[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] ports used

To: handle-info@cnri.reston.va.us
Subject: Re: [Handle-info] ports used
From: Sean Reilly <sreilly@cnri.reston.va.us>
Date: Mon, 24 Jul 2006 15:07:06 +0100
Cc: Guy Knights <g.knights@qut.edu.au>
In-reply-to: <6.1.2.0.2.20060721085929.03ab57c0@newcnri.cnri.reston.va.us>
List-archive: <http://www.handle.net/pipermail/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: Handle System Information Mailing List <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
References: <44C0582F.90800@qut.edu.au> <6.1.2.0.2.20060721085929.03ab57c0@newcnri.cnri.reston.va.us>
Sender: handle-info-admin@cnri.reston.va.us

Jane is right, but to clarify: Both 2641 and 8000 (you can override either port) should be open to the outside world since handle resolution requests can come over any of those ports. In addition to providing a human-readable interface to the handle server, the HTTP interface also allows clients with very strict firewalls to resolve handles via outgoing HTTP requests. If any of these incoming ports will be blocked, your server information (found in the siteinfo.bin file which is included in the sitebndl.zip that was sent to hdladmin) should be adjusted to reflect the ports that are actually accessible.

Allowing all outgoing connections is best since your handle server, depending upon its configuration, may need to resolve handles on the root service when authenticating admin clients.

Thanks,
Sean

On Jul 21, 2006, at 2:00 PM, Jane Euler wrote:

Hi Guy: Thanks for your questions. Yes, both ports 2641 and 8000 need to be open to all incoming and outgoing requests.

Jane

At 12:29 AM 7/21/2006, Guy Knights wrote:
I'm at the stage where I have to home my installation of Handles, and to do this I will need to put in a request to have ports opened in our border firewall. However, so that I don't put in any unnecessary requests I'd like to confirm with those in the know exactly which ports need to be opened, and in which direction.

As I understand it, the system uses ports 2641 (TPC and UDP) and 8000. 2641 is the fundamental handles port used for communication by the system, while port 8000 is for the http interface.

I know the system has to be able to communicate with the global handles server out through our border firewall on port 2641. My question is: does it also need to accept connections in through the firewall on pot 2641? My guess would be yes, but I'd like to confirm this. Also, is it necessary to allow outside access on port 8000, or is this just for administrative (or internal) functions?
Thanks,
Guy Knights


--
Sean Reilly,	CNRI
Location this week:  Edinburgh, Scotland
hdl:200/0

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- [Handle-info] ports used
  - From: Guy Knights <g.knights@qut.edu.au>
- Re: [Handle-info] ports used
  - From: Jane Euler <jeuler@cnri.reston.va.us>

Prev by Date: Re: [Handle-info] ports used
Next by Date: [Handle-info] Deleting HS_ADMIN-less handles?
Previous by thread: Re: [Handle-info] ports used
Next by thread: [Handle-info] Deleting HS_ADMIN-less handles?
Index(es):
- Date
- Thread