Glacier2 Application - SSL Configuration

kdobbkdobb Member Klaus DobblerOrganization: personProject: the project is for the synchronization of files in network with multiple peers

Hi,

I have a question concerning the SSL-Configuration of a Glacier2 ICE Application.

Let's assume I have a glacier2.conf with

Glacier2.Client.Endpoints=ssl -p 4064 -h my.wan.domain
Glacier2.Server.Endpoints=tcp -h my.local.ip.address

And a client-configuration:

Ice.Default.Router=DemoGlacier2/router:ssl -p 4064 -h my.wan.domain
Registration.Proxy=callback:tcp -h my.local.ip.address -p 20020

Do I understand this correctly, that for wan-communication tcp port 4064 is used and between glacier2router and server-service tcp 20020 is used?

When I use twoway-communication, how do I have to configure firewall at my client?

Thanks for you support.

Best Regards

Klaus

Tagged:

Comments

  • benoitbenoit ZeroC Staff Rennes, FranceAdministrators, ZeroC Staff Benoit FoucherOrganization: ZeroC, Inc.Project: Ice ZeroC Staff

    Hi,

    You understand it correctly. The client establishes a connection to Glacier2 on port 4064 and Glacier2 will establish a connection to the server (on behalf of the client) on port 20020.

    When using Glacier2, the client establishes a single connection to the Glacier2 router instance and this connection is a bi-directional connection. The client can send requests to the server using this connection but also receive requests from the server on this same connection. So there's no need to configure the firewall on the client to allow incoming connection establishment.

    For more information on this, I recommend you to take a look at the following articles:

    https://doc.zeroc.com/display/Ice37/Glacier2
    https://doc.zeroc.com/display/Doc/Chat+Demo
    https://doc.zeroc.com/display/Ice37/Bidirectional+Connections

    Cheers,
    Benoit.

  • kdobbkdobb Member Klaus DobblerOrganization: personProject: the project is for the synchronization of files in network with multiple peers

    H Benoit, thank you very much for the explanation.
    So, if I would have to configure outgoing firewall traffic, I would must allow only outgoing traffic for port 4064 in that case, right?

    Best Regards Klaus

  • benoitbenoit ZeroC Staff Rennes, FranceAdministrators, ZeroC Staff Benoit FoucherOrganization: ZeroC, Inc.Project: Ice ZeroC Staff

    Yes, if you want to restrict outgoing traffic on the client machine, you will indeed need to allow outgoing traffic to port 4064 to allow the client to connect to the Glacier2 router instance.

    Cheers,
    Benoit.

  • kdobbkdobb Member Klaus DobblerOrganization: personProject: the project is for the synchronization of files in network with multiple peers

    All Right, thanks!

Sign In or Register to comment.