9

What firewall settings must be used on the remote machine for a remote kernel connection to work?

In particular I'm interested in connecting from Windows (front end) to a Linux machine (kernel).

Szabolcs
  • 24,728
  • 9
  • 85
  • 174
  • 1
    I have never been able to get this working in the past. I think it'd be useful to have a tutorial on how to do this here on SO. – Szabolcs Jun 03 '11 at 10:57
  • Perhaps Sjoerd can help http://stackoverflow.com/questions/6089690/import-from-web-set-user-agent-in-mathematica/6089926#6089926 – Dr. belisarius Jun 03 '11 at 12:56
  • 1
    Right now I was trying to launch a 6.0 kernel on a remote machine (that I believed not to be firewalled) from a 8.0 FE. The first evaluation just hangs for a while, with ~20% constant CPU usage by the FE, then it fails without an error. Don't really know how to interpret this symptom. But, apart from this specific issue, I'd really like to have a complete tutorial here on how to launch remote kernels, and especially how to troubleshoot not being able to launch it! – Szabolcs Jun 03 '11 at 13:00
  • Yes, I would like that too. I have been using the mma FE on my macbook to run a remote kernel on my Linux office machine (which is much more powerful) with no problem for months. Then it stopped working, with the symptoms Szabolcs describes. No change in configuration or firewalls, no problem to ssh into my machine and run it, using parallel kernels on the remote box from the macbook is OK. So, yes, it would be nice to have some sort of knowledge base for this... – acl Jun 03 '11 at 14:35
  • @acl you can upvote the question for more exposure – Szabolcs Jun 03 '11 at 15:12
  • @szabolcs good point :) I doubt we'll get an answer though... – acl Jun 03 '11 at 15:40
  • 1
    Something useful I found: http://library.wolfram.com/infocenter/Conferences/7250/ – Szabolcs Jun 03 '11 at 16:00
  • @belisarius Actually, this was about mma getting through our firewall to the wolfram data servers. MMA uses standard http requests to do that and my office firewall required the old NTLM authentication protocol to be used. Both IE and FF can handle that, but MMA doesn't. I'm not sure whether this is directly relevant for remote computing as I don't know what protocols and ports are involved. I had some success using the Lightweight Grid (LightweightGridClient/tutorial/Introduction) at my home LAN, though I couldn't see all the clients on all of our computers (my wife owned two mma licenses) – Sjoerd C. de Vries Jun 03 '11 at 18:34
  • Szabolcs, did you try sniffing with Wireshark to see what happens communication/protocol/port-wise? – Sjoerd C. de Vries Jun 03 '11 at 18:36
  • @Sjoerd A pity. I thought your problem was near this one. And my wife own two Ferraris. – Dr. belisarius Jun 03 '11 at 18:40
  • @belisarius Ferraris, schmeraris. Can you gain rep with them on SO? – Sjoerd C. de Vries Jun 03 '11 at 19:13
  • @Sjoerd It is the other way. But we bought the Ferraris by selling rep points in the black market. – Dr. belisarius Jun 03 '11 at 20:42
  • @belisarius OK, so that explains why Mr.Wizard is so much ahead of me... I should have known. – Sjoerd C. de Vries Jun 03 '11 at 21:04
  • @Sjoerd You could add NTLM authentication capability to MMA by installing [NTLM Authorization Proxy Server](http://ntlmaps.sourceforge.net/) and configuring MMA to work through it. – Alexey Popkov Jun 05 '11 at 02:49
  • 3
    @szabolcs A newer version of the Tunnel script from the Remote Kernel strategies talk is available [here](http://www.unisoftwareplus.com/download/Tunnel.zip). – sakra Jun 05 '11 at 08:29
  • @Alexey In the answer belisarius was referring to above (http://stackoverflow.com/questions/6089690/import-from-web-set-user-agent-in-mathematica/6089926#6089926) I already mentioned the possibility of using a proxy to get through a firewall with NTLM authentication. I used CNTLM, which seemed to work much better than NTLMAPS. At least, it let me read most of Wolfram's computable data. – Sjoerd C. de Vries Jun 05 '11 at 19:08
  • It works well on local network if both machines have full access to each other. Mathematica on server opens random ports, I haven't fond the way to give specific ports on server, which makes a problem if you want to connect from outside the local network, then you have to use some solution like VPN. – enedene Jun 08 '11 at 05:10
  • I am travelling at the moment, so work on this is on hold for a while. Will get back to the question when I have un-tunneled access to the server again. – Szabolcs Jun 08 '11 at 08:47
  • @enedene that's the thing, in my case, it worked perfectly well between two machines on the same network (via ethernet) and then it stopped. there's no firewall between them, no nothing. it just hangs. a few times it did work, then when I quit and tried to restart the remote kernel, it didn't work... note that starting remote parallel kernels works just fine... – acl Jun 08 '11 at 15:49
  • @sakra, great! With your script I managed to get it working. – Szabolcs Jun 13 '11 at 13:15
  • As an update, the Remote Kernel Strategies talk has been superseded by the [**Tunnel**](https://github.com/sakra/Tunnel) package. – E.P. Mar 29 '16 at 11:58

1 Answers1

2

I don't know the exact ports, but this is a generic way to solve most such firewall issues: (at least with connections using TCP)

Try to use the 'netstat -n' command and see which remote ports do the connections that are being blocked by the firewall use. They should be in the SYN_SENT state or something similar. Then on the remote machine open those ports and try to repeat this process until it works.

Cristian Măgherușan-Stanciu
  • 568
  • 4
  • 14