Search Mailing List Archives
[protege-discussion] Router set up for Collaborative/Web Protege
adam at wyner.info
adam at wyner.info
Mon Jul 6 03:44:35 PDT 2009
Hi Protege Community,
Rinke Hoekstra and I are trying to set up Collaborative/Web Protege,
but we are having difficulty configuring the router correctly. The
instructions on these matters are not clear. And we have a security
concern. Perhaps there is something we don't understand about the
setup, but the setup information does not help us get it running.
We've looked carefully through all the available documentation,
including discussion lists. If we have missed something, please let
me know. BTW -- where are the slides from the Protege Conference
Tutorial on this topic?
I am working at home with a router; Rinke is working via a university
system. So, we are both working behind firewalls, and I'm sure most
people will be. We'd prefer not to require users to ssh into our
machines to access protege, but rather to use port forwarding. This
is very common for web-based services and games:
In fact, this page has information which will be helpful to users
setting up protege on their home machines as it gives step by step
directions for a range of routers. In general, we imagine that most
people will be behind firewalls and want relatively open access to
collaborative/web protege (which is the point, no?) So, how to
securely set up port forwarding should be very clear and helpfully
laid out. It should not, in principle, be any more threatening to
security or more difficult to accomplish than the many games etc out
So far as we can tell, the port forwarding solution is Black Magic
Trick #2 on the protege info on RMI:
It is not clear to me that NAT is the relevant point here; we made the
changes recommended and it didn't work. Rather, the focus of the
remaining problems seem to be on the relation between the WAN IP
address-Router Ports-Computer Ports.
On my router (a Belkin), I need to know **exactly** which ports to set
up on the Virtual Server.... Again, this is a very common thing to do
for gamers, and I can follow the directions from portforward.com.
True, it does open up a vulnerability, but this depends on which port
and whether the software has been designed intelligently to protect
the host computer from abuse.
Now, about the selection of the ports. The installation instructions
need to be clearer. First of all, the 'non-advanced' instructions are
very likely not going to work for most people (who have a firewall).
People should be told of these issues early on as otherwise the
installation seems easy, but cannot be done. So, the instructions on
ports cannot be buried as an 'advanced' topic:
Second, let's look at the specifics on the ports. I am using Ubuntu
9.04 (windows folks can derive info from this discussion presumably).
Look at the Working with Firewalls section. Yes, the protege server
is going to run from inside a firewall, so I need two ports.... In
the running example, we have one port 5100 for the rmiregistry and
another port 5200 for the Protege server. However, as noted, the
default for rmiregistry is 1099. Why was the default not used? And
how was port 5200 selected? By the same token, if I use the 'default'
of 1099 for rmiregistry, what is the recommended port for the Protege
server? With the correct port information, I can edit the
Third, in the section (above Configuration Settings) on NAT, the
hostname information should be a lot clearer. This should be (so far
as I can tell), the IP address of the WAN, not the internal network
address (starting with 192.168....). This information should be set
out like the other code changes. But, I don't understand why this is
relevant since even with these settings, we are unable to connect. Or
is RMI somehow supposed to deal with this? Rather, what we believe we
must do is work directly with the router and forward ports from the
router to the appropriate computer on the network.
To port forward, I consult portforward.com; I look up my router (a
Belkin model) and the application I want to connect (MythTV as an
This tells me step by step what to do **and** gives the ports and
protocol types (given that my computers have static IP addresses on
the LAN and that I can find them). Here I need the static IP, the
Protocol Type (TCP or UCP or both), the LAN Port (the port on the
router) and the Public Port (the port on the LAN internal computer).
Rinke has found the following information about the ports with respect
to defaults for RMI:
1098 tcp rmiactivation RMI Activation
1098 udp rmiactivation RMI Activation
1099 tcp rmiregistry RMI Registry
1099 udp rmiregistry RMI Registry
3306 tcp mysql MySQL
3306 udp mysql MySQL
80 tcp http World Wide Web HTTP
80 udp http World Wide Web HTTP
8080 tcp http-alt HTTP Alternate (see port 80)
Taken from http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html
Are these acceptable?? These are not the ports on portforward.com
(which is mostly for gaming). Indeed, one cannot find either Protege
or rmiregistry listed here:
I might assume that these are the ports for both the LAN and Public Ports.
Even so, I still need a port for the Protege server.
Notice one last unclarity in the install instructions under Black
Magic Trick #2. I think a mistake crept in here. First, back at the
Working with Firewalls page, we are told to modify the
run_protege_server script with:
Yet, when we come to Trick #2, we have some unclarity and a switch (again):
See the second LinkSys screen "Gaming and Applications". This is the
parallel for Belkin's Virtual Server. The unclarity is that here you
apparently 'create' two applications 'collab1' and 'collab2'; what are
these, where were they created, and how should others do this? The
switch is for the Port numbers -- now for collab1, we have 5200, which
is the setting for rmi server port. But, then we have port 5300.
What is that?? The graphic (see box labelled Private Network) has the
rmi registry as port 5300, but wasn't this 5100 in the
run_protege_server script? Finally, in the instruction just after the
graphic, the run_protege_server script should have the hostname
modified -- I presume that 188.8.131.52 is the WAN IP address of the
example. So, other people must use their WAN IP address.
One last question. Suppose I get all these ports set up and people
can access and work with Collaborative/Web Protege.... Can you
clarify the security issues with respect to running Protege? How have
you secured the design of the software so that trojans, viruses, etc
cannot infect the machine? I have a Linux machine, so there may be
less of a problem, but still I'd like to know this has been
Just so it is said -- I really like Protege, and I'm looking forward
to using it collaboratively.
More information about the protege-discussion