Hello Brian, Thanks for your e-mail. I believe our situation may be the later case---I need find out. Regards, Yujun On Tue, 13 Oct 2009 lustre-discuss-request at lists.lustre.org wrote:> 5. Re: mounting lustre client behind firewall (Brian J. Murrell) > Message: 5 > Date: Tue, 13 Oct 2009 12:03:13 -0400 > From: "Brian J. Murrell" <Brian.Murrell at Sun.COM> > Subject: Re: [Lustre-discuss] mounting lustre client behind firewall > To: lustre-discuss at lists.lustre.org > Message-ID: <1255449794.21171.100.camel at pc.interlinx.bc.ca> > Content-Type: text/plain; charset="us-ascii" > > On Tue, 2009-10-13 at 11:53 -0400, Yujun Wu wrote: > > Hello Aaron, > > > > Thanks for your info. Does this mean the client side have to open > > both inbound and outbound port on 988 all the way between servers > > and clients? > > No. As Aaron said, the connection would be initiated from a source port > < 1024 (by default). If you have a stateful/connecection-tracking > firewall, then just opening port 988 from clients to servers should be > enough. If your firewall is not stateless/connection-tracking, then you > would need a rule for all servers with source port 988 and destination > ports < 1024 to all clients. > > b.