How to connect to a pvserver on a node behind a gateway

Tips and Tricks
1

How to connect to a pvserver running on a node behind a gateway using a SSH tunnel

When connecting to a HPC to do some post processing, the usual scenario is as follows:

[client] —>can ssh—> [gateway] —>can ssh—> [node]

[client] —>can talk with local_port—> [gateway] —>can talk with server_port—> [node]

However, the ParaView client is only able to connect through a standard TCP connection, on a specific host, on a specific port.

This means, that we need to do some port forwarding between the client and the node using a SSH tunnnel. As single command (run in the client terminal):

ssh -L local_port:node:server_port user@gateway ssh user@node /path/to/pvserver --sp=server_port

Let’s disect that command:

  • local_port: All packets from the client to this port will be sent through the tunnel
  • node:server_port: The packets will be transfered to this host on this port. Please note that the gateway must be able to resolve node to an actual ip.
  • user@gateway : The standard ssh user and host, which is the gateway here
  • ssh user@node /path/to/pvserver --sp=server_port: The command done on the gateway, which connect to the node and run pvserver which listen on the server_port.

You can then simply connect from the client with:

./bin/paraview --server-url=cs://localhost:local_port

This setup supposes that:

  1. client can talk to gateway on the local_port
  2. gateway can talk to node on the server_port

Sometimes, there is no usable port so it is not possible to set it up like this, in that case:

How to reverse connect to a pvserver running on a node behind a gateway using a SSH tunnel with remote port forwarding

When only ssh connection is supported from the gateway to the node, or from the client to the gateway, then we need to use remote port forwarding.

It usually looks like this:

[client] —>can ssh—> [gateway] —>can ssh—> [node]

[client] <—can talk with local_port<— [gateway] <—can talk with server_port<— [node]

So we need to remote forward connection a port on a gateway to the client, the server will then reverse connect on the gateway on this port.

Please note that the ssh server on the gateway MUST have the GatewayPorts yes instead of the default which is no in the /etc/ssh/sshd_config file.

First run ParaView on the client with this command:

./bin/paraview --server-url=csrc://localhost:local_port

Then create the SSH tunnel with remote port forwarding and run the server:

ssh -R server_port:localhost:local_port user@gateway ssh user@node path/to/pvserver --rc --client-host=gateway --sp=server_port

Let’s disect that command:

  • server_port: All packets the gateway will receive on that port will be sent through the tunnel
  • localhost:server_port: The packets will be transfered to localhost (client) on this port. Please note that the host is resolved by the client here, this is why I use localhost for clarity.
  • user@gateway : The standard ssh user and host, which is the gateway here
  • ssh user@node /path/to/pvserver --rc --client-host=gateway --sp=server_port: The command done on the gateway, which connect to the node and run pvserver and reverse connect to the client through the SSH tunnel.

Please note both these usecase can be automated using .pvsc file so that the tunnling is run automatically when the ParaView user wants to connect to a server.

4 Likes