Leginon

h1. An example of working port-forwarding configuration

h2. (Paraphrased from description by Brian J. Gibbens) and tested at NRAMM

Local network (192.168.xxx.xxx in this example) can not be accessed directly through

institute network that has internet access before port forwarding.

h2. The computer hosts involved in this port-forwarding configuration listed by hostname and operation system in ( ):

# *ScopePC* (Windows) - The computer controlling the microscope

** connected only to local network

** Static local IP addresses (192.168.200.99 in this example) is set to this host.

# *SupportPC* (Windows) - The computer provided by FEI to protect *ScopePC* while allow RAPID system support from them through internet.

** Two network cards are on this computer.

** Local network Static IP address (192.168.200.100 in this example)

** Outbound institute network Static IP address (137.131.204.250 in this example)

# *ProcessingLinux* (Linux) - The computer that runs Leginon processing.

** Institute network Static IP address (137.131.204.500 in this example)

# *DatabaseLInux* (Linux) - The computer that runs Leginon database server.  In a simpler setup this might be the same computer as the ProcessingLinux as illustrated in the figure below.

** Institute network Static IP address (137.131.204.700 in this example)

!http://emg.nysbc.org/attachments/2484/PortForward.png!

*Ethernet cables should be connected like in the figure above.*

h2. TCP/IP Gateway Settings on *ScopePC*

This should be set to the local IP address of the *SupportPC* like this:

!gateway.png!

h2. Firewall settings on *SupportPC*

** allow communication to *ScopePC* and *ProcessLinux* and *DatabaseLinux*.

h2. Hosts file addition if needed

--Appropriate IP addresses and hostnames added to the hosts files

(C:/WINDOWS/System32/drivers/etc/hosts.txt on Windows PC's and

/etc/hosts on Linux).

* On *ScopePC* - list hostnames of *SupportPC*, *DatabaseLinux* and *ProcessingLinux*

* On *SupportPC* - list both hostnames of *ScopePC* and *DatabaseLinux* and *ProcessingLinux*

* On *ProcessingLinux* and *DatabaseLinux* - list hostname of *SupportPC* in additional to other linux hosts  but not *ScopePC* since all communication from *ScopePC* to these through *SupportPC* will appear to come from *SupportPC*

h2. Install port forwarding program AUTAPF which allows needed host/port specification on *SupportPC*

The screen shot below shows that case where:

* Port 55555 is opened by legion/laumcher.py (often called Leginon Client") on *ScopePC*, intended to serve data to *ProcessingLinux*. (Fixed port)

* Ports 49152 and 49153 are opened by two processes to send/receive data to *ScopePC". (You may need to add more ports in case of blockage.  See [[Ports used by Leginon]])

* Port 3306 is dedicated for database connection. (Fixed port)

!autapf.PNG!

______

[[Network Configuration| Go up]]

______