1. Exposing Ports to the Outside World

Exposing Ports to the Outside World

Home Forums FABRIC General Questions and Discussion Exposing Ports to the Outside World

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #6303
    Lloyd Brown
    Participant

      Is it possible to expose a port on a fabric node to the outside world? I’ve attempted this with IPv4Ext but I’m not able to send UDP traffic to my node from my local machine.

      #6306
      Paul Ruth
      Keymaster

        The answer depends on what you are trying to do.  Generally, FABRIC is a secure sandbox that allows students and researchers to freely experiment with very disruptive and, potentially, vulnerable software architectures in a secure way.  If you are trying to connect your laptop or other server that you control to nodes in your slice, you will need to use secure mechanism, for example ssh tunnels.  There is an example Jupyter notebook that describes how to create ssh tunnels through the FABRIC bastion host.  Another power way to do this is to use a personal VPN such as Tailscale.

        If you are trying to expose a port to the whole of the Internet then we will only allow that in extremely rare circumstances where an alternative solution is not otherwise possible. In addition, these capabilities would require the user to deploy, maintain, and monitor the security of the experiments at level similar to a production data center.  This is the capability enabled by the  IPv4Ext and IPv6Ext services.

        For starters, I would recommend becoming familiar with ssh tunnels. They are fairly simple to deploy.

        let us know if you have any additional questions,

        Paul

        • This reply was modified 10 months, 2 weeks ago by Paul Ruth.
        • This reply was modified 10 months, 2 weeks ago by Paul Ruth.
        #6315
        Komal Thareja
        Moderator

          @Lyod – Could you please share your Slice ID? Also, are you able to ping your VM on the Ext IP.

          #6332
          Lloyd Brown
          Participant

            My slice id is 50ad873b-626c-4e88-9cdc-597d098ff690

            From any given VM I can ping the others via their Ext IP. But pings from my local machine to the Ext IPs fail.

            #6334
            Komal Thareja
            Participant

              @Lyod –  Fabnetv4Ext notebook has a bug and configures the route incorrectly. We will fix the notebook, sharing the fix needed to the routes below. Hope this helps!

              Configure Node1 cell in notebook should change the route as below via EXT gateway, ping should work.

              stdout, stderr = node1.execute(f'sudo ip route add 0.0.0.0/0 via {network1.get_gateway()}')

              Configure Node2 cell in notebook should change the route as below via EXT gateway, ping should work.

              stdout, stderr = node2.execute(f'sudo ip route add 0.0.0.0/0 via {network2.get_gateway()}')

               

              Thanks,

              Komal

              • This reply was modified 10 months, 2 weeks ago by Komal Thareja.
              #6336
              Lloyd Brown
              Participant

                After adding this command to my notebook I can confirm that the route shows up if I check after sshing in, but I still can’t ping the machine using the external IP from a server outside of Fabric.

                #6340
                Lloyd Brown
                Participant

                  Actually after starting from the create_l3network_fabnet_ipv4ext_manual.ipynb notebook and making the described change I am able to reach the nodes from outside of fabric. So this is likely an issue with my code and I will try to find the delta.

                  Thanks for your help!

                Viewing 7 posts - 1 through 7 (of 7 total)
                • The topic ‘Exposing Ports to the Outside World’ is closed to new replies.