Table of Contents
This chapter contains solutions for several non-trivial network configurations. The first section discusses the interoperation of dCache with firewalls and does not require any background knowledge about dCache other than what is given in the installation guide (Chapter 2, Installing dCache) and the first steps tutorial (Chapter 3, Getting in Touch with dCache). The following sections will deal with more complex network topologies, e.g. private subnets. Even though not every case is covered, these cases might help solve other problems, as well. Intermediate knowledge about dCache is required.
The TCP and UDP ports used for dCache internal communication
(port 11111
by default)
MUST be subject to firewall control so that
only other dCache nodes can access them. Failure to do this
will allow an attacker to issue arbitrary commands on any node
within your dCache cluster, as whichever user the dCache process
runs.