This forum has been archived. Please start a new discussion on GitHub.

Glacier2 Use Case Question

I've got an existing Ice application that uses IceGrid and IcePatch2. Things work just fine, except for the fact that I have to disable the Windows firewall on all the nodes for Ice to communicate properly. I need to find a solution that allows me to keep the Windows firewall enabled and still allows my applications to speak to each other.

I could add an exception to the firewall for a specific port, but Ice assigns the ports automatically, so I don't really know how this would work. Maybe there is a config option to specify a port that the server listens on?

Or, I am wondering if Glacier2 would solve the problem. It's unclear to me how this mechanism works. Does the server initiate an outgoing connection to the Glacier2 server? If so then I would not have to add a firewall exception because outgoing connections are allowed. If not then I'm back to the original problem, how do I specify in my XML config document describing my application which server port to use?

Any tips would be appreciated. Thanks.


  • mes
    mes California
    Hi Isaac,

    You can definitely configure Ice servers to use specific ports. In an IceGrid configuration, your <adapter> element should specify the port in its endpoints attribute, as shown below:
    <adapter name="MyAdapter" endpoints="default -p 10000" ...>

    You'll need to make a list of all the ports that must be accessible on each machine so that you can add the necessary exceptions to the firewalls. The manual describes the ports opened by the IceGrid registry and nodes. You'll also need to include the ports for IcePatch2 and your own servers.

    I don't think Glacier2 can really help much in this situation. Glacier2 allows clients to communicate with servers behind a front-facing firewall, while an IceGrid deployment is really intended to live behind the firewall. For example, an IceGrid node must be able to communicate with the registry, and must be able to connect directly to the registry. Nodes currently do not support the ability to communicate with the registry via a Glacier2 router.