data:Dcache/190/server/prepare/firewall

The dCache frontend runs SE services (GRIS, GridFTP, SRM). Which ports are used for dCache is essentially not important. But it's advisable when all sites that support dCache are using the same ports, so compatibility is automatically achived in an easy manner. When you are setting up your dCache system (by means of dCacheConfigure.sh) you can configure the ports to be opend in site-info.def with the varibales...

DCACHE_PORT_RANGE_PROTOCOLS_SERVER_GSIFTP

Sets the portrange for dcache as a GSIFTP server in "passive" mode. Default value is from 50000 till 52000 ("50000,52000").

DCACHE_PORT_RANGE_PROTOCOLS_CLIENT_GSIFTP

Sets the portrange for dcache as a GSIFTP client in "active" mode. Default value is from 33115 till 33125 ("33115,33125").

DCACHE_PORT_RANGE_PROTOCOLS_SERVER_MISC

Sets the portrange for dcache as a (GSI)DCAP and xrootd server in "passive" mode. Default value is from 60000 till 62000 ("60000,62000").

And this is what dCache developers suggest to configure the firewall. (table taken from dCache book, chapter 22)

Protocol	Port(s)	Direction	Nodes
dCap	22125	incoming	doorDomain (admin node)
	any	outgoing	pools
GSIdCap	22128	incoming	gsidcapDomain (where GSIDCAP=yes in node_config)
	any	outgoing	pools
GridFTP	2811	incoming	gridftpDomain (where GRIDFTP=yes in node_config)
	20000-25000	outgoing (active FTP)	pools
	20000-25000	incoming (passive FTP)	gridftpDomain
SRM v1	8443	incoming	srmDomain
SRM v2	8444	incoming	srmDomain

To change these configurations after setting up dCache, go to /opt/d-cache/config/dCacheSetup and modify the values for (if you want to adopt the settings proposed by the developers)...

• in the "Java Configuration" section the parameters
  • Dorg.globus.tcp.port.range to "20000,25000"
  • Dorg.dcache.net.tcp.portrange to "33115,33215"
• in the section "Network Configuration"
  • dCapPort to "22125"
  • dCapGsiPort to "22128"
  • gsiFtpPortNumber to "2811"
  • srmPort to "8443"
  • clientDataPortRange to "20000,25000"