This describes firewall issues from the clients perspective. the section called “Firewall Configuration” discusses the server side.
When files are transferred in
GridFTP active mode from
GridFTP server to the
GridFTP client, server establishes
data channel(s) by connecting to the client. In this case client
TCP socket, bound to some particular address on the
client host, and sends the client host
IP and port to the
server. If the client host is running a firewall, firewall might
refuse server’s connection to the client’s listening socket.
Common solution to this problem is establishing a range of ports
on the client’s host that are allowed to be connected from
Internet by changing firewall rules.Once the port range is
defined the client can be directed to use one of the ports from
the port ranges when creating listening tcp sockets.
If you are using srmcp as a client you need to do the following:
create a directory
$HOME/.globusif it does not exist.
create and/or edit a file
$HOME/.globus/cog.propertiesby appending a new line reading
where <min> and <max> are the lower and upper bounds of the port range.
With the latest srmcp release you can use the
srmcp -globus_tcp_port_range=<minValue>:<maxValue> ...
A range of ports open for
TCP connections is specified as a
pair of positive integers separated by ":". This is not set by
If you are transferring files from gridftp server using
globus-url-copy, you need to define an environment
GLOBUS_TCP_PORT_RANGE, in the same
shell in which globus-url-copy will be executed.
In sh/bash you do that by invoking the following command:
in csh/tcsh you invoke:
setenv GLOBUS_TCP_PORT_RANGE "<min>,<max>"
here <min> and <max> are again the lower and upper bounds of the port range