Hi Wei,
you mean forcing client to use SOCKS4 by setting an envvar? Sure why
not? I will add it to my TODO, but I cannot promise to do it fast.
Cheers,
Lukasz
On 02.07.2013 22:13, Yang, Wei wrote:
> Hi Lukasz,
>
> What about the suggestion of xrootd_proxy environment? Does it make things easier for clients that are behind firewall with no outbound TCP? It is rare but does exist (e.g. SLAC).
>
> regards,
> Wei Yang | [log in to unmask] | 1-650-926-3338
>
>
>
>
> On Jul 2, 2013, at 2:30 AM, Lukasz Janyst <[log in to unmask]> wrote:
>
>> Hi Victor,
>>
>> yes. However, this currently works only for the old client, which
>> should be good enough for the current production code. Since there are
>> some use cases, I will add support for it in the new one as well in one
>> of the next releases.
>>
>> Cheers,
>> Lukasz
>>
>> On 27.06.2013 21:19, Victor Kotlyar wrote:
>>> Hi all
>>> I've found something about SOCKS4 proxy is it still supported?
>>> {{{
>>>
>>> TString
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTString.html>
>>> socks4Host =gEnv
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Host","");
>>>
>>> Int_t
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2Rtypes_8h.html#3885b911a54b47a4e61671f45dd45d0b>
>>> socks4Port =gEnv
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue
>>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Port",-1);
>>>
>>>
>>> }}}
>>>
>>> So If we define two variables and install SOCKS4 proxy server will it
>>> forward all traffic through that server?
>>> Sorry about silly questions but there is not too much fresh
>>> documentation about such setups.
>>>
>>> Regards,
>>> Victor
>>>
>>>
>>> 27.06.2013 10:27, Yang, Wei :
>>>> Hi Victor,
>>>>
>>>> Indeed I also think this is an interesting and useful ideal, and it is
>>>> likely easy to do. Something for Lukasz to think of …
>>>>
>>>> In your case, you probably can use the following example in
>>>> /etc/sysconfig/iptables on batch nodes
>>>>
>>>> *nat
>>>> :PREROUTING ACCEPT [0:0]
>>>> :OUTPUT ACCEPT [0:0]
>>>> :POSTROUTING ACCEPT [0:0]
>>>> # Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected
>>>> to 134.79.198.159:5010
>>>> -A PREROUTING -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT
>>>> --to-destination 134.79.198.159:5010
>>>> -A OUTPUT -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT
>>>> --to-destination 134.79.198.159:5010
>>>> -A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT
>>>> --to-source 192.12.15.102:5010
>>>>
>>>>
>>>> Wei Yang | [log in to unmask] | 650-926-3338(O)
>>>>
>>>>
>>>>
>>>> On Jun 26, 2013, at 10:10 PM, Victor Kotlyar<[log in to unmask]>
>>>> wrote:
>>>>
>>>>> Hi Wei
>>>>>
>>>>> on 26.06.2013 23:18, Yang, Wei wrote:
>>>>>> Hi Victor,
>>>>>>
>>>>>> Try to understand your question: is this about something like
>>>>>> root_proxy variable? Since you have done a proxy setup so I suppose
>>>>>> your question is not about if and how for setting up a proxy. I
>>>>>> don't think we currently have this. But I think you can request such
>>>>>> a feature to be implemented. In the mean time, I am doing similar
>>>>>> things at SLAC by manipulating the NAT table in iptables (modify TCP
>>>>>> head so that traffic to host A is sent to host B, etc.)
>>>>> Yes it is like a root_proxy variable.
>>>>> I do not know if it will be widely used but maybe idea is interesting.
>>>>> When everybody and everywhere in HEP switched to root it might be
>>>>> useful.
>>>>>
>>>>>
>>>>> In our case:
>>>>> we have WN's after GW (NAT) in our network and a server outside our
>>>>> network. We would like to reroute all xroot\root traffic to our WNs GW
>>>>> through that particular server.
>>>>>
>>>>> If you have similar setup could you please describe it a little bit.
>>>>>
>>>>> Best regards,
>>>>> Victor Kotlyar
>>>>>
>>>>>> regards,
>>>>>> Wei Yang | [log in to unmask] | 1-650-926-3338
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jun 26, 2013, at 11:43 AM, Victor
>>>>>> Kotlyar<[log in to unmask]> wrote:
>>>>>>
>>>>>>> Dear xrootd experts.
>>>>>>>
>>>>>>> Since 6th of June we have problems with connection to outside
>>>>>>> Russia for
>>>>>>> our institute.
>>>>>>> We investigate any possibility to use another Institutes for rerouting
>>>>>>> our Grid traffic.
>>>>>>>
>>>>>>> So I have a very simple question: is it possible to create a proxy
>>>>>>> server for xroot?
>>>>>>>
>>>>>>> For example we use http_proxy environment variable to redirect all
>>>>>>> http
>>>>>>> traffic through http proxy server on WorkingNodes.
>>>>>>>
>>>>>>> On our Grid site Alice experiment initiates many connections on
>>>>>>> 1095tcp
>>>>>>> port to outside storage servers and it would be very usefull just
>>>>>>> to set
>>>>>>> xroot_proxy environment variable and install xrootd in proxy mode on
>>>>>>> other site.
>>>>>>>
>>>>>>> I guess that it is not so simple. Could you please make any
>>>>>>> recomendations what is possible to try in our case?
>>>>>>>
>>>>>>> Many thanks
>>>>>>> Best regards,
>>>>>>> Victor Kotlyar
>>>>>>>
>>>>>>> ########################################################################
>>>>>>>
>>>>>>> Use REPLY-ALL to reply to list
>>>>>>>
>>>>>>> To unsubscribe from the XROOTD-L list, click the following link:
>>>>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>>> ########################################################################
>>>> Use REPLY-ALL to reply to list
>>>>
>>>> To unsubscribe from the XROOTD-L list, click the following link:
>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>>
>>> ########################################################################
>>> Use REPLY-ALL to reply to list
>>>
>>> To unsubscribe from the XROOTD-L list, click the following link:
>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>
>
> ########################################################################
> Use REPLY-ALL to reply to list
>
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
