[Spread-users] firewall
Jeremy James
jbj at forbidden.co.uk
Wed Mar 4 04:41:46 EST 2009
Deno Vichas wrote:
> What do I need to open up with iptables for spread. I tried upd port
> 4803 with no luck.
As far as I know, the node will want to talk using unicast TCP and
unicast UDP on the port given, and unicast UDP on the port + 1, as well
as broadcast on the given address.
Our firewall config would look a bit like the following, for a set of
hosts defined in 'Spread_Segment $BROADCAST:4803 { ... }'
##
I=iptables
BROADCAST=192.168.1.255 #or something like 225.0.1.1 for multicast
NET=192.168.1.0/24
$I -A INPUT -p tcp --source $NET --destination-port 4803 -j ACCEPT
$I -A INPUT -p udp --source $NET --destination-port 4803 -j ACCEPT
$I -A INPUT -p udp --source $NET --destination-port 4804 -j ACCEPT
$I -A INPUT -p udp --source $NET --destination 192.168.1.255 \
--destination-port 4803 -j ACCEPT
##
(not exactly as used since destination IPs are closer defined, hence it
looks like there is duplication of allowing UDP/4803).
This will certainly work - I don't know if it is overly permissive, however.
-jeremy
More information about the Spread-users
mailing list