1 |
Dave Nebinger wrote: |
2 |
|
3 |
>> What is the best way to configure iptables in a way, so that spefic |
4 |
>> hosts may connect to distccd ? |
5 |
> |
6 |
> The following command should do it if you substitute the () with your |
7 |
> local |
8 |
> values. |
9 |
> |
10 |
> iptables -I INPUT -i (network interface) -p tcp -s (src ip addr) --dport |
11 |
> 3632 -j ACCEPT |
12 |
> |
13 |
> |
14 |
Hmm, iptables -L now returns |
15 |
|
16 |
Chain INPUT (policy ACCEPT) |
17 |
target prot opt source destination |
18 |
ACCEPT tcp -- 192.168.0.250 anywhere tcp dpt:distcc |
19 |
ACCEPT all -- anywhere anywhere |
20 |
ACCEPT all -- anywhere anywhere |
21 |
REJECT udp -- anywhere anywhere udp |
22 |
dpt:bootps reject-with icmp-port-unreachable |
23 |
REJECT udp -- anywhere anywhere udp |
24 |
dpt:domain reject-with icmp-port-unreachable |
25 |
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh |
26 |
ACCEPT tcp -- anywhere anywhere tcp dpt:distcc |
27 |
DROP tcp -- anywhere anywhere tcp dpts:0:1023 |
28 |
DROP udp -- anywhere anywhere udp dpts:0:1023 |
29 |
|
30 |
Chain FORWARD (policy ACCEPT) |
31 |
target prot opt source destination |
32 |
DROP all -- anywhere 192.168.0.0/16 |
33 |
ACCEPT all -- 192.168.0.0/16 anywhere |
34 |
ACCEPT all -- anywhere 192.168.0.0/16 |
35 |
|
36 |
Chain OUTPUT (policy ACCEPT) |
37 |
target prot opt source destination |
38 |
|
39 |
but distcc doesn't work ... |
40 |
-- |
41 |
gentoo-user@g.o mailing list |