release notes | Book: 2.10, 2.11, 2.12, 2.13, 2.14 | Wiki | Q&A black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub black_bg

Firewall Configuration

The components of a dCache instance may be distributed over several hosts (nodes). Some of these components are accessed from outside and consequently the firewall needs to be aware of that. We contemplate two communication types, the dCache internal communication and the interaction from dCache with clients.

Since dCache is very flexible, most port numbers may be changed in the configuration. The command dcache ports will provide you with a list of services and the ports they are using.

[return to top]

Basic Installation

This section assumes that all nodes are behind a firewall and have full access to each other.

dCache internal. 

  • As we assume that all nodes are behind a firewall and have full access to each other there is nothing to be mentioned here.

  • On the pool nodes the LAN range ports need to be opened to allow pool to pool communication. By default these are ports 33115-33145 (set by the properties dcache.net.lan.port.min and dcache.net.lan.port.max).

dCache communication with client. 

  • The door ports need to be opened to allow the clients to connect to the doors.

  • The WAN/LAN range ports need to be opened to allow the clients to connect to the pools. The default values for the WAN port range are 20000-25000. The WAN port range is defined by the properties dcache.net.wan.port.min and dcache.net.wan.port.max.

[return to top]

Multi-Node with Firewalls

Multinode setup with firewalls on the nodes.

dCache internal. 

  • The LocationManager server runs in the dCacheDomain. By default it is listening on UDP port 11111. Hence, on the head node port 11111 needs to be opened in the firewall to allow connections to the LocationManager. Remember to limit this so that only other dCache nodes are allowed access.

  • On the pool nodes the LAN range ports need to be opened to allow pool to pool communication. By default these are ports 33115-33145 (set by the properties dcache.net.lan.port.min and dcache.net.lan.port.max).

dCache communication with client. 

  • The door ports need to be opened to allow the clients to connect to the doors.

  • The WAN/LAN range ports need to be opened to allow the clients to connect to the pools. The default values for the WAN port range are 20000-25000. The WAN port range is defined by the properties dcache.net.wan.port.min and dcache.net.wan.port.max.

More complex setups are described in the following sections.