I need some help for my firewall, it's running linux and has a client ready to run rosetta.

Problem is I blocked all my inbound tcp-ports [iptables] and I don't know what to leave open for my client.

help? :p

---

Hi mayer[be]

You may find This post helpful. As far a I know though, local port 1043 only applies to versions below 5.4.9. now.

---

Thread moved from the Science forum

---

Moderator9
ROSETTA@home FAQ
Moderator Contact

tnx :)

My unit is working but the ports still won't work, when tcpdumping it looks like the client wants to connect to other ports aswell.
When done crunching I get http errors, can not upload/download new data, so when he's done i've got to open/close all ports manually.
The other unit behind the firewall has no problems, it's a frontline problem.

It would be handy when the client has finished crunching it can talk to a script to open all ports for 15 minutes and after that closing them again.
Is that possible? I like automation :)

---

It would be handy when the client has finished crunching it can talk to a script to open all ports for 15 minutes and after that closing them again.
Is that possible? I like automation :)

You could use BOINC General Preferences to define the hours of the day in which it is allowed to use the network. Try to give it some breathing room for retries and outages or an unusually large upload. But you could run a script to open the ports at say 00:59:00AM and tell BOINC it can use the network from 01:00:00 to 02:30:00, then at 02:30:00 you could close the ports again.

This would avoid the exponential backoff timers that result if you were to allow BOINC to hit the network anytime, only for it find it can't route out.

If you REALLY wanted to get sophisticated, you could examine the XML files of the WU and determine it has completed, and open ports... but by that time BOINC may have already attempted to connect and found it couldn't reach the host and done the timed backoff to retry. But if you catch it soon enough, it would still be in 60 second backoffs.

---

Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/

Why open out all firewall ports?
If you want to monitor the traffic to find out exactly which ports are needed, etc.. install the free network analyser utility Ethereal. When the WU is about to finish start capturing the traffic and then you can examine and see what exactly was going on, what was the destination Ip and destination port, etc..
You can then specify "allow" rules in the firewall using destination IP AND ports.

I downloaded ethereal and started scanning but a few hours later I was thinking mmmh next year i'm still scanning :p

Linux has a local portrange from 32768 till 61000 so I reduced my portrange from 32768 to 32778.
My fw script is now set to accept 80, 443, 1043, 31416 and 32768 to 32778.

For testing I blocked 80, 443, 1043 and 31416. I noticed that the client was trying to connect and only cycling between 32768 and 32778, after a while I unblocked the other ports and now the client works autonomous.

I have a small LED display on the front of my computer and that is a CPU stressmeter, when something goes wrong I defenitly notice.

Thanks for the help.

greetz!

---