Greg Wooledge <[EMAIL PROTECTED]> writes: > mainport.port=8888 > mainport.bindAddress=* > mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 > > $ netstat -ant | grep 8888 > tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN > tcp 0 0 192.168.2.4:8888 192.168.2.2:2524 ESTABLISHED [...] > > If you're using a firewall (iptables) then make sure you aren't blocking > incoming packets on the mainport port. >
FWIW, I've recently rewritten the handling of allowedHosts parameters for both FCP and generic servlets, so that one can now use x.x.x.x/y notation for specifying subnets. This has the effect of making the allowedHosts code even more IPv4 dependent, but increases its usefulness by a decent amount. quick review of what bindAddress and allowedHosts do: allowedHosts: when a connection hits the node, the incoming address is checked against the values in allowedHosts, and if it's not listed, then the connection is refused. A blank allowedHosts or a value of "*" results in all connections being allowed (this is internally converted to 0.0.0.0/0) bindAddress: for the node to listen on a TCP socket, that socket has to be bound to an interface. (i.e. loopback, eth0, eth1, etc.) Each interface has a address associated with it (its IP address), so that address is used to represent the interface when the socket is created. It's also possible to listen on all interfaces by specifying a null address to bind to. So if you want fred to only listen to local requests, you can 1) set allowedHosts to filter out requests coming from non-local addresses, so that requests coming from other places are rejected by fred OR 2) set bindAddress to 127.0.0.1 (the loopback interface's address), which results in only local connections being able to find the socket in the first place. Hope that clears things up for at least one person, Thelema -- E-mail: [EMAIL PROTECTED] Raabu and Piisu GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB _______________________________________________ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
