Erlang distribution through firewalls

Vance Shipley <>
Sat Jan 17 20:18:56 CET 2004


On Sat, Jan 17, 2004 at 06:49:12PM +0000, Sean Hinde wrote:
}  
}  Notwithstanding the advice not do do this I sometimes see situations 
}  where excessive use of firewalls makes this necessary.
  
Exactly.  What I want to do is to work around the limitations 
put in place between me and my nodes.  I administer the nodes
but I do not administer the firewall(s).  The only thing
available is port 22 SSH.  With SSH you can do port forwarding.

My eventual conclusion was that I needed to create a version
of epmd which would be tunnel aware.  You would have one epmd
process running for both nodes.  It would listen to port 4369 
on it's local machine and another port which was forwarded
from 4369 on the remote machine.  Both nodes would query this
epmd to locate the port numbers used by the other node(s).
This custom version of epmd would be aware of how the tunnels
were set up and would return the right answers.  Each node
would have it's local port number and it's forwarded port on
the remote machine known in epmd.  

I started to make this work by manually setting it up however 
the first problem I ran into was that even when I had created 
a tunnel listening and forwarding port 4369 when I started
erl an epmd process would be created and start listening to
port 4369.  I think the reason it didn't conclude there was
already one running is that the SSH tunnel craeted a listening
port of localhost:4369 and not *:4369.  At this point I set it 
aside.

}  The solution is to open up port 4369, and then select and open a range 
}  of ports for node to node connections with the kernel parameters 
}  inet_dist_listen_min and inet_dist_listen_max.

I was not aware of these options.  So with this you could set 
exactly which port(s) were used.  Perfect, thank you.

	-Vance




More information about the erlang-questions mailing list