JNLP firewalls and port ranges.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

JNLP firewalls and port ranges.

owen.synge
Dear Hudson team,

When you have a firewall between the slave and the master in Hudson.

The slave connects to the master via

java -jar slave.jar -jnlpUrl \
 http://svn.dcache.org/build/computer/${slavename}/slave-agent.jnlp

So far I know 80 and 57236 are their others? Could this be documented
in the jnlp introduction pages.

Regards

Owen Synge

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: JNLP firewalls and port ranges.

Kirill Evstigneev @spera
AFAIK the latter port number is dynamic. To pierce a firewall this port have to be fixed - go to Manage Hudson > Configure system, check "Enable security", set "TCP port for JNLP slave agents" to Fixed and enter a distinct number (say 7777).

In this case firewall should permit TCP connections (given Hudson master port is 8080):
slave:any -> master:8080
slave:any -> master:7777

Some info on firewalled setup is here: http://wiki.hudson-ci.org/display/HUDSON/Distributed+builds

owen.synge wrote
When you have a firewall between the slave and the master in Hudson.

The slave connects to the master via

java -jar slave.jar -jnlpUrl \
 http://svn.dcache.org/build/computer/${slavename}/slave-agent.jnlp

So far I know 80 and 57236 are their others? Could this be documented
in the jnlp introduction pages.
Reply | Threaded
Open this post in threaded view
|

Re: JNLP firewalls and port ranges.

owen.synge
Dear kirill,

Thank you very much. This is confirmed to have worked and solved my
slightly unpredictable issue with connecting.

I am a little surprised it is dynamic by default and can't think of a
benefit for this.

Regards

Owen



On Fri, 26 Feb 2010 03:02:32 -0800 (PST)
"Kirill Evstigneev @spera" <[hidden email]> wrote:

>
> AFAIK the latter port number is dynamic. To pierce a firewall this port have
> to be fixed - go to Manage Hudson > Configure system, check "Enable
> security", set "TCP port for JNLP slave agents" to Fixed and enter a
> distinct number (say 7777).
>
> In this case firewall should permit TCP connections (given Hudson master
> port is 8080):
> slave:any -> master:8080
> slave:any -> master:7777
>
> Some info on firewalled setup is here:
> http://wiki.hudson-ci.org/display/HUDSON/Distributed+builds
>
>
> owen.synge wrote:
> >
> > When you have a firewall between the slave and the master in Hudson.
> >
> > The slave connects to the master via
> >
> > java -jar slave.jar -jnlpUrl \
> >  http://svn.dcache.org/build/computer/${slavename}/slave-agent.jnlp
> >
> > So far I know 80 and 57236 are their others? Could this be documented
> > in the jnlp introduction pages.
> >
>
> --
> View this message in context: http://n4.nabble.com/JNLP-firewalls-and-port-ranges-tp1569045p1570458.html
> Sent from the Hudson users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: JNLP firewalls and port ranges.

Kohsuke Kawaguchi
Administrator
The benefit is that you can run multiple Hudson on the same host and
it'll still work correctly.

2010/2/26  <[hidden email]>:

> Dear kirill,
>
> Thank you very much. This is confirmed to have worked and solved my
> slightly unpredictable issue with connecting.
>
> I am a little surprised it is dynamic by default and can't think of a
> benefit for this.
>
> Regards
>
> Owen
>
>
>
> On Fri, 26 Feb 2010 03:02:32 -0800 (PST)
> "Kirill Evstigneev @spera" <[hidden email]> wrote:
>
>>
>> AFAIK the latter port number is dynamic. To pierce a firewall this port have
>> to be fixed - go to Manage Hudson > Configure system, check "Enable
>> security", set "TCP port for JNLP slave agents"       to Fixed and enter a
>> distinct number (say 7777).
>>
>> In this case firewall should permit TCP connections (given Hudson master
>> port is 8080):
>> slave:any -> master:8080
>> slave:any -> master:7777
>>
>> Some info on firewalled setup is here:
>> http://wiki.hudson-ci.org/display/HUDSON/Distributed+builds
>>
>>
>> owen.synge wrote:
>> >
>> > When you have a firewall between the slave and the master in Hudson.
>> >
>> > The slave connects to the master via
>> >
>> > java -jar slave.jar -jnlpUrl \
>> >  http://svn.dcache.org/build/computer/${slavename}/slave-agent.jnlp
>> >
>> > So far I know 80 and 57236 are their others? Could this be documented
>> > in the jnlp introduction pages.
>> >
>>
>> --
>> View this message in context: http://n4.nabble.com/JNLP-firewalls-and-port-ranges-tp1569045p1570458.html
>> Sent from the Hudson users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>



--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]