Leginon

h1. An example of working port-forwarding configuration

h2. (Paraphrased from description by Brian J. Gibbens) and tested at NRAMM

Local network (192.168.xxx.xxx in this example) can not be accessed directly through

institute network that has internet access before port forwarding.

h2. The computer hosts involved in this port-forwarding configuration listed by hostname and operation system in ( ):

# *ScopePC* (Windows) - The computer controlling the microscope

** connected only to local network

** Static local IP addresses (192.168.200.99 in this example) is set to this host.

# *SupportPC* (Windows) - The computer provided by FEI to protect *ScopePC* while allow RAPID system support from them through internet.

** Two network cards are on this computer.

** Local network Static IP address (192.168.200.100 in this example)

** Outbound institute network Static IP address (137.131.204.250 in this example)

# *ProcessingLinux* (Linux) - The computer that runs Leginon processing.

** Institute network Static IP address (137.131.204.500 in this example)

# *DatabaseLInux* (Linux) - The computer that runs Leginon database server.  In a simpler setup this might be the same computer as the ProcessingLinux as illustrated in the figure below.

** Institute network Static IP address (137.131.204.700 in this example)

!http://emg.nysbc.org/attachments/2484/PortForward.png!

*Ethernet cables should be connected like in the figure above.*

h2. TCP/IP Gateway Settings on *ScopePC*

This should be set to the local IP address of the *SupportPC* like this:

!gateway.png!

h2. Firewall settings on *SupportPC*

** allow communication to *ScopePC* and *ProcessLinux* and *DatabaseLinux*.

h2. Hosts file addition if needed

--Appropriate IP addresses and hostnames added to the hosts files

(C:/WINDOWS/System32/drivers/etc/hosts.txt on Windows PC's and

/etc/hosts on Linux).

* On *ScopePC* - list hostnames of *SupportPC*, *DatabaseLinux* and *ProcessingLinux*

* On *SupportPC* - list both hostnames of *ScopePC* and *DatabaseLinux* and *ProcessingLinux*

* On *ProcessingLinux* and *DatabaseLinux* - list hostname of *SupportPC* in additional to other linux hosts  but not *ScopePC* since all communication from *ScopePC* to these through *SupportPC* will appear to come from *SupportPC*

h2. Install port forwarding program AUTAPF which allows needed host/port specification on *SupportPC*

The screen shot below shows that case where:

* Port 55555 is opened by legion/laumcher.py (often called Leginon Client") on *ScopePC*, intended to serve data to *ProcessingLinux*. (Fixed port)

* Ports 49152 and 49153 are opened by two processes to send/receive data to *ScopePC". (You may need to add more ports in case of blockage.  See [[Ports used by Leginon]])

* Port 3306 is dedicated for database connection. (Fixed port)

!autapf.PNG!

h1. Another account of setting up port forwarding

Based on the experiences of Morgan Beeby at Imperial College London, late 2014 / early 2015.

In my experience, setting up Leginon on a microscope hidden behind a support PC is relatively straightforwards as long as you are fairly painstaking at each step. Here is my experience distilled from a couple of installations.

Essentially the support PC is bridging between two networks, both of which it is connected to: the Microscope subnetwork and the wider LAN.

* Install Leginon server on the CentOS 6.5 server PC

* Install Leginon on the microscope PC using a memory stick to transfer files

* Work out the following information, and write it down precisely:

** Microscope PC parameters:

*** Hostname: run python, and type:

**** import socket

**** socket.gethostname()

*** IP address on the Microscope subnetwork: at C: prompt, type:

**** ipconfig/all

** Support PC parameters:

*** IP address for the support PC on both the Microscope subnetwork, and wider LAN: at C: prompt, type:

**** ipconfig/all

** Leginon server machine parameters:

*** Hostname:

**** import socket

**** socket.gethostname()

*** IP address on the wider LAN:

**** Type ifconfig in terminal

* Install the commercial version of AUTAPF on the support PC 

* Configure the Microscope PC

** c:/WINDOWS/system32/drivers/etc/hosts

*** Add a line with the Support PC's IP address and the Leginon server's hostname, separated by spaces. For example:

**** 192.168.1.1 leginon

*** Edit c:\Program Files\myami\sinedon.cfg so that 'host' reflects the Leginon server hostname

* Configure AUTAPF on the Support PC

 |_.Local |_.IP	|_.Local port	|_.Forward to host	|_.Forward to port|

  | Support PC IP (wider network)|	55555	|Microscope hostname	|55555|

   Support PC IP (microscope network)	49153	Leginon hostname	49153

   Support PC IP (microscope network)	49154	Leginon hostname	49154

   Support PC IP (microscope network)	49155	Leginon hostname	49155

   Support PC IP (microscope network)	49156	Leginon hostname	49156

   Support PC IP (microscope network)	49157	Leginon hostname	49157

Support PC IP (microscope network)	49158	Leginon hostname	49158

Support PC IP (microscope network)	49159	Leginon hostname	49159

Support PC IP (microscope network)	49160	Leginon hostname	49160

Support PC IP (microscope network)	49161	Leginon hostname	49161

Support PC IP (microscope network)	49162	Leginon hostname	49162

Support PC IP (wider network)	49153	Microscope hostname	49153

Support PC IP (wider network)	49154	Microscope hostname	49154

Support PC IP (wider network)	49155	Microscope hostname	49155

Support PC IP (wider network)	49156	Microscope hostname	49156

Support PC IP (wider network)	49157	Microscope hostname	49157

Support PC IP (wider network)	49158	Microscope hostname	49158

Support PC IP (wider network)	49159	Microscope hostname	49159

Support PC IP (wider network)	49160	Microscope hostname	49160

Support PC IP (wider network)	49161	Microscope hostname	49161

Support PC IP (wider network)	        49162	Microscope hostname	49162

Support PC IP (microscope network)	3306	Leginon hostname	3306

</nowiki>

* Configure the Leginon server PC

______

[[Network Configuration| Go up]]

______