Joe’s Blog!

I have been watching Kevin Smith’s Erlang videos lately and have come up with a couple tips to supplement a couple topics I have seen. First, using the Erlang ping function with a machine that is behind a firewall. I have found that there are ports that need to be opened to make sure your ping works properly.

Remote Machine:

[joe@catalpa02 ~]$ erl -sname coppi -setcookie pingtest
Erlang (BEAM) emulator version 5.5.2 [source] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.5.2 (abort with ^G)
(coppi@catalpa02)1>

Local Machine:

[zeusfaber@der-dieb ~]$ erl -sname merckx -setcookie pingtest
Erlang (BEAM) emulator version 5.6.3 [source] [64-bit] [smp:2] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.6.3 (abort with ^G)
(merckx@der-dieb)1> net_adm:ping(coppi@catalpa02).
pang
(merckx@der-dieb)2> net_adm:ping(coppi@catalpa02).
pang

As you can see above when I initially attempted to ping my remote machine (with shorewall, iptables based firewall installed) I received a ‘pang’ which means it didn’t work. I also checked the logs on catalpa02 and saw the following messages:

10.1.1.195 DST=10.1.1.200 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=23194 DF PROTO=TCP SPT=43037 DPT=4369 WINDOW=5840 RES=0×00 SYN URGP=0
Jul 29 23:07:27 catalpa02 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:db:a8:b5:06:00:1e:4c:a2:9d:36:08:00 SRC=10.1.1.195 DST=10.1.1.200 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=23195 DF PROTO=TCP SPT=43037 DPT=4369 WINDOW=5840 RES=0×00 SYN URGP=0

So, it looks like port 4369 needs to be open since the firewall is dropping them. I opened it and attempted a ping again and received:

Jul 29 23:13:47 catalpa02 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:db:a8:b5:06:00:1e:4c:a2:9d:36:08:00 SRC=10.1.1.195 DST=10.1.1.200 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=38806 DF PROTO=TCP SPT=43200 DPT=57783 WINDOW=5840 RES=0×00 SYN URGP=0
Jul 29 23:13:50 catalpa02 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:db:a8:b5:06:00:1e:4c:a2:9d:36:08:00 SRC=10.1.1.195 DST=10.1.1.200 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=38807 DF PROTO=TCP SPT=43200 DPT=57783 WINDOW=5840 RES=0×00 SYN URGP=0

It looks like 57783 is also being blocked. After opening it everything seemed to work:

(merckx@der-dieb)4> net_adm:ping(coppi@catalpa02).
pong

Unfortunately the second port that we needed to open changes for each new Erlang session (the next time I attempted a ping it used port 54328). So it may be more advantageous to run your Erlang nodes across a private network linking your machines rather than across your public interface. This generally a good practice anyway since it saves you from poking to many holes in your firewall, sending unencrypted data across a public network link and not to mention bandwidth costs.

Edit: A commenter described a switch that allows you to specify the port range, example below.

[zeusfaber@der-dieb ~]$ erl -kernel inet_dist_listen_min 6000 inet_dist_listen_max 6050 -sname coppi -setcookie pingtest
Erlang (BEAM) emulator version 5.6.3 [source] [64-bit] [smp:2] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.6.3 (abort with ^G)
(coppi@der-dieb)1>

Tip number two is sort of related, it is when pinging hostnames with hyphens in them. Erlang treats node names as an atom so if you attempt to use a hyphen without any precautions you will likely get an error like the following.

[joe@catalpa02 ~]$ erl -sname coppi -setcookie pingtest1
Erlang (BEAM) emulator version 5.5.2 [source] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.5.2 (abort with ^G)
(coppi@catalpa02)1> net_adm:ping(merckx@der-dieb).
** exited: {badarith,[{erl_eval,eval_op,3},
{erl_eval,expr_list,6},
{erl_eval,expr,5},
{shell,exprs,6},
{shell,eval_loop,3}]} **

=ERROR REPORT==== 29-Jul-2008::23:24:15 ===
Error in process <0.35.0> on node ‘coppi@catalpa02′ with exit value: {badarith,[{erl_eval,eval_op,3},{erl_eval,expr_list,6},{erl_eval,expr,5},{shell,exprs,6},{shell,eval_loop,3}]}

Simply by adding single quotes around the node name we can get around this error.

(coppi@catalpa02)2> net_adm:ping(’merckx@der-dieb’).
pong