The components of a dCache instance may be distributed over several hosts (nodes). Some of these components are accessed from outside and consequently the firewall needs to be aware of that. We contemplate two communication types, the dCache internal communication and the interaction from dCache with clients.
Since dCache is very flexible, most port numbers may be changed in the configuration. The command dcache ports will provide you with a list of services and the ports they are using.
This section assumes that all nodes are behind a firewall and have full access to each other.
dCache internal.
As we assume that all nodes are behind a firewall and have full access to each other there is nothing to be mentioned here.
On the pool nodes the LAN range ports need to be opened to allow pool to pool communication. By default these are ports
33115-33145
(set by the propertiesdcache.net.lan.port.min
anddcache.net.lan.port.max
).
dCache communication with client.
The door ports need to be opened to allow the clients to connect to the doors.
The WAN/LAN range ports need to be opened to allow the clients to connect to the pools. The default values for the WAN port range are
20000-25000
. The WAN port range is defined by the propertiesdcache.net.wan.port.min
anddcache.net.wan.port.max
.
Multinode setup with firewalls on the nodes.
dCache internal.
The
LocationManager
server runs in thedCacheDomain
. By default it is listening on UDP port11111
. Hence, on the head node port11111
needs to be opened in the firewall to allow connections to theLocationManager
.On the pool nodes the LAN range ports need to be opened to allow pool to pool communication. By default these are ports
33115-33145
(set by the propertiesdcache.net.lan.port.min
anddcache.net.lan.port.max
).
dCache communication with client.
The door ports need to be opened to allow the clients to connect to the doors.
The WAN/LAN range ports need to be opened to allow the clients to connect to the pools. The default values for the WAN port range are
20000-25000
. The WAN port range is defined by the propertiesdcache.net.wan.port.min
anddcache.net.wan.port.max
.
More complex setups are described in the following sections.