Sometimes it is desirable for the RLM server to be behind a firewall. RLM supports this, but there is a small amount of configuration that you will have to do to use RLM across a firewall.
If you have a firewall installed on the server node which is not allowing your application to access either the rlm port, or the port of the ISV server you must first configure your firewall to allow access to both the main rlm port, as well as the ISV server port. To do this, perform the following steps:
- In your license file, look at the SERVER (or HOST) and ISV lines:
- SERVER server-hostname server-hostid main-rlm-server-port# (Note: the keyword HOST is equivalent to SERVER)
- ISV isvname
- Add the desired port # to the ISV line as follows:
ISV isvname port=isv-port# (if you have RLM v9.0 or later), or
ISV isvname isv-binary isv-options-file isv-port# (if you have pre-v9 RLM)
- Next, configure your firewall to allow access to both isv-port# and main-rlm-server-port#
- Make sure that the license file is updated on the server node, and that the client nodes know how to find rlm – either with a license file with the SERVER line above, or by setting the RLM_LICENSE environment variable to main-rlm-server-port#@server-hostname
- Re-start rlm – you must restart RLM in order for any port changes to take effect. Restarting the ISV server via the web interface or rlmreread does not restart RLM.
Note: you can find this information in the RLM License Administration Manual on the Reprise Website.
In the RLM License Administration Manual (p. 19) you describe the HOST line, but in this article you say to look for the SERVER line. In the manual you do state:
Note: The keyword “SERVER” can be used instead of “HOST” – they are 100% equivalent.
but people may be expecting HOST since that’s what’s in your documentation (and possibly more common)? So perhaps instead of using SERVER in this article, you should use HOST or at least say to “look at the SERVER/HOST line”….
Adam: Thanks. We’ve updated the post as you suggested.
I have a question.
RLM has -noudp options. What is this option ? How does RLM use udp port ?
Should the firewall permit the 5053rd UDP port?
Please let me know your comments.
The -noudp option tells RLM to not bind UDP port 5053. This port is used to reply to clients
who do a broadcast to find the server. If your applications have license files avaialable, or
if you use the RLM_LICENSE environment to point to the license server, then UDP is not needed.
This is generally an option that is used by small end-user sites, to make it easier to
You will have to specify an options file before the port number on the ISV line. You can just use /dev/null for the options file if you don’t have one.
you have not needed to specify a options file on the ISV line since RLM v9.0, which was released in December, 2010.
Just use port=port# on the ISV line, ie:
ISV isvname port=xxxxx
As I understand, to get a license, we need to send a request to RLM on port 5053 (and another port, depending on the ISV). Are the responses to these requests sent to fixed ports or to random ones?