How to run distributed Erlang through a firewall?
Tony Zheng
tzheng@REDACTED
Wed May 24 21:32:08 CEST 2006
Hi
I found some instructions about how to run distributed Erlang through a
firewall. It said:
-----------------------------------------------------------------
...run distributed Erlang through a firewall?
The simplest approach is to make an a-priori restriction to the TCP
ports distributed Erlang uses to communicate through by setting the
(undocumented) kernel variables 'inet_dist_listen_min' and
'inet_dist_listen_max':
application:set_env(kernel, inet_dist_listen_min, 9100).
application:set_env(kernel, inet_dist_listen_max, 9105).
This forces Erlang to use only ports 9100--9105 for distributed Erlang
traffic.
-----------------------------------------------------------------
My question is: Can I use it to replicate two Erlang nodes behind the
different routers on Internet? I did it as follows:
1. Created two Erlang nodes(they have the same
erlangcookie):one@REDACTED and two@REDACTED They
are behind the different routers: router1 and router2.
2. On one@REDACTED, set the TCP ports:
(one@REDACTED)1> application:set_env(kernel,
inet_dist_listen_min, 9100).
ok
(one@REDACTED)2> application:set_env(kernel,
inet_dist_listen_max, 9101).
ok
3. On two@REDACTED, set the TCP ports:
(two@REDACTED)1> application:set_env(kernel,
inet_dist_listen_min, 9100).
ok
(two@REDACTED)2> application:set_env(kernel,
inet_dist_listen_max, 9101).
ok
4. Forwarded the server port numbers(9100 and 9101) to Internet on both
routers(router1 and router2).
5. The two Erlang nodes can't find the other one with
net_adm:ping(one@REDACTED) or
net_adm:ping(two@REDACTED).
On one@REDACTED,
(one@REDACTED)3> net_adm:ping(two@REDACTED).
pang
On two@REDACTED,
(two@REDACTED)3> net_adm:ping(one@REDACTED).
pang
That means the two Erlang nodes can not replicate data each other
because they can't find the other one. If I forword the two server IP
address, the two erlang nodes can find each other and replicate well.
But the safety is a big problem. I hope to force erlang to use only some
ports for replication. Does it make sense? Is there any ideas and
suggestions? Thanks.
tony
More information about the erlang-questions
mailing list