Firewall configuration to support use of on core node

Hi Everyone,

I have been working with the gLiveView monitoring utility and have identified an interesting issue re: necessary firewall configuration required for gLiveView to work in my core node subnet. My target is to secure the core node subnet as much as possible. However, when I lock everything down (except for relay communication) the gLiveView utility stops working.

In review the packet capture log, I can see that gLiveView is attempting to communication with 2 IP addresses which reside outside of the network (not sure what they are used for). This is surprising to me as I was expecting the monitoring utility to not require any outside communication in order to run on core node. I understand that the relay nodes will require a different configuration, but I don’t think I will be able to leverage gLiveView for the core node if outside network communication is required.

Anyone have any insight into this? Also, what monitoring tools exist for the core node that do not require outside network communication?

Thanks much!


You will not need outside communications to run glive… perhaps u are talking for OUT connections… in this case if the BP doesn’t have any OUT connections it can’t start (but u still see the glive output)

In short… the glive doesn’t need outside connections to run…


are you using gLiveView on the same machine as the CoreNode or are you watching from a monitor machine? (for this you would need a rule)

about the outside connections… quick thought would be a update check for the script. if available you can simply update the script at the start by typing “yes” and this will trigger an inplace update of the script & env file. Beside that i can not think of any other outside connections.

if you provide the packet capture i could take a look if you want.

Regards, obi

Thanks so much for feedback!! In troubleshooting this issue more, I identified that the solution was to disable the ENABLE_IP_GEOLOCATION feature in the script file. In addition to this, I also had to execute the script using ./ -u in order for the utility to display the stats (otherwise it terminates)

Thanks again and I hope others find this information helpful!