Notes on the FAQ entry on ports / firewalling


Advanced search

Message boards : Number crunching : Notes on the FAQ entry on ports / firewalling

To post messages, you must log in.

AuthorMessage
spirit

Send message
Joined: 12 Dec 06
Posts: 5
Credit: 116
RAC: 0
Message 32542 - Posted: 12 Dec 2006, 21:38:09 UTC
Last modified: 12 Dec 2006, 21:39:49 UTC

I found the FAQ entry on ports used by boinc rather confusing.

From what i figured out it seems that the boinc client always connects to the servers, never the other way around. This means that you don't need to open any incoming ports if you're using a statefull firewall like iptables on linux (reason : outgoing connections will be allowed anyways and the traffic in the other direction will be considered RELATED).

If you're using one of these *ahem* sweet win32 desktop firewalls, you have to tell them to allow boinc to connect to the internet of course.

And there is no need to open 1043 or 31416 unless you want to control your boinc machine remotely. I assume most people dont want to do this.

Another thing that seems to cause confusion : though the boinc client connects to the servers on destination ports TCP-80 and TCP-443, this does not mean that the source ports it uses on your box are 80 and 443 - they are not!

(They are something unpredictable > 1024. Otherwise you could not run boinc and a webserver at once. Neither does your webbrowser use port 80, btw).

Therefore, there is also no need to open 80 and/or 443 for incoming connections.

Conclusions :
1) no need to do anything under linux
2) allow the boinc executable to connect to the inet on windows. dont open other ports.

Please let me know if i got something wrong (don't have a win32 box to test under that OS).

spirit
ID: 32542 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mod.Sense
Volunteer moderator

Send message
Joined: 22 Aug 06
Posts: 4018
Credit: 0
RAC: 0
Message 32550 - Posted: 13 Dec 2006, 0:01:43 UTC

I'd say you've got it exactly right Spirit. BOINC uses sockets within your PC (loopback) to coordinate between the BOINC Manager and the project threads that do the crunching. So, you just have to allow the BOINC Manager to act as a server locally. Not as an internet server.

...and further, what you've summarized here is the same for all BOINC projects, nothing special about Rosetta. ...I take that back, there is some diagnostic code in Rosetta that can trigger the Rosetta application attempting to connect directly, rather then via BOINC. But this only occurs if the diagnostic code is hit, which is rare. And the debug information it is attempting to report should still go to the normal output files that are reported back with the completed WU via BOINC. So, we can really ignore that eventuality.
Rosetta Moderator: Mod.Sense
ID: 32550 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote

Message boards : Number crunching : Notes on the FAQ entry on ports / firewalling



©2024 University of Washington
https://www.bakerlab.org