"talk" is an awful protocol in general, multiple TCP and UDP connections
involved. This makes packet filtering a mess. Makes FTP (also a messy
protocol, i.e. ftpdata) look like a walk in the park.
Excellent book to read is: "Building Internet Firewalls" by Chapman
and Zwicky. Pages 270-272 devoted to talk. Describes all the connections
and how to packet filter them (basic conclusion is you should not allow
talk thru a firewall).
So you have users *on* the beowulf cluster that want to talk to other
internal users outside of the clusters firewall?
Karl Runge
On Tue, 29 Feb 2000, Ferenc Tamas Gyurcsan <[EMAIL PROTECTED]> wrote:
> Hi,
> Thanks for the quick answer. I will try to figure out a better rule-set. Yes, I
> had that bad feeling that talk uses ports whatever it wants to, but the goal of
> this firewall is to protect/masq a beowulf, so later I don't have to worry about
> this problem. Talk should work only on the firewall/server (and it didn't
> because of the DENY sets, but I will try to play with it longer...after
> having a long sleep finally). Talk is an interesting daemon. Has anybody looked
> at what it does during building up a connection? And it has different versions.
> Right now I removed those DENY lines, so talk works now, users are happy
> (hence I'm alive), and the nodes that build up the beowulf have their dedicated
> 100BaseTX network, and they can use the internet too (the main network switches
> are not the best having 10BaseT ports).
>
> >1) your machine has 3 IP addresses. On the local machine, a packet could
> Well, to make it worse, eth0:[0...3], eth1.
>
> >I highly recommend that you read and re-read the IPCHAINS Howto.
> Yes, I did:-). Too bad the next kernel is still in dev phase. IPTables seem to
> be easier, but I can't put dev kernel on this server.
>
> Thanks again, Ferenc
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
