Tunneling Through the Far Detector

In order to setup a tunnel for DAQ software to talk to the far detector the following procedure can be uses:

  1. Establish a tunnel with appropriate port mapping between a machine on the public network and the machine that is behind the firewall


In this example we want to map the control port on the TDU (10001) which is behind a firewall (has a private 192.168.x.x style address) out through our firewall machine ( so that we can directly talk to it.

From a machine at Fermilab (here novatest01) setup the tunnel using ssh

[anorman@novatest01 ~] ssh -N -L 10001:TDU-Master-ARM-01:10001

This command maps port 10001 on TDU-Master-ARM-01 through a relay connection via to port 10001 on novatest01. You can now use TDUControl (or another TDU application) running on novatest01 and just connect to "localhost:10001" and you will magically talk to the TDU up at Ash River.

Example 2:

In this example we want to be tricksy and map multiple TDUs to DIFFERENT ports on the local machine:

[anorman@novatest01 ~]$ ssh -N -L 20001:TDU-Master-ARM-01:10001 &
[1] 30785
[anorman@novatest01 ~]$ ssh -N -L 20002:TDU-Master-ARM-02:10001 &
[2] 31088

Here we have mapped the first TDU to our local port 20001 and the second TDU to port 20002.  We can now choose which one we connect to from TDUControl (look in the setting/config menu for the port option)

This is a good trick for running the "graphical" interface locally so that you don't have to push the graphics over the network.