[Spread-users] firewall

Jeremy James jbj at forbidden.co.uk
Wed Mar 4 04:41:46 EST 2009

Deno Vichas wrote:
> What do I need to open up with iptables for spread.  I tried upd port
> 4803 with no luck.

As far as I know, the node will want to talk using unicast TCP and
unicast UDP on the port given, and unicast UDP on the port + 1, as well
as broadcast on the given address.

Our firewall config would look a bit like the following, for a set of
hosts defined in 'Spread_Segment $BROADCAST:4803 { ... }'

BROADCAST= #or something like for multicast
$I -A INPUT -p tcp --source $NET --destination-port 4803 -j ACCEPT
$I -A INPUT -p udp --source $NET --destination-port 4803 -j ACCEPT
$I -A INPUT -p udp --source $NET --destination-port 4804 -j ACCEPT

$I -A INPUT -p udp --source $NET --destination \
                                 --destination-port 4803 -j ACCEPT

(not exactly as used since destination IPs are closer defined, hence it
looks like there is duplication of allowing UDP/4803).

This will certainly work - I don't know if it is overly permissive, however.


More information about the Spread-users mailing list