>>> >>>>>>> I guess that it is not so simple. Could you please make any >>>>>>> recomendations what is possible to try in our case? >>>>>>> >>>>>>> Many thanks >>>>>>> Best regards, >>>>>>> Victor Kotlyar >>>>>>> >>>>>>> ######################################################################## >>>>>>> >>>>>>> Use REPLY-ALL to reply to list >>>>>>> >>>>>>> To unsubscribe from the XROOTD-L list, click the following link: >>>>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >>>> ######################################################################## >>>> Use REPLY-ALL to reply to list >>>> >>>> To unsubscribe from the XROOTD-L list, click the following link: >>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >>> >>> ######################################################################## >>> Use REPLY-ALL to reply to list >>> >>> To unsubscribe from the XROOTD-L list, click the following link: >>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >> > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1