For agent-to-agent communication to function effectively, the agents must be able to connect with each other. By default, the agents coordinate this process through the CloudSoda controller. When the agents are on the same network, this process is straightforward. However, if a firewall exists between the agents, it can cause connection issues.
During agent startup and discovery, two key actions occur: 1) The agent requests a free port from the operating system to listen for incoming connections from other agents. 2) It tries to securely connect to the CloudSoda control plane to advertise its IP address and listening port. Part of this process involves attempting to open that port in the firewall. However, some firewalls do not permit internal applications to create this type of tunnel, resulting in their blocking it. This can prevent agents outside of the network from establishing a secure connection.
In order to configure the firewall to allow this activity, we recommend setting up a port forward. The first step in creating the port forward involves specifying which port the agent should use. You can find instructions on how to set the agent's listen address here. We advise using a port number above 30,000, and it is crucial to use different port numbers if you are configuring multiple agents' listen addresses. Using the same port number can create conflicts at the firewall. Once the agent is configured with a specific port, you should set up the port forward on the firewall. The configuration process varies for each firewall, but it typically involves the following steps:
-
Access the Firewall Configuration Interface:
- Typically, you need to log into your firewall's administrative interface. This is usually done through a web browser, accessing the firewall's IP address.
-
Locate the Port Forwarding Section:
- Once logged in, find the section labeled something like “Port Forwarding”, “Applications”, “Gaming”, or similar. This is where you can define rules for inbound traffic.
-
Specify the External Port and Protocol:
- The port forward will request a port and protocol, please use the port number you put into the soda.conf and the protocol is UDP.
-
Specify the Internal IP Address and Port:
- Enter the internal IP address of the CloudSoda agent.
-
Enable the Rule and Save Changes:
- Make sure the port forwarding rule is enabled. Then, save or apply the changes. Also, please note some firewalls will also require to you create a permit rule for the port.
-
Test the Configuration:
- Test the port forwarding rule from an external network. One way to do this is using the cli tool
netcat. You can do that by running a command likeecho "live?" | nc -u 19.16.20.4 45818, but update the IP to be your public IP and the port to be the one you used for the port-forward. If the connection closes immediately it is not working, if it stays open your port-forward is configured correctly.
- Test the port forwarding rule from an external network. One way to do this is using the cli tool
Comments
0 comments
Please sign in to leave a comment.