Firewall settings for remote kernel to work (Mathematica)

About

Asked 3/6, 2011 at 10:57 Answered 4/6, 2011 at 20:46

What firewall settings must be used on the remote machine for a remote kernel connection to work?

In particular I'm interested in connecting from Windows (front end) to a Linux machine (kernel).

Edelstein answered 3/6, 2011 at 10:57 Comment(21)

I have never been able to get this working in the past. I think it'd be useful to have a tutorial on how to do this here on SO. – Edelstein 3/6, 2011 at 10:57

Perhaps Sjoerd can help #6090190 – Borgerhout 3/6, 2011 at 12:56

Right now I was trying to launch a 6.0 kernel on a remote machine (that I believed not to be firewalled) from a 8.0 FE. The first evaluation just hangs for a while, with ~20% constant CPU usage by the FE, then it fails without an error. Don't really know how to interpret this symptom. But, apart from this specific issue, I'd really like to have a complete tutorial here on how to launch remote kernels, and especially how to troubleshoot not being able to launch it! – Edelstein 3/6, 2011 at 13:0

Yes, I would like that too. I have been using the mma FE on my macbook to run a remote kernel on my Linux office machine (which is much more powerful) with no problem for months. Then it stopped working, with the symptoms Szabolcs describes. No change in configuration or firewalls, no problem to ssh into my machine and run it, using parallel kernels on the remote box from the macbook is OK. So, yes, it would be nice to have some sort of knowledge base for this... – Centripetal 3/6, 2011 at 14:35

@Centripetal you can upvote the question for more exposure – Edelstein 3/6, 2011 at 15:12

@szabolcs good point :) I doubt we'll get an answer though... – Centripetal 3/6, 2011 at 15:40

Something useful I found: library.wolfram.com/infocenter/Conferences/7250 – Edelstein 3/6, 2011 at 16:0

@belisarius Actually, this was about mma getting through our firewall to the wolfram data servers. MMA uses standard http requests to do that and my office firewall required the old NTLM authentication protocol to be used. Both IE and FF can handle that, but MMA doesn't. I'm not sure whether this is directly relevant for remote computing as I don't know what protocols and ports are involved. I had some success using the Lightweight Grid (LightweightGridClient/tutorial/Introduction) at my home LAN, though I couldn't see all the clients on all of our computers (my wife owned two mma licenses) – Durfee 3/6, 2011 at 18:34

Szabolcs, did you try sniffing with Wireshark to see what happens communication/protocol/port-wise? – Durfee 3/6, 2011 at 18:36

@Sjoerd A pity. I thought your problem was near this one. And my wife own two Ferraris. – Borgerhout 3/6, 2011 at 18:40

@belisarius Ferraris, schmeraris. Can you gain rep with them on SO? – Durfee 3/6, 2011 at 19:13

@Sjoerd It is the other way. But we bought the Ferraris by selling rep points in the black market. – Borgerhout 3/6, 2011 at 20:42

@belisarius OK, so that explains why Mr.Wizard is so much ahead of me... I should have known. – Durfee 3/6, 2011 at 21:4

@Sjoerd You could add NTLM authentication capability to MMA by installing NTLM Authorization Proxy Server and configuring MMA to work through it. – Shemikashemite 5/6, 2011 at 2:49

@szabolcs A newer version of the Tunnel script from the Remote Kernel strategies talk is available here. – Peralta 5/6, 2011 at 8:29

@Alexey In the answer belisarius was referring to above (#6090190) I already mentioned the possibility of using a proxy to get through a firewall with NTLM authentication. I used CNTLM, which seemed to work much better than NTLMAPS. At least, it let me read most of Wolfram's computable data. – Durfee 5/6, 2011 at 19:8

It works well on local network if both machines have full access to each other. Mathematica on server opens random ports, I haven't fond the way to give specific ports on server, which makes a problem if you want to connect from outside the local network, then you have to use some solution like VPN. – Frenulum 8/6, 2011 at 5:10

I am travelling at the moment, so work on this is on hold for a while. Will get back to the question when I have un-tunneled access to the server again. – Edelstein 8/6, 2011 at 8:47

@Frenulum that's the thing, in my case, it worked perfectly well between two machines on the same network (via ethernet) and then it stopped. there's no firewall between them, no nothing. it just hangs. a few times it did work, then when I quit and tried to restart the remote kernel, it didn't work... note that starting remote parallel kernels works just fine... – Centripetal 8/6, 2011 at 15:49

@sakra, great! With your script I managed to get it working. – Edelstein 13/6, 2011 at 13:15

As an update, the Remote Kernel Strategies talk has been superseded by the Tunnel package. – Filigreed 29/3, 2016 at 11:58

I don't know the exact ports, but this is a generic way to solve most such firewall issues: (at least with connections using TCP)

Try to use the 'netstat -n' command and see which remote ports do the connections that are being blocked by the firewall use. They should be in the SYN_SENT state or something similar. Then on the remote machine open those ports and try to repeat this process until it works.

Shilashilha answered 4/6, 2011 at 20:46 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags