Re: [HTCondor-users] Issues with firewall when USE_SHARED_PORT = True

[Todd L Miller <tlmiller@xxxxxxxxxxx>]

> Config is one Central manager + submit node and one Execute-only node. I 
> have USE_SHARED_PORT enabled on both nodes. I can do condor_q, 
> condor_status commands fine. I need to enable a firewall. I used 
> iptables on the central manager node and allowed port 9618 as input. As 
> soon as I do this it is unable to complete the above commands which time 
> out and give the following error

	Did you restart HTCondor after enabling USE_SHARED_PORT?  I 
wouldn't expect daemons configured to use shared port to have any listen 
ports of their own.  What does 'condor_config_val USE_SHARED_PORT' say?

	Is the directory DAEMON_SOCKET_DIR writeable by the condor user, 
or whichever user you're running the HTCondor daemon as?

> I gather the daemons use randomly allocated ports. Do I need to use a 
> fixed port for each one and allow it through as well?

	No.  When everything's working right, all the daemons will share a 
single port (hence the name of the knob).

> Do I need to use SHARED_PORT on both the central manager and the execute 
> nodes or is only required on one of them?

	It depends on your firewall requirements.  If your execute node 
doesn't need a firewall, you don't need to use shared port on it.

- ToddM