On 20180328 16:18, DrSpin wrote:
> Hi Phil
> As long as you are not running the flexlm license server in another machine i.e. it is run in the local machine itself, that is to say your SGI O2 box, then there is no need for you to open the port 1700 or 1753 to the outside world.
> What all you need is to make sure that you do not block packets from your 'localhost' i.e. 127.0.0.1. I am quite foggy about SGI IRIX now and so exactly what is the counterpart of Linux universe's 'iptables' in SGI, I cannot recall. But at least in the Linux systems, the simple rule is out allow all the packets that originate from the localhost back into any of the sockets i.e. ports without restriction.
>
> Since packets that originate and end up within 127.0.0.1 doesn't even leave your box physically, you are quite safe. In fact, I don't have either port 1700 or 1753 open to the outside world to make flexlm license manager to work.
>
> Best Regards
>
> Rajan
>
Hi Rajan,
That is interesting. I will have to experiment further. At the moment my
O2 data stations do share licenses to other computers, which is a
complication.
The only difference in configuration for this is that the license file
has a count of 10. I wonder if this triggers some reliance on external
contact.
At the moment I have deferred the problem my updating the sendmail
package that triggered the security concern. Doubtless I will need to
address this in the future, though.
Thanks,
Phil.
--
Dr Phil Dennison
NMR Facility Director (949)824-6010 (office)
Department of Chemistry (949)824-5649 (lab)
University of California (949)824-8571 (fax)
Irvine, CA 92697-2025 dennison_at_uci.edu
USA
Received on Wed Mar 28 2018 - 14:04:51 MST