[torqueusers] Running torque with iptables

Ti Leggett leggett at mcs.anl.gov
Fri Oct 21 08:53:15 MDT 2011


What's the proper way to make a feature request to have a runtime configuration option for the port ranges used?

On Oct 20, 2011, at 2:55 PM, Ken Nielson wrote:

> ----- Original Message -----
>> From: "Ti Leggett" <leggett at mcs.anl.gov>
>> To: "Torque Users Mailing List" <torqueusers at supercluster.org>
>> Sent: Wednesday, October 19, 2011 3:09:48 PM
>> Subject: [torqueusers] Running torque with iptables
>> 
>> We're rolling out locking down machines much more tightly using
>> iptables after a security incident. I've read the documentation and
>> I have tcp/udp 15001 and tcp 15004 open on the PBS server, I have
>> tcp 15002, tcp/udp 15003 and udp 0-1023 opened on the PBS MOMs and I
>> have udp 0-1023 on the submit hosts. However it seems the MOM
>> superior is trying to talk back to the submit host on tcp ephemeral
>> ports >1024. Is there any way to restrict the range of those ports
>> it's trying to use so that I can open those up appropriately, or am
>> I going to have to take the (undesired) route of opening everything
>> up between the MOMs and submit hosts?
> 
> The MOMs should only communicate with pbs_server and the other MOMs. I do not believe they communicate with the submit hosts. Could you tell us more about your setup?
> 
> Regards
> 
> Ken
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20111021/c4528df2/attachment.bin 


More information about the torqueusers mailing list