Back Midas Rome Roody Rootana
  Midas DAQ System  Not logged in ELOG logo
Entry  24 Jun 2010, Jimmy Ngai, Forum, Error connecting to back-end computer 
    Reply  26 Jun 2010, Konstantin Olchanski, Forum, Error connecting to back-end computer 
       Reply  27 Jun 2010, Jimmy Ngai, Forum, Error connecting to back-end computer 
          Reply  28 Jun 2010, Stefan Ritt, Forum, Error connecting to back-end computer 
             Reply  28 Jun 2010, Jimmy Ngai, Forum, Error connecting to back-end computer 
                Reply  29 Jun 2010, Konstantin Olchanski, Forum, Error connecting to back-end computer 
Message ID: 711     Entry time: 29 Jun 2010     In reply to: 710
Author: Konstantin Olchanski 
Topic: Forum 
Subject: Error connecting to back-end computer 
> > The way connections work under Midas is there is a callback scheme. The client starts 
> > mserver on the back-end, then the back-end connects back to the front-end on three 
> > different ports. These ports are assigned dynamically by the operating system and are 
> > typically in the range 40000-60000. So you also have to allow the reverse connection on 
> > your firewalls.
> 
> It works now after allowing ports 40000-60000 in the front-end computer. Thanks!


Yes, right. Midas networking does not like firewalls.

In the nutshell, TCP connections on all TCP ports have to be open between all computers
running MIDAS. I think in practice it is not a problem: you only ever have a finite (a small
integer) number of computers running MIDAS and you can be added them as exceptions to the
firewall rules. These exceptions should not create any security problem because you still have
the MIDAS computers firewalled from the outside world and one hopes that they will not be
attacking each other.

P.S. Permitting ports 40000-60000 is not good enough. TCP ports are allocated to TCP
connections semi-randomly from a 16-bit address space (0..65535) and your system will bomb
whenever port numbers like 39999 or 60001 get used.


K.O.
ELOG V3.1.4-2e1708b5