Hi Lukasz, What about the suggestion of xrootd_proxy environment? Does it make things easier for clients that are behind firewall with no outbound TCP? It is rare but does exist (e.g. SLAC). regards, Wei Yang | [log in to unmask] | 1-650-926-3338 On Jul 2, 2013, at 2:30 AM, Lukasz Janyst <[log in to unmask]> wrote: > Hi Victor, > > yes. However, this currently works only for the old client, which > should be good enough for the current production code. Since there are > some use cases, I will add support for it in the new one as well in one > of the next releases. > > Cheers, > Lukasz > > On 27.06.2013 21:19, Victor Kotlyar wrote: >> Hi all >> I've found something about SOCKS4 proxy is it still supported? >> {{{ >> >> TString >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTString.html> >> socks4Host =gEnv >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Host",""); >> >> Int_t >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2Rtypes_8h.html#3885b911a54b47a4e61671f45dd45d0b> >> socks4Port =gEnv >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue >> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Port",-1); >> >> >> }}} >> >> So If we define two variables and install SOCKS4 proxy server will it >> forward all traffic through that server? >> Sorry about silly questions but there is not too much fresh >> documentation about such setups. >> >> Regards, >> Victor >> >> >> 27.06.2013 10:27, Yang, Wei : >>> Hi Victor, >>> >>> Indeed I also think this is an interesting and useful ideal, and it is >>> likely easy to do. Something for Lukasz to think of … >>> >>> In your case, you probably can use the following example in >>> /etc/sysconfig/iptables on batch nodes >>> >>> *nat >>> :PREROUTING ACCEPT [0:0] >>> :OUTPUT ACCEPT [0:0] >>> :POSTROUTING ACCEPT [0:0] >>> # Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected >>> to 134.79.198.159:5010 >>> -A PREROUTING -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT >>> --to-destination 134.79.198.159:5010 >>> -A OUTPUT -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT >>> --to-destination 134.79.198.159:5010 >>> -A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT >>> --to-source 192.12.15.102:5010 >>> >>> >>> Wei Yang | [log in to unmask] | 650-926-3338(O) >>> >>> >>> >>> On Jun 26, 2013, at 10:10 PM, Victor Kotlyar<[log in to unmask]> >>> wrote: >>> >>>> Hi Wei >>>> >>>> on 26.06.2013 23:18, Yang, Wei wrote: >>>>> Hi Victor, >>>>> >>>>> Try to understand your question: is this about something like >>>>> root_proxy variable? Since you have done a proxy setup so I suppose >>>>> your question is not about if and how for setting up a proxy. I >>>>> don't think we currently have this. But I think you can request such >>>>> a feature to be implemented. In the mean time, I am doing similar >>>>> things at SLAC by manipulating the NAT table in iptables (modify TCP >>>>> head so that traffic to host A is sent to host B, etc.) >>>> Yes it is like a root_proxy variable. >>>> I do not know if it will be widely used but maybe idea is interesting. >>>> When everybody and everywhere in HEP switched to root it might be >>>> useful. >>>> >>>> >>>> In our case: >>>> we have WN's after GW (NAT) in our network and a server outside our >>>> network. We would like to reroute all xroot\root traffic to our WNs GW >>>> through that particular server. >>>> >>>> If you have similar setup could you please describe it a little bit. >>>> >>>> Best regards, >>>> Victor Kotlyar >>>> >>>>> regards, >>>>> Wei Yang | [log in to unmask] | 1-650-926-3338 >>>>> >>>>> >>>>> >>>>> >>>>> On Jun 26, 2013, at 11:43 AM, Victor >>>>> Kotlyar<[log in to unmask]> wrote: >>>>> >>>>>> Dear xrootd experts. >>>>>> >>>>>> Since 6th of June we have problems with connection to outside >>>>>> Russia for >>>>>> our institute. >>>>>> We investigate any possibility to use another Institutes for rerouting >>>>>> our Grid traffic. >>>>>> >>>>>> So I have a very simple question: is it possible to create a proxy >>>>>> server for xroot? >>>>>> >>>>>> For example we use http_proxy environment variable to redirect all >>>>>> http >>>>>> traffic through http proxy server on WorkingNodes. >>>>>> >>>>>> On our Grid site Alice experiment initiates many connections on >>>>>> 1095tcp >>>>>> port to outside storage servers and it would be very usefull just >>>>>> to set >>>>>> xroot_proxy environment variable and install xrootd in proxy mode on >>>>>> other site. >>>>>> >>>>>> I guess that it is not so simple. Could you please make any >>>>>> recomendations what is possible to try in our case? >>>>>> >>>>>> Many thanks >>>>>> Best regards, >>>>>> Victor Kotlyar >>>>>> >>>>>> ######################################################################## >>>>>> >>>>>> Use REPLY-ALL to reply to list >>>>>> >>>>>> To unsubscribe from the XROOTD-L list, click the following link: >>>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >>> ######################################################################## >>> Use REPLY-ALL to reply to list >>> >>> To unsubscribe from the XROOTD-L list, click the following link: >>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >> >> ######################################################################## >> Use REPLY-ALL to reply to list >> >> To unsubscribe from the XROOTD-L list, click the following link: >> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1