| Re: IDL licenses thru a tunnel? [message #34452 is a reply to message #34388] |
Fri, 14 March 2003 13:59   |
Randall Skelton
Messages: 169
Registered: October 2000
|
Senior Member |
|
|
I do this all the time from home and sometimes resort to this when
travelling to meetings abroad.
Step 1:
^^^^^^^
ssh -f -N -L 1700:idl_license_server.domain:1700 username@myserver.domain
ssh -f -N -L 4100:idl_license_server.domain:4100 username@myserver.domain
The 'idl_license_server.domain' can either be the fully qualified hostname
and domain of your IDL flexlm license manager or the ip address. This is
given in your standard network license.dat file:
SERVER idl_license_server.domain 0#50##ae6#cf 1700
^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^
Note that not everyone keeps the default 1700 port so be sure to check
this.
The latter part, 'username@myserver.domain' is a server which you have
shell, i.e. ssh, access to which is capable of connecting to the IDL
license server. In this way, you do not actually need login access to a
machine which runs your license manager; rather, you can tunnel through
any machine that is capable of contacting the license server (i.e. any
machine in your department that you can run IDL from).
The second port I tunnel seems to be required for the information being
passed back from the IDL license server. I basically sniffed packets
while in my office to and learned that IDL was routing packets back on
4100 and not 1700. I have no idea how standard this is but it is
definitely required for my setup.
Step 2:
^^^^^^^
Change your license.dat file to point to localhost rather than your usual
license server.
i.e.
SERVER idl_license_server.domain 0#50##ae6#cf 1700
becomes
SERVER localhost 0#50##ae6#cf 1700
Alternatively, instead of 'localhost'you could use your bonified machine
hostname or 127.0.0.1. You should not need to mangle your /etc/hosts file
as 'localhost' and 127.0.0.1 are very standard lookup names that resolve
to your local machine.
In principle, Craig's solution should also work (and wouldn't require
mangling the license.dat file) but for some reason this doesn't work for
me... I can remember being rather frustrated by this after reading the
flexlm docs. In my case things are slightly more complex as I have 2
separate instances of flexlm managers running on my laptop for other
packages and I already have the LM_LICENSE_FILE variable set.
My final modification was to the /usr/local/rsi/bin/idl script itself. In
this case I simply test if the ssh tunnels exist prior to actually
starting IDL. If they don't I create the tunnels before starting IDL.
Cheers,
Randall
On 13 Mar 2003, Craig Markwardt wrote:
> "Anthony J. Ferro" <tferro@as.arizona.edu> writes:
>
>> I'm trying to figure out a way to provide access to my IDL license
>> server for our folks outside of our building's firewall (other
>> buildings/classrooms on campus, home, other institutions, etc).
>> I don't want to poke a generic hole in our firewall because of
>> a) the security risk of another hole, and b) I don't really want
>> to provide IDL to everyone on the internet (sorry). What I've
>> been trying is to set up an ssh tunnel using something like:
>>
>> ssh -f -N -L 1700:localhost:1700 username@idlserver
>>
>> This _almost_ works. There is some communication going on
>> between the client and the server, but the license request
>> fails. I can tell that some communication occurs because the
>> error message includes the name of the server (the client
>> license file has "localhost").
>
> That's a pretty neat idea, and it works for me! Of course, on the
> client, you need to set the license server:
>
> setenv LM_LICENSE_FILE 1700@localhost
>
> Craig
>
> --
> ------------------------------------------------------------ --------------
> Craig B. Markwardt, Ph.D. EMAIL: craigmnet@cow.physics.wisc.edu
> Astrophysics, IDL, Finance, Derivatives | Remove "net" for better response
> ------------------------------------------------------------ --------------
>
|
|
|
|
comp.lang.idl-pvwave archive
Members
Search
Help
Login
Home
