Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2010-01-07T02:41:43Z by ishields
shccr
shccr
3 Posts
ACCEPTED ANSWER

Pinned topic iptables editing question

‏2010-01-07T01:13:46Z |
system: cluster 1350 w/ 5 nodes, RHEL 5.4 OS
I am trying to modify my iptables listing to allow rsh
connections from the master node through eth0 to the other nodes
while retaining the firewall on my other ethernet LAN connection.
I need to enable rsh to run mpich across nodes.
To do this I have been trying to append the iptables listing.
I have tried:
iptables -A INPUT -i eth0 -s 172.20.101.2/24 -j ACCEPT
but with no luck. (My remote compute nodes in the cluster
all have the 172.20.101.x IP).
I have already gotten rlogin and rcp top work
and I know the problem with rsh is that the firewall is stopping
any packet returns from the remote compute nodes.
Do I need to specify the rsh port? I tried including --dport 543
but the dport option is apparently not allowed.
Any advise is welcome.

Thanks for any help.

spk
Updated on 2010-01-07T02:41:43Z at 2010-01-07T02:41:43Z by ishields
  • ishields
    ishields
    988 Posts
    ACCEPTED ANSWER

    Re: iptables editing question

    ‏2010-01-07T02:41:43Z  in response to shccr
    The first rule that will block something is what gets used. So if some higher rule blocks all traffic on port x, then opening traffic on address y will not open traffic over y on port x. You may want to look at opening rsh at the top level and then excluding it on the external adapters.

    Ian Shields