[GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)
James Foster
james.foster at gemtalksystems.com
Mon Feb 24 21:17:21 PST 2014
This suggests that the Gem has started so it should have created a log file as well. That would be the next place to look.
On Feb 24, 2014, at 8:00 PM, Normand Mongeau <nmongeau at theobjects.com> wrote:
> Yes to all of those questions…
>
> I’m doing an RPC login.
>
> For starters, here’s a sample of netldi in debug mode:
>
> Summary of netldi parameters:
> The host name is "phatboy".
> GEMSTONE is: "C:\GemStone61".
> System password authorization is permitted.
> Clients are not authenticated.
> Process creation is permitted through user's HOME directory.
> Pool of ports is "7001:7006".
> Created processes belong to the account named "SYSTEM".
> The default directory for log files is 'C:\users\default\'.
> Entering Service Loop
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Attempting accept...
> ...succeeded accepting client from 192.168.0.1, connection = 2
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Finished reading client request:
> Client is a rpc application.
> '!@MyIP#encrypted:Claude!gemnetobject'
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Successful fork; Child's Pid: 3308 command is:
> 'C:/GemStone61/bin/gem.exe TCP 10806 30'
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Now reading reply from child
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Reply to client started:
> 'SUCCESS 7001'
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Done writing reply to client.
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Disposed. elapsed time = 0
>
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Attempting accept...
> ...succeeded accepting client from 192.168.0.1, connection = 2
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Finished reading client request:
> Client is a rpc gem or a linked application.
> '!@MyIP#encrypted:SYSTEM#server!icp1'
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Reply to client started:
> 'SUCCESS 10657'
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Done writing reply to client.
> 0: Mon 24 Feb 2014 15:42:02 Eastern Standard Time
> Disposed. elapsed time = 0
>
> At this point the client gets the error:
>
> GS Server Error - GbsNetErrConnectionRefused - ["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrConnectionRefused Nonblocking connect(my IP Address,port=10657) failed to complete.]
>
>
> From: James Foster [mailto:james.foster at gemtalksystems.com]
> Sent: 24 février 2014 22:50
> To: Normand Mongeau
> Cc: gemstone-smalltalk at lists.gemtalksystems.com
> Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)
>
> Good work verifying that the initial connection from the GCI client to the NetLDI is working. Reading the error message more closely I see that the problem claims to be connecting to the stone. Are you doing a linked login or an RPC login? I think it will be much more difficult to do a linked login from outside a firewall. Can you start the NetLDI in debug mode (/d)? Can you track down the various log files? Is there a gemnetobject log file?
>
> James
>
> On Feb 24, 2014, at 7:42 PM, Normand Mongeau <nmongeau at theobjects.com> wrote:
>
>
> Proof that 10088 is configured correctly, I just closed that port in the firewall and the error message is different:
>
> GS Server Error - GbsHostErrCantSpawn - Unable to create a GemStone session.
> NetLDI service 'netldi61' not found on node 'MyIP:
> Nonblocking connect(MyIP,port=10088) failed to complete.
>
> From: Normand Mongeau [mailto:nmongeau at theobjects.com]
> Sent: 24 février 2014 22:34
> To: 'James Foster'
> Subject: RE: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)
>
> Hi James,
>
> I should have mentioned that port 10088 is already configured and functional, and the firewall already lets it through.
>
> There is something missing and I don’t know what, but this is extremely frustrating.
>
> Here’s where I am:
>
> -netldi61 10088/tcp is configured in the services file
> -port 10088 is open in the firewall
> -the netldi service was created with a port range (I now changed it to 7001:7006)
> -ports 7001 to 7006 are also open in the firewall
>
> When I connect using the LAN ip address, it works, but when I try using the public WAN address, I always get an error message, and the port is always outside the 7001 to 7006 range.
>
> Normand
>
> From: James Foster [mailto:james.foster at gemtalksystems.com]
> Sent: 24 février 2014 21:27
> To: Normand Mongeau
> Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)
>
> Normand,
>
> The existing NetLDI process is rather complex (but will improve in the forthcoming 64-bit 3.2). You need to have at least two ports open, one for the initial connection between the GCI client and the NetLDI process and one for the subsequent connection between the GCI client and the Gem launched by the NetLDI.
>
> The first connection is on a port defined when the NetLDI is started. If you don’t give a name or number, there is a default and in your case it is 10088. Note that you need to open this port on the firewall (and it is below the range you designated). When you initiate a connection from the GCI client, it needs to know the NetLDI port. If you provide a number, that is fine. If you provide a name, then it will do a lookup in the services file (C:\Windows\System32\drivers\etc\services) and use the number found there. If you do not have an entry for netldi61, then it will attempt the connection on a random port (not very helpful!). In your example it attempted a connection on 53695, indicating that you do not have the Windows client configured properly.
>
> The port range you provided when you configured NetLDI deals with the second connection, and I’d say that one port should be adequate. I’d suggest you start NetLDI on 10088 and use 10089:10089 as the secondary port range. Then open 10088 to 10089 on your firewall. Finally, on your client, add an entry to your services file or explicitly use 10088 instead of netldi61 as the service.
>
> James
>
> On Feb 24, 2014, at 5:08 PM, Normand Mongeau <nmongeau at theobjects.com> wrote:
>
>
> Hi,
>
> I’m trying to open up a firewall to let through an old app running on an old 6.1.2 GS/S server, and am having a hard time. Note that the server is running on a Windows XP box.
>
> I configured netldi61 thus:
>
> Netldi61 create /a /b /g /p: 11000:11050
>
> And opened up ports 11000 to 11050 in my firewall, yet when I try to connect I get errors like this:
>
> GS Server Error - GbsNetErrConnectionRefused - ["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrConnectionRefused Nonblocking connect(my IP Address,port=53695) failed to complete.]
>
>
> The Netldi log reads like this, so the port range is in effect:
>
> Summary of netldi parameters:
> The host name is "phatboy".
> GEMSTONE is: "C:\GemStone61".
> System password authorization is permitted.
> Clients are not authenticated.
> Process creation is permitted through user's HOME directory.
> Pool of ports is "11000:11050".
> Created processes belong to the account named "SYSTEM".
> The default directory for log files is 'C:\users\default\'.
> Entering Service Loop
>
> Gslist –x reports this, again indicating the port range should be in effect:
>
> netldi61
> status= running
> type= Netldi
> version= 6.1.2
> owner= SYSTEM
> started= Feb 21 15:09
> pid= 5104
> port= 10088
> options= -g -a SYSTEM -p 11000:11050
> logfile= C:/GemStone61/log/netldi61.log
>
>
> Why is GS trying to reach port 53695?
>
> Normand
>
> _______________________________________________
> GemStone-Smalltalk mailing list
> GemStone-Smalltalk at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/gemstone-smalltalk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/gemstone-smalltalk/attachments/20140224/357a6257/attachment-0001.html>
More information about the GemStone-Smalltalk
mailing list