How to configure GS/S 6.1.2 through a firewall (blast from the past)

Proof that 10088 is configured correctly, I just closed that port in the firewall and the error message is different:

 

GS Server Error - GbsHostErrCantSpawn - Unable to create a GemStone session.

NetLDI service 'netldi61' not found on node 'MyIP:

Nonblocking connect(MyIP,port=10088) failed to complete.

 

From: Normand Mongeau [[hidden email]]
Sent: 24 février 2014 22:34
To: 'James Foster'
Subject: RE: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

Hi James,

 

I should have mentioned that port 10088 is already configured and functional, and the firewall already lets it through.

 

There is something missing and I don’t know what, but this is extremely frustrating.

 

Here’s where I am:

 

-netldi61 10088/tcp is configured in the services file

-port 10088 is open in the firewall

-the netldi service was created with a port range (I now changed it to 7001:7006)

-ports 7001 to 7006 are also open in the firewall

 

When I connect using the LAN ip address, it works, but when I try using the public WAN address,  I always get an error message, and the port is always outside the 7001 to 7006 range.

 

Normand

 

From: James Foster [[hidden email]]
Sent: 24 février 2014 21:27
To: Normand Mongeau
Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

Normand,

 

The existing NetLDI process is rather complex (but will improve in the forthcoming 64-bit 3.2). You need to have at least two ports open, one for the initial connection between the GCI client and the NetLDI process and one for the subsequent connection between the GCI client and the Gem launched by the NetLDI.

 

The first connection is on a port defined when the NetLDI is started. If you don’t give a name or number, there is a default and in your case it is 10088. Note that you need to open this port on the firewall (and it is below the range you designated). When you initiate a connection from the GCI client, it needs to know the NetLDI port. If you provide a number, that is fine. If you provide a name, then it will do a lookup in the services file (C:\Windows\System32\drivers\etc\services) and use the number found there. If you do not have an entry for netldi61, then it will attempt the connection on a random port (not very helpful!). In your example it attempted a connection on 53695, indicating that you do not have the Windows client configured properly.

 

The port range you provided when you configured NetLDI deals with the second connection, and I’d say that one port should be adequate. I’d suggest you start NetLDI on 10088 and use 10089:10089 as the secondary port range. Then open 10088 to 10089 on your firewall. Finally, on your client, add an entry to your services file or explicitly use 10088 instead of netldi61 as the service.

 

James

On Feb 24, 2014, at 5:08 PM, Normand Mongeau <[hidden email]> wrote:

 

Hi,

 

I’m trying to open up a firewall to let through an old app running on an old 6.1.2 GS/S server, and am having a hard time. Note that the server is running on a Windows XP box.

 

I configured netldi61 thus:

 

Netldi61 create /a /b /g /p: 11000:11050

 

And opened up ports 11000 to 11050 in my firewall, yet when I try to connect I get errors like this:

 

GS Server Error - GbsNetErrConnectionRefused - ["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrConnectionRefused  Nonblocking connect(my IP Address,port=53695) failed to complete.]

 

 

The Netldi log reads like this, so the port range is in effect:

 

Summary of netldi parameters:

   The host name is "phatboy".

   GEMSTONE is: "C:\GemStone61".

   System password authorization is permitted.

   Clients are not authenticated.

   Process creation is permitted through user's HOME directory.

   Pool of ports is "11000:11050".

   Created processes belong to the account named "SYSTEM".

   The default directory for log files is 'C:\users\default\'.

Entering Service Loop

 

Gslist –x reports this, again indicating the port range should be in effect:

 

netldi61

  status=  running

  type=    Netldi

  version= 6.1.2

  owner=   SYSTEM

  started= Feb 21 15:09

  pid=     5104

  port=    10088

  options=  -g -a SYSTEM -p 11000:11050

  logfile= C:/GemStone61/log/netldi61.log

 

 

Why is GS trying to reach port 53695?

 

Normand

 

_______________________________________________
GemStone-Smalltalk mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/gemstone-smalltalk

 

BTW another oddity, all processes show as killed as soon as I start them, for example

 

C:\GemStone61\bin>stone start icp1

stone start[Info]: Waiting for 'icp1' to start .

stone start[Info]: Server 'icp1' has been started.

 

C:\GemStone61\bin>gslist

Status   Version      Owner       Started     Type  Name

-------- --------- ------------- ------------ ------ ----

killed   6.1.2     SYSTEM        Feb 24 23:02 cache  icp1@phatboy

killed   6.1.2     SYSTEM        Feb 24 23:02 Stone  icp1

 

C:\GemStone61\bin>

 

Any ideas why? The logs show nothing unusual.

 

 

From: James Foster [[hidden email]]
Sent: 24 février 2014 22:50
To: Normand Mongeau
Cc: [hidden email]
Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

Good work verifying that the initial connection from the GCI client to the NetLDI is working. Reading the error message more closely I see that the problem claims to be connecting to the stone. Are you doing a linked login or an RPC login? I think it will be much more difficult to do a linked login from outside a firewall. Can you start the NetLDI in debug mode (/d)? Can you track down the various log files? Is there a gemnetobject log file?

 

James

On Feb 24, 2014, at 7:42 PM, Normand Mongeau <[hidden email]> wrote:

Proof that 10088 is configured correctly, I just closed that port in the firewall and the error message is different:

 

GS Server Error - GbsHostErrCantSpawn - Unable to create a GemStone session.

NetLDI service 'netldi61' not found on node 'MyIP:

Nonblocking connect(MyIP,port=10088) failed to complete.

 

From: Normand Mongeau [[hidden email]]
Sent: 24 février 2014 22:34
To: 'James Foster'
Subject: RE: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

Hi James,

 

I should have mentioned that port 10088 is already configured and functional, and the firewall already lets it through.

 

There is something missing and I don’t know what, but this is extremely frustrating.

 

Here’s where I am:

 

-netldi61 10088/tcp is configured in the services file

-port 10088 is open in the firewall

-the netldi service was created with a port range (I now changed it to 7001:7006)

-ports 7001 to 7006 are also open in the firewall

 

When I connect using the LAN ip address, it works, but when I try using the public WAN address,  I always get an error message, and the port is always outside the 7001 to 7006 range.

 

Normand

 

From: James Foster [[hidden email]]
Sent: 24 février 2014 21:27
To: Normand Mongeau
Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

Normand,

 

The existing NetLDI process is rather complex (but will improve in the forthcoming 64-bit 3.2). You need to have at least two ports open, one for the initial connection between the GCI client and the NetLDI process and one for the subsequent connection between the GCI client and the Gem launched by the NetLDI.

 

The first connection is on a port defined when the NetLDI is started. If you don’t give a name or number, there is a default and in your case it is 10088. Note that you need to open this port on the firewall (and it is below the range you designated). When you initiate a connection from the GCI client, it needs to know the NetLDI port. If you provide a number, that is fine. If you provide a name, then it will do a lookup in the services file (C:\Windows\System32\drivers\etc\services) and use the number found there. If you do not have an entry for netldi61, then it will attempt the connection on a random port (not very helpful!). In your example it attempted a connection on 53695, indicating that you do not have the Windows client configured properly.

 

The port range you provided when you configured NetLDI deals with the second connection, and I’d say that one port should be adequate. I’d suggest you start NetLDI on 10088 and use 10089:10089 as the secondary port range. Then open 10088 to 10089 on your firewall. Finally, on your client, add an entry to your services file or explicitly use 10088 instead of netldi61 as the service.

 

James

On Feb 24, 2014, at 5:08 PM, Normand Mongeau <[hidden email]> wrote:

 

Hi,

 

I’m trying to open up a firewall to let through an old app running on an old 6.1.2 GS/S server, and am having a hard time. Note that the server is running on a Windows XP box.

 

I configured netldi61 thus:

 

Netldi61 create /a /b /g /p: 11000:11050

 

And opened up ports 11000 to 11050 in my firewall, yet when I try to connect I get errors like this:

 

GS Server Error - GbsNetErrConnectionRefused - ["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrConnectionRefused  Nonblocking connect(my IP Address,port=53695) failed to complete.]

 

 

The Netldi log reads like this, so the port range is in effect:

 

Summary of netldi parameters:

   The host name is "phatboy".

   GEMSTONE is: "C:\GemStone61".

   System password authorization is permitted.

   Clients are not authenticated.

   Process creation is permitted through user's HOME directory.

   Pool of ports is "11000:11050".

   Created processes belong to the account named "SYSTEM".

   The default directory for log files is 'C:\users\default\'.

Entering Service Loop

 

Gslist –x reports this, again indicating the port range should be in effect:

 

netldi61

  status=  running

  type=    Netldi

  version= 6.1.2

  owner=   SYSTEM

  started= Feb 21 15:09

  pid=     5104

  port=    10088

  options=  -g -a SYSTEM -p 11000:11050

  logfile= C:/GemStone61/log/netldi61.log

 

 

Why is GS trying to reach port 53695?

 

Normand

 

_______________________________________________
GemStone-Smalltalk mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/gemstone-smalltalk

 

 

Here’s the matching gem log :

 

Here’s the matching gem log :

 

_____________________________________________________________________________

|               GemStone Object-Oriented Data Management System               |

|               Copyright (C) GemStone Systems, Inc. 1986-2004.               |

|                            All rights reserved.                             |

+-----------------------------------------------------------------------------+

|    PROGRAM: GEM, GemStone Session Process                                   |

|    VERSION: 6.1.2, Wed Feb 25 15:46:30 US/Pacific 2004                      |

|  BUILT FOR: Pentium/Windows_NT                                              |

| RUNNING ON: 2-CPU phatboy: Intel CPU, Windows NT 5.1 build 2600 Service Pack|

| 3                                                                           |

| PROCESS ID: 3308      DATE: Mon 24 Feb 2014 15:42:02 Eastern Standard Time  |

|_____________________________________________________________________________|

_____________________________________________________________________________

|                             Configuration Files                             |

|                                                                             |

| System File: C:/GemStone61/data/system.conf                                 |

|                                                                             |

| Executable File: C:/users/default/gem.conf                                  |

| Warning:  File not found (The system cannot find the file specified.)       |

|           using defaults.                                                   |

|_____________________________________________________________________________|

_____________________________________________________________________________

|                Gem Configuration Options for process id 3308                |

|_____________________________________________________________________________|

 

GEM_DETACH_PAGES_ON_COMMIT = TRUE;

GEM_DETACH_PAGES_ON_ABORT = TRUE;

DUMP_OPTIONS = TRUE;

GEM_DBF_FILE_LOCK = TRUE;

GEM_GCI_LOG_ENABLED = FALSE;

GEM_FREE_FRAME_LIMIT = -1;

GEM_HALT_ON_ERROR = 0;

GEM_IO_LIMIT = 5000;

GEM_MAX_SMALLTALK_STACK_DEPTH = 1000;

GEM_NATIVE_CODE_MAX = 8192;

GEM_NATIVE_CODE_THRESHOLD = 6;

GEM_NOT_CONNECTED_DELTA = 300;

GEM_NOT_CONNECTED_THRESHOLD = 2000;

GEM_PGSVR_FREE_FRAME_LIMIT = -1;

GEM_PRIVATE_PAGE_CACHE_KB = 200;

GEM_RPCGCI_TIMEOUT = 0;

GEM_TEMPOBJ_CACHE_SIZE = 600;

LOG_WARNINGS = TRUE;

SHR_NUM_FREE_FRAME_SERVERS = 1;

SHR_PAGE_CACHE_SIZE_KB = 10000;

SHR_PAGE_CACHE_NUM_PROCS = 256;

SHR_TARGET_FREE_FRAME_COUNT = -1;

 

[Info]: RPC client/gem/minimum GCI levels = 33/33/30

Error connecting to stone:

Nonblocking connect(MyIP,port=10657) failed to complete.-----------------------------------------------------

GemStone: Error         Fatal

["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrCo

nnectionRefused  Nonblocking connect(MyIP,port=10657) failed

to complete.]

Error Category: 3613 [GemStone] Number: 4136 Arg Count: 0 Context : 10

 

 

*****************************************************

****** GemStone Abnormal Shutdown

*****************************************************

-----------------------------------------------------

GemStone: Error         Fatal

["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrCo

nnectionRefused  Nonblocking connect(MyIP,port=10657) failed

to complete.]

Error Category: 3613 [GemStone] Number: 4136 Arg Count: 0 Context : 10

No I still have the same problem. Even though netldi is configured to use ports 7001 to 7006, I still get errors for ports outside that range (for example below, port 10657).

 

 

From: James Foster [[hidden email]] 
Sent: mardi, 25 février 2014 13:15
To: Normand Mongeau
Cc: [hidden email]
Subject: Re: [GemStone-Smalltalk] How to configure GS/S 6.1.2 through a firewall (blast from the past)

 

This confirms that the Gem started (so we got through all the NetLDI complications), and that the problem was with the Gem-to-Stone connection. I assume that this problem was solved when you set an environment variable GS_MAKE_EVENTS_GLOBAL=1.

 

James

On Feb 25, 2014, at 10:08 AM, Normand Mongeau <[hidden email]> wrote:

Here’s the matching gem log :

 

_____________________________________________________________________________

|               GemStone Object-Oriented Data Management System               |

|               Copyright (C) GemStone Systems, Inc. 1986-2004.               |

|                            All rights reserved.                             |

+-----------------------------------------------------------------------------+

|    PROGRAM: GEM, GemStone Session Process                                   |

|    VERSION: 6.1.2, Wed Feb 25 15:46:30 US/Pacific 2004                      |

|  BUILT FOR: Pentium/Windows_NT                                              |

| RUNNING ON: 2-CPU phatboy: Intel CPU, Windows NT 5.1 build 2600 Service Pack|

| 3                                                                           |

| PROCESS ID: 3308      DATE: Mon 24 Feb 2014 15:42:02 Eastern Standard Time  |

|_____________________________________________________________________________|

...

 

[Info]: RPC client/gem/minimum GCI levels = 33/33/30

Error connecting to stone:

Nonblocking connect(MyIP,port=10657) failed to complete.-----------------------------------------------------

GemStone: Error         Fatal

["The connection to the Stone Repository monitor was refused:\n" errmsg.netErrCo

nnectionRefused  Nonblocking connect(MyIP,port=10657) failed

to complete.]

Error Category: 3613 [GemStone] Number: 4136 Arg Count: 0 Context : 10