On Mon, Dec 16, 2002 at 10:23:55PM -0600, Edgar Friendly wrote: > Greg Wooledge <greg at wooledge.org> writes: > > > mainport.port=8888 > > mainport.bindAddress=* > > mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 > > > > $ netstat -ant | grep 8888 > > tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN > > > > tcp 0 0 192.168.2.4:8888 192.168.2.2:2524 > > ESTABLISHED [...] > > > > If you're using a firewall (iptables) then make sure you aren't blocking > > incoming packets on the mainport port. > > > > FWIW, I've recently rewritten the handling of allowedHosts parameters > for both FCP and generic servlets, so that one can now use x.x.x.x/y > notation for specifying subnets. This has the effect of making the > allowedHosts code even more IPv4 dependent, but increases its Yeah, well, IPv6 should be a completely separate transport. Any IPv6 zealots here, feel free to code it, all the code is in Transport*.java and transport/. > usefulness by a decent amount. > > quick review of what bindAddress and allowedHosts do: > > allowedHosts: when a connection hits the node, the incoming address is > checked against the values in allowedHosts, and if it's not listed, > then the connection is refused. A blank allowedHosts or a value of > "*" results in all connections being allowed (this is internally > converted to 0.0.0.0/0) > > bindAddress: for the node to listen on a TCP socket, that socket has > to be bound to an interface. (i.e. loopback, eth0, eth1, etc.) Each > interface has a address associated with it (its IP address), so that > address is used to represent the interface when the socket is created. > It's also possible to listen on all interfaces by specifying a null > address to bind to. > > So if you want fred to only listen to local requests, you can > > 1) set allowedHosts to filter out requests coming from non-local > addresses, so that requests coming from other places are rejected > by fred > > OR > > 2) set bindAddress to 127.0.0.1 (the loopback interface's address), > which results in only local connections being able to find the > socket in the first place. > > Hope that clears things up for at least one person, > Thelema > -- > E-mail: thelema314 at swbell.net Raabu and Piisu > GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB > > _______________________________________________ > support mailing list > support at freenetproject.org > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021217/62dceac8/attachment.pgp>
