Hi Lukasz,
What about the suggestion of xrootd_proxy environment? Does it make things easier for clients that are behind firewall with no outbound TCP? It is rare but does exist (e.g. SLAC).
regards,
Wei Yang | [log in to unmask] | 1-650-926-3338
On Jul 2, 2013, at 2:30 AM, Lukasz Janyst <[log in to unmask]> wrote:
> Hi Victor,
>
> yes. However, this currently works only for the old client, which
> should be good enough for the current production code. Since there are
> some use cases, I will add support for it in the new one as well in one
> of the next releases.
>
> Cheers,
> Lukasz
>
> On 27.06.2013 21:19, Victor Kotlyar wrote:
>> Hi all
>> I've found something about SOCKS4 proxy is it still supported?
>> {{{
>>
>> TString
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTString.html>
>> socks4Host =gEnv
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Host","");
>>
>> Int_t
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2Rtypes_8h.html#3885b911a54b47a4e61671f45dd45d0b>
>> socks4Port =gEnv
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/core_2base_2inc_2TEnv_8h.html#11202e6eff8457ae349087e34c0549c9>->GetValue
>> <http://web-docs.gsi.de/%7Ehalo/docs/hydra/classDocumentation/doxy_dev/root52800b/html/classTEnv.html#e6b03f2d02b0e116b716e233bcf5d00f>("XNet.SOCKS4Port",-1);
>>
>>
>> }}}
>>
>> So If we define two variables and install SOCKS4 proxy server will it
>> forward all traffic through that server?
>> Sorry about silly questions but there is not too much fresh
>> documentation about such setups.
>>
>> Regards,
>> Victor
>>
>>
>> 27.06.2013 10:27, Yang, Wei :
>>> Hi Victor,
>>>
>>> Indeed I also think this is an interesting and useful ideal, and it is
>>> likely easy to do. Something for Lukasz to think of …
>>>
>>> In your case, you probably can use the following example in
>>> /etc/sysconfig/iptables on batch nodes
>>>
>>> *nat
>>> :PREROUTING ACCEPT [0:0]
>>> :OUTPUT ACCEPT [0:0]
>>> :POSTROUTING ACCEPT [0:0]
>>> # Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected
>>> to 134.79.198.159:5010
>>> -A PREROUTING -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT
>>> --to-destination 134.79.198.159:5010
>>> -A OUTPUT -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT
>>> --to-destination 134.79.198.159:5010
>>> -A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT
>>> --to-source 192.12.15.102:5010
>>>
>>>
>>> Wei Yang | [log in to unmask] | 650-926-3338(O)
>>>
>>>
>>>
>>> On Jun 26, 2013, at 10:10 PM, Victor Kotlyar<[log in to unmask]>
>>> wrote:
>>>
>>>> Hi Wei
>>>>
>>>> on 26.06.2013 23:18, Yang, Wei wrote:
>>>>> Hi Victor,
>>>>>
>>>>> Try to understand your question: is this about something like
>>>>> root_proxy variable? Since you have done a proxy setup so I suppose
>>>>> your question is not about if and how for setting up a proxy. I
>>>>> don't think we currently have this. But I think you can request such
>>>>> a feature to be implemented. In the mean time, I am doing similar
>>>>> things at SLAC by manipulating the NAT table in iptables (modify TCP
>>>>> head so that traffic to host A is sent to host B, etc.)
>>>> Yes it is like a root_proxy variable.
>>>> I do not know if it will be widely used but maybe idea is interesting.
>>>> When everybody and everywhere in HEP switched to root it might be
>>>> useful.
>>>>
>>>>
>>>> In our case:
>>>> we have WN's after GW (NAT) in our network and a server outside our
>>>> network. We would like to reroute all xroot\root traffic to our WNs GW
>>>> through that particular server.
>>>>
>>>> If you have similar setup could you please describe it a little bit.
>>>>
>>>> Best regards,
>>>> Victor Kotlyar
>>>>
>>>>> regards,
>>>>> Wei Yang | [log in to unmask] | 1-650-926-3338
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Jun 26, 2013, at 11:43 AM, Victor
>>>>> Kotlyar<[log in to unmask]> wrote:
>>>>>
>>>>>> Dear xrootd experts.
>>>>>>
>>>>>> Since 6th of June we have problems with connection to outside
>>>>>> Russia for
>>>>>> our institute.
>>>>>> We investigate any possibility to use another Institutes for rerouting
>>>>>> our Grid traffic.
>>>>>>
>>>>>> So I have a very simple question: is it possible to create a proxy
>>>>>> server for xroot?
>>>>>>
>>>>>> For example we use http_proxy environment variable to redirect all
>>>>>> http
>>>>>> traffic through http proxy server on WorkingNodes.
>>>>>>
>>>>>> On our Grid site Alice experiment initiates many connections on
>>>>>> 1095tcp
>>>>>> port to outside storage servers and it would be very usefull just
>>>>>> to set
>>>>>> xroot_proxy environment variable and install xrootd in proxy mode on
>>>>>> other site.
>>>>>>
>>>>>> I guess that it is not so simple. Could you please make any
>>>>>> recomendations what is possible to try in our case?
>>>>>>
>>>>>> Many thanks
>>>>>> Best regards,
>>>>>> Victor Kotlyar
>>>>>>
>>>>>> ########################################################################
>>>>>>
>>>>>> Use REPLY-ALL to reply to list
>>>>>>
>>>>>> To unsubscribe from the XROOTD-L list, click the following link:
>>>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>> ########################################################################
>>> Use REPLY-ALL to reply to list
>>>
>>> To unsubscribe from the XROOTD-L list, click the following link:
>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>
>> ########################################################################
>> Use REPLY-ALL to reply to list
>>
>> To unsubscribe from the XROOTD-L list, click the following link:
>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
