Archived
Glacier2 Application - SSL Configuration
Hi,
I have a question concerning the SSL-Configuration of a Glacier2 ICE Application.
Let's assume I have a glacier2.conf with
Glacier2.Client.Endpoints=ssl -p 4064 -h my.wan.domain
Glacier2.Server.Endpoints=tcp -h my.local.ip.address
And a client-configuration:
Ice.Default.Router=DemoGlacier2/router:ssl -p 4064 -h my.wan.domain
Registration.Proxy=callback:tcp -h my.local.ip.address -p 20020
Do I understand this correctly, that for wan-communication tcp port 4064 is used and between glacier2router and server-service tcp 20020 is used?
When I use twoway-communication, how do I have to configure firewall at my client?
Thanks for you support.
Best Regards
Klaus
Comments
-
Hi,
You understand it correctly. The client establishes a connection to Glacier2 on port 4064 and Glacier2 will establish a connection to the server (on behalf of the client) on port 20020.
When using Glacier2, the client establishes a single connection to the Glacier2 router instance and this connection is a bi-directional connection. The client can send requests to the server using this connection but also receive requests from the server on this same connection. So there's no need to configure the firewall on the client to allow incoming connection establishment.
For more information on this, I recommend you to take a look at the following articles:
https://doc.zeroc.com/display/Ice37/Glacier2
https://doc.zeroc.com/display/Doc/Chat+Demo
https://doc.zeroc.com/display/Ice37/Bidirectional+ConnectionsCheers,
Benoit.0 -
H Benoit, thank you very much for the explanation.
So, if I would have to configure outgoing firewall traffic, I would must allow only outgoing traffic for port 4064 in that case, right?Best Regards Klaus
0 -
Yes, if you want to restrict outgoing traffic on the client machine, you will indeed need to allow outgoing traffic to port 4064 to allow the client to connect to the Glacier2 router instance.
Cheers,
Benoit.0 -
All Right, thanks!
0
