How to run distributed Erlang through a firewall?

Tony Zheng tzheng@REDACTED
Wed May 24 21:32:08 CEST 2006 

Hi 

I found some instructions about how to run distributed Erlang through a
firewall. It said:
-----------------------------------------------------------------
...run distributed Erlang through a firewall?
The simplest approach is to make an a-priori restriction to the TCP
ports distributed Erlang uses to communicate through by setting the
(undocumented) kernel variables 'inet_dist_listen_min' and
'inet_dist_listen_max': 

	application:set_env(kernel, inet_dist_listen_min, 9100).
	application:set_env(kernel, inet_dist_listen_max, 9105).
	
This forces Erlang to use only ports 9100--9105 for distributed Erlang
traffic.
-----------------------------------------------------------------

My question is: Can I use it to replicate two Erlang nodes behind the
different routers on Internet? I did it as follows:
1. Created two Erlang nodes(they have the same
erlangcookie):one@REDACTED and two@REDACTED They
are behind the different routers: router1 and router2.
2. On one@REDACTED, set the TCP ports:
   (one@REDACTED)1> application:set_env(kernel,
inet_dist_listen_min, 9100).
   ok
   (one@REDACTED)2> application:set_env(kernel,
inet_dist_listen_max, 9101).
   ok   
3. On two@REDACTED, set the TCP ports:
   (two@REDACTED)1> application:set_env(kernel,
inet_dist_listen_min, 9100).
   ok
   (two@REDACTED)2> application:set_env(kernel,
inet_dist_listen_max, 9101).
   ok
4. Forwarded the server port numbers(9100 and 9101) to Internet on both
routers(router1 and router2).
5. The two Erlang nodes can't find the other one with
net_adm:ping(one@REDACTED) or
net_adm:ping(two@REDACTED).    
   On one@REDACTED,
	(one@REDACTED)3> net_adm:ping(two@REDACTED).
        pang
   On two@REDACTED,
	(two@REDACTED)3> net_adm:ping(one@REDACTED).
        pang
That means the two Erlang nodes can not replicate data each other
because they can't find the other one. If I forword the two server IP
address, the two erlang nodes can find each other and replicate well.
But the safety is a big problem. I hope to force erlang to use only some
ports for replication. Does it make sense? Is there any ideas and
suggestions? Thanks.

tony

More information about the erlang-questions mailing list