This describes firewall issues from the clients perspective. the section called “Firewall Configuration” discusses the server side.
When files are transferred in GridFTP active mode from
GridFTP server to the GridFTP client, server establishes
data channel(s) by connecting to the client. In this case client
creates a TCP socket, bound to some particular address on the
client host, and sends the client host IP and port to the
server. If the client host is running a firewall, firewall might
refuse server’s connection to the client’s listening socket.
Common solution to this problem is establishing a range of ports
on the client’s host that are allowed to be connected from
Internet by changing firewall rules.Once the port range is
defined the client can be directed to use one of the ports from
the port ranges when creating listening tcp sockets.
If you are using srmcp as a client you need to do the following:
create a directory
$HOME/.globusif it does not exist.create and/or edit a file
$HOME/.globus/cog.propertiesby appending a new line readingtcp.port.range=<min>,<max>
where <min> and <max> are the lower and upper bounds of the port range.
With the latest srmcp release you can use the
globus_tcp_port_range option:
[user] $srmcp -globus_tcp_port_range=<minValue>:<maxValue> ...
A range of ports open for TCP connections is specified as a
pair of positive integers separated by ":". This is not set by
default.
If you are transferring files from gridftp server using
globus-url-copy, you need to define an environment
variable GLOBUS_TCP_PORT_RANGE, in the same
shell in which globus-url-copy will be executed.
In sh/bash you do that by invoking the following command:
[user] $export GLOBUS_TCP_PORT_RANGE="<min>,<max>"
in csh/tcsh you invoke:
[user] $setenv GLOBUS_TCP_PORT_RANGE "<min>,<max>"
here <min> and <max> are again the lower and upper bounds of the port range