Q100216: How to Use A License Server Through a Firewall

Follow

 SUMMARY

If you have a firewall running on your license server machine then it may block license requests from other machines on the same network.
 
This article explains how you can enable the RLM and FLEXlm servers included in the Foundry Licensing Tools (FLT) to work through the firewall.
 
 
MORE INFORMATION
 
If you have set up your floating license server and pointed the client machines to the license server correctly, but the product is still not able to get a license then it could be that a firewall on the server is blocking legitimate requests for a license.
 
A typical licensing error message caused by a firewall is:

==> nuke_i : Communications error with license server (-17)
==> Connection refused at server (-111)

In order to fix this, you need will need to change your firewall settings to allow the license server software to communicate through the firewall. The exact steps that you need to take will depend upon the OS of your license server.

 

LINUX

Please consult your system administrator for the exact steps but the following information will be useful.

Program Exceptions
If you're opening the firewall to a specific program then use the following:

  • The RLM Server program is "rlm.foundry" from the following directory:
    /usr/local/foundry/LicensingTools7.1/bin/RLM/
  • The FLEXlm Server (for old licenses) you'll need to allow both the "lmgrd.foundry" and "foundry" files from:
    /usr/local/foundry/LicensingTools7.1/bin/FLEXlm/

 

Port Exceptions
If you are opening ports on the server then you'll need to open two ports for each server type and ensure they are specified in the license file.  Please ensure that any ports you specify are not in use elsewhere.

The RLM server already has one port specified, 4101, on the HOST line of the license file.  You'll need to add another port for the ISV line by editing the license file, /usr/local/foundry/RLM/foundry_float.lic, so that it looks like the following example

HOST serverName 001122334455 4101
ISV foundry OPTIONS=foundry.opt PORT=12345

Note that you need to also include "OPTIONS=foundry.opt" before the PORT specification in order for your chosen port to be picked up.

If you're still running a FLEXlm server then you'll need to specify ports in both the SERVER and VENDOR lines of the license file, /usr/local/foundry/FLEXlm/foundry_float.lic, so that they look something like the following (this example uses port 27001 and 54321)

SERVER serverName 001122334455 27001
VENDOR foundry PORT=54321

NOTE: You'll need to fully restart the license server(s) after adding these ports for the changes to take effect.  You can do this by running the following commands as root or with sudo.

/etc/init.d/foundryrlmserver stop

/etc/init.d/foundryrlmserver start

 

MAC OS X

The exact steps will depend upon the version of OSX that you're running, but they should be like the following.

  1. Open your System Preferences and click on Security & Privacy
  2. Go to the Firewall tab and click the Firewall Options button.
    (NOTE: You may need to click the lock icon at the bottom-left to enable changes)
  3. Under the list of incoming connections, click on the + button to add a program

  4. For RLM licensing, navigate to "/Applications/TheFoundry/LicensingTools7.1/bin/RLM" then select "rlm.foundry" and click Add
    For old FLEXlm licensing, navigate to "/Applications/TheFoundry/LicensingTools7.1/bin/FLEXlm", then select both "lmgrd.foundry" and "foundry" and click Add

  5. You can then lock these changes by clicking on the Lock icon on the bottom left of the System Preferences window.

 

WINDOWS

There are two firewall exception methods on Windows, Program Exceptions and Port Exceptions.  The Program Exceptions is the easiest method to turn on.
 
Program Exceptions:
  1. From the Windows Start menu, click Control Panel > System and Security > Windows Firewall and then click on the Advanced Settings link on the left hand side. 
  2. Select Inbound Rules in the left-hand panel and click New Rule
  3. Select Program and then click Next
  4. Select This program path and then browse to the location of the RLM server:
    C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM Add rlm.foundry.exe.

  5. Click Allow the connection and then click Next.  
  6. Select all the checkboxes that apply to the rule. Domain, Private, and Public in the example below. 
  7. Click Next and enter a meaningful name for the rule, such as RLM_SERVER and then click Finish to complete the process.
  8. Use the Foundry License Utility (FLU) to Stop and Start the RLM Server.

NOTE: if you are using an older FLEXlm license server then repeat the process above but in step 4 browse to: "C:\Program Files\The Foundry\LicensingTools7.1\bin\FLEXlm", add "lmgrd.foundry.exe" and then repeat the process to add an input exception for the "foundry.exe" program too. 


Port Exceptions:

If you want to add exceptions then you'll need to open two ports for each server type and ensure they are specified in the license file.  NOTE: The port numbers must all be different and must not be in use by another program.

The RLM server already has one port specified, 4101, on the HOST line of the license file.  You'll need to add another port for the ISV line by editing the license file, "foundry_float.lic", in both of the license directories ("C:\Program Files\The Foundry\RLM" and "C:\ProgramData\The Foundry\RLM") so that it looks like the following example

HOST serverName 001122334455 4101
ISV foundry OPTIONS=foundry.opt PORT=12345

Note that you need to also include "OPTIONS=foundry.opt" before the PORT specification in order for your chosen port to be picked up.

If you're still running a FLEXlm server then you'll need to specify ports in both the SERVER and VENDOR lines of the license file, "foundry_float.lic", in both of the license directories ("C:\Program Files\The Foundry\FLEXlm" and "C:\ProgramData\The Foundry\FLEXlm") so that they look something like the following (this example uses port 27001 and 54321)

SERVER serverName 001122334455 27001
VENDOR foundry PORT=54321

NOTE: You'll need to fully restart the license server(s) after adding these ports for the changes to take effect. You can do this by running the Foundry License Utility (FLU) as Administrator then clicking on the "Stop Server" and "Start Server" buttons on the RLM Server and FLEXlm Server tabs.

Once you've added the ports to the license file(s) you can then add port exceptions to your firewall settings.
 
  1. From the Windows Start menu, click Control Panel > System and Security > Windows Firewall and then click on the Advanced Settings link on the left hand side
  2. Select Inbound Rules in the left-hand panel and click New Rule
  3. Select the Port radio button and then click Next
  4. Select TCP and Specific local ports, enter the port number from the HOST/SERVER line of the license, in the field provided (e.g. 4101 in the example) and click Next
  5. Select Allow the connection and click Next 
  6. Select when the new rule should be applied using the checkboxes (we recommend applying the rule at all times but you can modify this as required) and click Next
  7. Enter a meaningful name for the new rule, for example RLM_HOST, and write a description, if required and then click on Finish
  8. Select the new rule from the Inbound Rules list and click Properties
  9. Click the Programs and Services tab, select This program, and browse to "C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM\rlm.foundry.exe" and click Open to the Properties dialog.
  10. Click Apply, and close the dialog. 

  11. Repeat the process for the ISV/VENDOR line port, replacing the port number and rule name. 
  12. Click the Programs and Services tab, select All programs that meet the specified conditions and click OK to close the dialog.
 
 
 
FURTHER READING

Fore more information, please see the "Troubleshooting Licenses - Firewalls" section of the Foundry Licensing Tools User Guide which starts on page 63. 
Was this article helpful?
1 out of 1 found this helpful

Comments