system: cluster 1350 w/ 5 nodes, RHEL 5.4 OS
I am trying to modify my iptables listing to allow rsh
connections from the master node through eth0 to the other nodes
while retaining the firewall on my other ethernet LAN connection.
I need to enable rsh to run mpich across nodes.
To do this I have been trying to append the iptables listing.
I have tried:
iptables -A INPUT -i eth0 -s 172.20.101.2/24 -j ACCEPT
but with no luck. (My remote compute nodes in the cluster
all have the 172.20.101.x IP).
I have already gotten rlogin and rcp top work
and I know the problem with rsh is that the firewall is stopping
any packet returns from the remote compute nodes.
Do I need to specify the rsh port? I tried including --dport 543
but the dport option is apparently not allowed.
Any advise is welcome.
Thanks for any help.
ishields 2000001P5B988 Posts
Re: iptables editing question2010-01-07T02:41:43ZThis is the accepted answer. This is the accepted answer.The first rule that will block something is what gets used. So if some higher rule blocks all traffic on port x, then opening traffic on address y will not open traffic over y on port x. You may want to look at opening rsh at the top level and then excluding it on the external adapters.