Getting Server+Glacier2+Client to work through a firewall?

in Help Center
Hi,
When I run the demo in "Ice-3.4.1-demos\democs\Glacier2\callback", it works fine on my local machine. It also works fine if I run everything on the remote machine.
However, if I attempt to connect Local PC >> Remote PC, it halts on:
Setup:
* Local PC: Windows 7, running "client.exe".
* Remote PC: Windows Server 2008, on the internet, running "server.exe" and "glacier2router --Ice.Config=config.glacier2"
Open ports:
* No ports are open on the Local PC.
* Ports 4063 and 10000 are open on the Remote PC, hardware firewall (Amazon EC2 web configuration), for both TCP and UDP.
* Ports 4063 and 10000 are open on the Remote PC, software firewall (Windows Server 2008 R2), for both TCP and UDP.
* File "config.client" on the Local PC (Windows 7).
184.72.243.87 is the static IP of the Remote PC.
* File "Glacier2.config" on the Remote PC (Windows Server 2008):
* File: "config.server" on the Remote PC (Windows Server 2008):
When I run the demo in "Ice-3.4.1-demos\democs\Glacier2\callback", it works fine on my local machine. It also works fine if I run everything on the remote machine.
However, if I attempt to connect Local PC >> Remote PC, it halts on:
-- 3/10/2011 19:30:42:382 client.exe: Network: trying to establish tcp connection to 184.72.249.87:4063
Setup:
* Local PC: Windows 7, running "client.exe".
* Remote PC: Windows Server 2008, on the internet, running "server.exe" and "glacier2router --Ice.Config=config.glacier2"
Open ports:
* No ports are open on the Local PC.
* Ports 4063 and 10000 are open on the Remote PC, hardware firewall (Amazon EC2 web configuration), for both TCP and UDP.
* Ports 4063 and 10000 are open on the Remote PC, software firewall (Windows Server 2008 R2), for both TCP and UDP.
* File "config.client" on the Local PC (Windows 7).
Ice.Default.Router=DemoGlacier2/router:tcp -p 4063 -h 184.72.249.87 Callback.Client.Endpoints= Callback.Proxy=callback:tcp -h 127.0.0.1 -p 10000 <snip>
184.72.243.87 is the static IP of the Remote PC.
* File "Glacier2.config" on the Remote PC (Windows Server 2008):
Glacier2.InstanceName=DemoGlacier2 Glacier2.Client.Endpoints=tcp -p 4063 -h 127.0.0.1 Glacier2.Server.Endpoints=tcp -h 127.0.0.1 Glacier2.PermissionsVerifier=DemoGlacier2/NullPermissionsVerifier <snip>
* File: "config.server" on the Remote PC (Windows Server 2008):
Callback.Server.Endpoints=tcp -h 127.0.0.1 -p 10000
0
Comments
If you suspect a firewall issue, you can use telnet to check if you can reach the Ice server.
Firewall is not the issue here:
Glacier2 needs to listen on an external interface to be reached through this external interface... You need something like:
where EXT_IP corresponds to the IP address of the network interface you want to use for remote communications (that's not your elastic IP with Amazon EC2).
Best regards,
Bernard
Excellent! Now everything works perfectly. The internal IP address of my network adapter on Amazon EC2 is 10.214.39.163 (I got that with ipconfig). I replaced every instance of 127.0.0.1 with this IP address to make it work. Thank you so much for your timely response - your tech support is fantastic.
The IP address "10.214.39.163" is the IP address for the network card (not the Amazon Elastic IP) for the remote Amazon EC2 instance.
This presents a problem: there is too much coupling between the server and the remote clients. If this IP address changes, then it will break all of the clients. Is there any way to avoid this problem, perhaps by setting up a proxy, or instead referring to "localhost" instead of the IP address, etc?
I can answer my own question: the only place that the IP address of the network adapter needs to be hard coded is in the glacier2 router configuration file. Everything else can be 127.0.0.1. This means that config.server refers to 127.0.0.1, so config.client can refer to that as well which eliminates the dependence of the client on any setting internal to the server.
Here, the 'Callback' is the object in the server (behind Glacier2), and the Callback.Proxy is the proxy that the actual client to this server (= the Glacier2 router) will use.
If your Glacier2 router and your server are on the same host, you can use 127.0.0.1 for your Glacier2.Server.Endpoints [Glacier2 router config], Callback.Server.Endpoints [server config] and also your Callback.Proxy [client config].
If they are on different hosts, 127.0.0.1 won't work, and you'll need a proxy like Callback.Proxy=callback:tcp -h 10.214.39.163 -p 25000
Naturally, hard-coding IP addresses and port numbers may not be practical or desirable. The solution overall is to use both Glacier2 and IceGrid; this way your client can use indirect proxies to reach the server through Glacier2, typically "well-known proxies" for the initial objects.
Best regards,
Bernard
I'd absolutely love to get to the point of hosting two services within IceGrid + Glacoer2 behind the firewall, but there are no working demos that I could find and every combination of settngs I have tried hasn't worked. I am currrently re-reading the user manual, cover to cover.
Do you happen to know of a working demo that shows how to deploy two services, within Icebox+Glacier2 (with callbacks preferably) on an internet server, behind a firewall?
I'd love to meet my deadline, but I might have to end up hard coding a port for each service and opening up the firewall (which wont be as efficient as your recommended method).