[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 20020508: Re: [Fwd: SuomiNet Site Install Question (fwd)] (fwd)



---------- Forwarded message ----------
Date: Wed, 8 May 2002 16:34:47 -0600 (MDT)
From: Jeff Weber <address@hidden>
To: Teresa Van Hove <address@hidden>
Subject: Re: 20020508: Re: [Fwd: SuomiNet Site Install Question (fwd)]

Hi Teresa, 

A few comments below...in text.

-Jeff
____________________________                  _____________________
Jeff Weber                                    address@hidden
Unidata Support                               PH:303-497-8676 
NWS-COMET Case Study Library                  FX:303-497-8690
University Corp for Atmospheric Research      3300 Mitchell Ln
http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000
________________________________________      ______________________

On Wed, 8 May 2002, Unidata Support wrote:

> 
> ------- Forwarded Message
> 
> >To: address@hidden,
> >To: address@hidden,
> >To: "address@hidden" <address@hidden>
> >From: Teresa Van Hove <address@hidden>
> >Subject: Re: [Fwd: SuomiNet Site Install Question (fwd)]
> >Organization: GST
> >Keywords: 200205080028.g480SXa00044
> 
> Unidata - I have a question that I don't know enough about LDM to answer
> (Will LDM work with this standalone-network IP addresses and NAT
> iptables translation system descriped by Rhett below?)
> 
> > 
> > Shad,
> > 
> > I administer a Linux machine that we use as a NAT firewall to share a DSL
> > line to various machines at an unmanned observatory near Bear Lake in
> > Garden City, UT.
> > 
> > I have some guys looking into installing your SuomiNet system at our
> > location, and they have asked me if our setup can accomodate your system
> > requirements.  Looking over the info available at
> > http://www.unavco.ucar.edu/project_support/suominet/suomi_network_rules.html
> > 
> > I have a couple of concerns and questions.
> > 
> > First of all, we already use TCP port 22 to connect using ssh to
> > administer our own box, so we can't just make all port 22 requests
> > redirect to your system.  Though I have never tried it, I believe I can
> > redirect requests to port 22 from *.cosmic.ucar.edu and unavco.ucar.edu to
> > your system using the iptables tool, but since your system would sit
> > behind our firewall it would have to use one of our standalone-network IP
> > addresses (192.168.1.???) and its connection to the Internet would be
> > translated to our real IP address using NAT with iptables.
> > 
> > My question is:  will there be any issues with your software if it can't
> > have a real IP address with a DNS resolvable (on the Internet) hostname or
> > IP address? 


Yes, this would be a problem...

> 
> > 
> > I am fairly certain that I can accomplish the port 22 redirection for
> > requests from the selected domains and hosts, and it will be very easy to
> > redirect port 388 since we aren't using it for anything else, but I don't
> > know what other issues we might run into with the software.
> > 

Port 388 is registered for the LDM ISO-standard


> > Also, I couldn't find a description of the exact bandwidth requirements of
> > your system.  

Bandwidth requirements solely dependant on data volume..

> 
>      For a standard 30 second site it transmits about 40 kbytes hourly,
> it would cause timeout problems if it cant transmit within a reasonable
> period, but it doesn't each much bandwidth.
> 
> > 
> > In addition, a few nit picky items:
> I'll remind Bjorn to change his web pages when he returns from vaction. 
> 
> > http://www.unavco.ucar.edu/project_support/suominet/computer.html shows
> > your operating system as "Linux 6.2".  No such product exists.  Linux is
> > currently at version 2.5.12 for the development version and 2.4.18 for the
> > stable version.  I suspect you mean "Red Hat Linux 6.2", and I thought I
> > would point that out so you could update your pages.  Also, that page
> > lists secure shell version 2.5.2p2 which must be OpenSSH 2.5.2p2.  I would
> > like to point out that OpenSSH 3.1p1 is the current release that
> > production machines should be running since some security flaws were found
> > in versions prior to 2.9something.
> 
> I'll check to see if we've swithced ot 3.1 for new systems.  At present, 
> for existing sites we are relying on a strict hosts.deny/hosts.allow


Without IP or full domain name, how do you restrict or grant access?


 
> and the local firewalls for security.  I have not yet come across 
> an easy OpenSSH 3.1p1 for the older redhat 6.2 systems, and I have
> limited sys admin resources I can tap for the suominet project.
> 
> 
> Teresa Van Hove
> Assoc. scientist GST/UCAR
> address@hidden,
> 303-497-8023
> 
> > 
> > Thanks for you help in resolving these questions.
> > 
> > --
> > J. Rhett Hooper <address@hidden>  Phone: (435)797-4551
> > USU Research Foundation / Space Dynamics Laboratory       KB7RAM
> > GPG Public Key 0x9049E3BC available at http://www.keyserver.net/
> >
> 
> 
> ------- End of Forwarded Message
> 
>