Manualshelf

Software Distributor: Firewall Configuration Cookbook

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor
12345
6. The SystemA swagent sends the SystemB swagent the requested data.
7. After all the data has been transferred, the child swagent process on SystemA completes
and terminates. The SystemB swagent also completes and terminates. Communication is
closed on the new port.
Section 1:Generating the Network Firewall Access Request
The network firewall access must have an entry for the daemon (swagentd) process and entries
for the agent (swagent) processes. The daemon (swagentd) by default listens on port 2121. This
example uses the default port 2121.
The agent (swagent) normally is not restricted to a range of ports, but it can be configured to
use a sequential range of ports. The system administrator can decide how many concurrent
sessions will be allowed with the SD controller inside the firewall. Remember, the internal system
should have enough concurrent sessions to answer external and internal SD requests. Most
lightly- to medium-used installations will suffice with approximately ten (10) concurrent sessions.
This example will request ten concurrent sessions at port 4000 thru 4009.
To allow SD to work across this firewall, first request that your Network security group open
the ports in the following manner:
PortsToFrom
2121 (swagentd)
4000-4009 (swagent)
SystemASystemB
4000-4009 (swagent)SystemBSystemA
Section 2: Setting Port Restrictions on the swagent Process
On both SystemA and SystemB, the swagent process needs configuration to limit
communication on the firewall-allowed ports. This is done by creating a wrapper process that
sets the port restriction on the swagent process.
To create a new swagent2 wrapper process, perform the following steps:
1. Log in as root on SystemA (agent).
2. Create the file /usr/lbin/swagent2. This will limit the /usr/lbin/swagent process
to use the RPC_RESTRICTED_PORTS allowed by the firewall.
vi /usr/lbin/swagent2
#! /sbin/sh
# Specify DCE/RPC ports to allow firewall access
export RPC_RESTRICTED_PORTS="ncacn_ip_tcp[4000-4009]"
/usr/lbin/swagent $*
Save the file.
3. Set the proper ownership and mode on the /usr/lbin/swagent2 file:
chown bin:bin /usr/lbin/swagent2
chmod 555 /usr/lbin/swagent2
4. Repeat steps 1-3 on SystemB (controller)
Section 3: Setting Port Restriction Defaults on swagent and swagentd
Processes
On both SystemA and SystemB, the SD port usage defaults must be set. These defaults are used
by SD processes when communicating between agent and controller.
To set the SD port usage defaults, perform the following steps:
6