An example of working port-forwarding configuration » History » Revision 13
Revision 12 (Morgan Beeby, 02/22/2015 10:15 AM) → Revision 13/15 (Morgan Beeby, 02/22/2015 10:26 AM)
h1. An example of working port-forwarding configuration h2. (Paraphrased from description by Brian J. Gibbens) and tested at NRAMM Local network (192.168.xxx.xxx in this example) can not be accessed directly through institute network that has internet access before port forwarding. h2. The computer hosts involved in this port-forwarding configuration listed by hostname and operation system in ( ): # *ScopePC* (Windows) - The computer controlling the microscope ** connected only to local network ** Static local IP addresses (192.168.200.99 in this example) is set to this host. # *SupportPC* (Windows) - The computer provided by FEI to protect *ScopePC* while allow RAPID system support from them through internet. ** Two network cards are on this computer. ** Local network Static IP address (192.168.200.100 in this example) ** Outbound institute network Static IP address (137.131.204.250 in this example) # *ProcessingLinux* (Linux) - The computer that runs Leginon processing. ** Institute network Static IP address (137.131.204.500 in this example) # *DatabaseLInux* (Linux) - The computer that runs Leginon database server. In a simpler setup this might be the same computer as the ProcessingLinux as illustrated in the figure below. ** Institute network Static IP address (137.131.204.700 in this example) !http://emg.nysbc.org/attachments/2484/PortForward.png! *Ethernet cables should be connected like in the figure above.* h2. TCP/IP Gateway Settings on *ScopePC* This should be set to the local IP address of the *SupportPC* like this: !gateway.png! h2. Firewall settings on *SupportPC* ** allow communication to *ScopePC* and *ProcessLinux* and *DatabaseLinux*. h2. Hosts file addition if needed --Appropriate IP addresses and hostnames added to the hosts files (C:/WINDOWS/System32/drivers/etc/hosts.txt on Windows PC's and /etc/hosts on Linux). * On *ScopePC* - list hostnames of *SupportPC*, *DatabaseLinux* and *ProcessingLinux* * On *SupportPC* - list both hostnames of *ScopePC* and *DatabaseLinux* and *ProcessingLinux* * On *ProcessingLinux* and *DatabaseLinux* - list hostname of *SupportPC* in additional to other linux hosts but not *ScopePC* since all communication from *ScopePC* to these through *SupportPC* will appear to come from *SupportPC* h2. Install port forwarding program AUTAPF which allows needed host/port specification on *SupportPC* The screen shot below shows that case where: * Port 55555 is opened by legion/laumcher.py (often called Leginon Client") on *ScopePC*, intended to serve data to *ProcessingLinux*. (Fixed port) * Ports 49152 and 49153 are opened by two processes to send/receive data to *ScopePC". (You may need to add more ports in case of blockage. See [[Ports used by Leginon]]) * Port 3306 is dedicated for database connection. (Fixed port) !autapf.PNG! h1. Another account of setting up port forwarding Based on the experiences of Morgan Beeby at Imperial College London, late 2014 / early 2015. In my experience, setting up Leginon on a microscope hidden behind a support PC is relatively straightforwards as long as you are fairly painstaking at each step. Here is my experience distilled from a couple of installations. Essentially the support PC is bridging between two networks, both of which it is connected to: the Microscope subnetwork and the wider LAN. * Install Leginon server on the CentOS 6.5 server PC * Install Leginon on the microscope PC using a memory stick to transfer files * Work out the following information, and write it down precisely: ** Microscope PC parameters: *** Hostname: run python, and type: **** import socket **** socket.gethostname() *** IP address on the Microscope subnetwork: at C: prompt, type: **** ipconfig/all ** Support PC parameters: *** IP address for the support PC on both the Microscope subnetwork, and wider LAN: at C: prompt, type: **** ipconfig/all ** Leginon server machine parameters: *** Hostname: **** import socket **** socket.gethostname() *** IP address on the wider LAN: **** Type ifconfig in terminal * Install the commercial version of AUTAPF on the support PC * Configure the Microscope PC ** c:/WINDOWS/system32/drivers/etc/hosts *** Add a line with the Support PC's IP address and the Leginon server's hostname, separated by spaces. For example: **** 192.168.1.1 leginon *** Edit c:\Program Files\myami\sinedon.cfg so that 'host' reflects the Leginon server hostname * Configure support PC ** Edit c:/WINDOWS/system32/drivers/etc/hosts and add lines listing: *** The leginon server IP address on the wider LAN against its hostname, *** The microscope PC's IP address on the microscope subnetwork against its hostname ** Configure AUTAPF on the Support PC |_.Local IP |_.IP |_.Local port |_.Forward to host |_.Forward to port| | Support PC IP (wider network)| 55555| 55555 Microscope hostname| 55555| |Support |Microscope hostname |55555| Support PC IP (microscope network)| network) 49153| 49153 Leginon hostname| hostname 49153| |Support 49153 Support PC IP (microscope network)| network) 49154| 49154 Leginon hostname| hostname 49154| |Support 49154 Support PC IP (microscope network)| network) 49155| 49155 Leginon hostname| hostname 49155| |Support 49155 Support PC IP (microscope network)| network) 49156| 49156 Leginon hostname| hostname 49156| |Support 49156 Support PC IP (microscope network)| network) 49157| 49157 Leginon hostname| hostname 49157| 49157 |Support Support PC IP (microscope network)| network) 49158| 49158 Leginon hostname| hostname 49158| 49158 |Support Support PC IP (microscope network)| network) 49159| 49159 Leginon hostname| hostname 49159| 49159 |Support Support PC IP (microscope network)| network) 49160| 49160 Leginon hostname| hostname 49160| 49160 |Support Support PC IP (microscope network)| network) 49161| 49161 Leginon hostname| hostname 49161| 49161 |Support Support PC IP (microscope network)| network) 49162| 49162 Leginon hostname| hostname 49162| 49162 |Support Support PC IP (wider network)| network) 49153| 49153 Microscope hostname| hostname 49153| 49153 |Support Support PC IP (wider network)| network) 49154| 49154 Microscope hostname| hostname 49154| 49154 |Support Support PC IP (wider network)| network) 49155| 49155 Microscope hostname| hostname 49155| 49155 |Support Support PC IP (wider network)| network) 49156| 49156 Microscope hostname| hostname 49156| 49156 |Support Support PC IP (wider network)| network) 49157| 49157 Microscope hostname| hostname 49157| 49157 |Support Support PC IP (wider network)| network) 49158| 49158 Microscope hostname| hostname 49158| 49158 |Support Support PC IP (wider network)| network) 49159| 49159 Microscope hostname| hostname 49159| 49159 |Support Support PC IP (wider network)| network) 49160| 49160 Microscope hostname| hostname 49160| 49160 |Support Support PC IP (wider network)| network) 49161| 49161 Microscope hostname| hostname 49161| 49161 |Support Support PC IP (wider network)| network) 49162| 49162 Microscope hostname| hostname 49162| 49162 |Support Support PC IP (microscope network)| network) 3306| 3306 Leginon hostname| hostname 3306| 3306 *** In AUTAPF, click PFO > Enable All. </nowiki> * Configure the Leginon server PC ** Edit /etc/hosts files: Add Support PC IP address on the wider LAN and the microscope PC's hostname, e.g.: *** 12.69.34.123 Tecnai-12345678 ______ [[Network Configuration| Go up]] ______