This forum has been archived. Please start a new discussion on GitHub.

solution for firewall

Hi All experts

I would like to ask what kind solution I should implement and how it works.

My case is this.

I have some campuses all over the world. Each of them uses, say domain names as,,

They also belong to main domain

Each campus has its own firewalls.

I have some IceStorm servers located within one campus The servers use static IPs

I have several clients in each campus. They all use DHCP IP,


All IceStorm servers are located within

Some of clients are publishers and some of them are subscribers. Each Campus has publisher and subscriber.

There are several laptops using VPN connecting campus using domain name

Those clients machines and laptops can be publishers or subscribers, too.

How can I enable any of those publisher and subscriber to talk to IceStorm servers through those firewalls?

We only can open up limited fix ports on each firewall server for this purpose.

Is the Glacier2 the only option? How it works? How many Glacier2 needed.

From programmer side, we wish that the programer do not need know any thing about firewall or glacier2. That is, they coded the software as if the firewalls are not there.


  • benoit
    benoit Rennes, France

    Glacier2 should provide a solution for your deployment. Since the IceStorm servers are located at, you can deploy Glacier2 on a machine in this domain. You will just need to open a single port on the firewall of to let Glacier2 clients outside access the Glacier2 server.

    The Glacier2 clients will need to establish a session with Glacier2 and once established, they will be able to access the IceStorm servers behind the firewall to either subscribe or publish to IceStorm topics.

    I recommend to look at our Chat Demo. Even if it doesn't use IceStorm, it will provide a good overview of a more complex deployment that involves Glacier2.

    See also the Glacier2 document into the Ice manual: Glacier2 - Ice 3.5 - ZeroC