Index  | Recent Threads  | Unanswered Threads  | Who's Active  | Guidelines  | Search
 
World Community Grid Forums
  Category: Support
  Forum: BOINC Agent Support
  Thread: linux iptables

Quick Go »
No member browsing this thread
Thread Status: Active
Total posts in this thread: 5
[ Jump to Last Post ]
Post new Thread
Author
Previous Thread This topic has been viewed 862 times and has 4 replies Next Thread
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
linux iptables
crying

I know there has been a ton of threads about firewalls but I'm trying to configure the boinc client on my linux systems that require iptables. I am the owner of these servers so I have complete control over these servers, but unfortunately cannot get the client to work properly. As far as I can I'm accepting the two ip's that relate to the world grid computing web site. One for port 80 and one for port 443 to send the data back. Below is what my firewall looks like.


iptables -P INPUT DROP
iptables -A INPUT -i eth0 -p tcp -s 129.33.89.134 -d 192.168.1.1 --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 129.33.89.133 -d 192.168.1.1 --dport 80 -j ACCEPT

thesheff17@yahoo.com
[Feb 17, 2006 3:26:57 AM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: linux iptables
Hi thesheff17,
Read the Unofficial BOINC Wiki at http://boinc-doc.net/boinc-wiki/index.php?tit...shooting_Network_Problems
Look at the section more than halfway down that starts:
Checking Firewall Settings
Firewall Settings for Microsoft Windows
* The BOINC Manager (BoincMgr.exe) needs to be able to open outbound connections to either port 1043 or 31416.

* The BOINC Screensaver (Boinc.scr) needs to be able to open outbound connections to either 1043 or 31416.

* The BOINC Daemon (Boinc.exe) needs to open an inbound connection to either port 1043 or 31416, and an outbound connection to port 80 for downloads and uploads of Work Units, Results, and Science Applications, and an outbound connection on port 443 during the attach process to a BOINC Powered Project. Some projects in the future may also use port 443 for all communications (secure SSH).

If you use the boinccmd program, it should have the same access needs as the BOINC Manager (BoincMgr.exe).

Firewall Settings for Linux
(Much general information - varies from one Linux implementation to another.)
[Feb 17, 2006 9:25:38 AM]   Link   Report threatening or abusive post: please login first  Go to top 
knreed
Former World Community Grid Tech
Joined: Nov 8, 2004
Post Count: 4504
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: linux iptables

iptables -P INPUT DROP
iptables -A INPUT -i eth0 -p tcp -s 129.33.89.134 -d 192.168.1.1 --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 129.33.89.133 -d 192.168.1.1 --dport 80 -j ACCEPT


The boinc agent will only communite with either www.worldcommunitygrid.org or secure.worldcommunitygrid.org. In either case, these both resolve to 129.33.89.133. Change the line for port 443 to use the ip address of 129.33.89.133.

The 129.33.89.134 address is actually what the UD agent communicates with.

Kevin
[Feb 17, 2006 2:33:44 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: linux iptables
I know this post is really old but I am still not able to get iptables working correctly with the boinc agent. Here is my current iptables setup. I drop all other packes and $iptables refers to the path of iptables.

I even try to stateful and it doesn't work:

$IPTABLES -A INPUT -i eth0 -p tcp -s 129.33.89.133 -d 192.168.1.2 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


$IPTABLES -A INPUT -i eth0 -p tcp -s 129.33.89.133 -d 192.168.1.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Any other ideas?
[Jun 11, 2007 3:43:58 AM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: linux iptables
Hi thesheff17,

I'm assuming you generally allow outgoing connections, or have a rule

$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -s 192.168.1.2 -d 129.33.89.133 --dport 443 -j ACCEPT

In which case the TCP connections start like this:

192.168.1.2:12345 -> 129.33.89.133:443 SYN
129.33.89.133:443 -> 192.168.1.2:12345 SYN ACK
[...]

The replies to your outgoing connection originate from port 443, therefore your rule should be:

$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -s 129.33.89.133 -d 192.168.1.2 --sport 443 -m state --state ESTABLISHED -j ACCEPT

I hope this helps,
- inf
[Jun 11, 2007 8:55:15 AM]   Link   Report threatening or abusive post: please login first  Go to top 
[ Jump to Last Post ]
Post new Thread