What do I do to configure my firewall?

Message boards : Questions and problems : What do I do to configure my firewall?
Message board moderation

To post messages, you must log in.

AuthorMessage
bridgemaker

Send message
Joined: 19 Aug 09
Posts: 12
United States
Message 26694 - Posted: 19 Aug 2009, 23:49:40 UTC

Running Linux Fedora 10, 2.6.27.29 kernel. Finally got BOINC manager and client to communicate (thanks solely to the help of the people here and not to any mental acuity or activity on my part). Now I select a project, and am told that BOINC cannot communicate with the project, giving me three possible errors, one of which is that BOINC manager and client need to communicate on port 80.

Fair enough, I go into my firewall settings and check www -- port 80, which is the only thing I can see affecting port 80 in system-config-firewall.py 1.2.13 applet. But nooooooooooooo, BOINC still laughs at me.

So, I have two questions:

First: How do I make BOINC happy with my firewall?

Second: How do I prevent others from taking advantage of the fact that port 80 is now open?
ID: 26694 · Report as offensive
Les Bayliss
Help desk expert

Send message
Joined: 25 Nov 05
Posts: 1654
Australia
Message 26695 - Posted: 20 Aug 2009, 0:30:41 UTC

Port 80 is the one used by web browsers.
Your firewall program should have an option somewhere to allow specific programs access through it. Just set this so that BOINC can get through. (I think you make it "trusted". But that may be Windows talk.)

ID: 26695 · Report as offensive
ZPM
Avatar

Send message
Joined: 14 Mar 09
Posts: 215
United States
Message 26696 - Posted: 20 Aug 2009, 0:34:42 UTC - in response to Message 26695.  

Port 80 is the one used by web browsers.
Your firewall program should have an option somewhere to allow specific programs access through it. Just set this so that BOINC can get through. (I think you make it "trusted". But that may be Windows talk.)



he's not on windows.....
ID: 26696 · Report as offensive
Les Bayliss
Help desk expert

Send message
Joined: 25 Nov 05
Posts: 1654
Australia
Message 26697 - Posted: 20 Aug 2009, 1:10:47 UTC - in response to Message 26696.  

I know. :)
But I don't know the wording used in Linux firewall programs.
ID: 26697 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 26699 - Posted: 20 Aug 2009, 11:49:57 UTC

Strange. I'm on F10 as well (2.6.27.29-170.2.78.fc10.x86_64) and I have no problems. I've been with Fedora since F7 and I've never had to configure the firewall to let BOINC out.

I'm really no help, other than to say that's weird. I'd go back and put your firewall the way you had it... I'm pretty sure what you enabled is if you want to use your computer as a web server.

Are you behind a hardware router? What happens if you disable the firewall? You should be reasonably safe without it (temporarily). It shouldn't take more than 45 seconds or so to test this.
Kathryn :o)
ID: 26699 · Report as offensive
bridgemaker

Send message
Joined: 19 Aug 09
Posts: 12
United States
Message 26702 - Posted: 20 Aug 2009, 13:11:03 UTC

I have the default firewall that came with Fedora 10. There is nothing in the firewall configuration that allows me to permit a particular service to be trusted. Trusted interfaces listed are all devices. As for trusted services, BOINC is not in the list of possible services to be added, even though BOINC-client starts on boot and even though I have changed my firewall configuration from "desktop" to "server" and permitted www (http) port 80 as a trusted service.

HTTP server configuration says that the user and group are apache, should this be changed to "boinc?"
ID: 26702 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 26704 - Posted: 20 Aug 2009, 13:55:36 UTC - in response to Message 26702.  

HTTP server configuration says that the user and group are apache, should this be changed to "boinc?"


No. As far as I know, this is for running a web server, not regular old outbound web traffic.

Can you make a cc_config.xml file and turn on the following flags <http_debug> and <http_xfer_debug>? It should go in /var/lib/boinc (if that's where the package manager puts stuff, I don't use that version). You'll probably have to create the file as yourself. Then...

su
cp cc_config.xml /var/lib/boinc
cd /var/lib/boinc
chown boinc:boinc: cc_config.xml
exit


Then open up the manager. In the "Advanced" menu, there's an option "Read Config File". You should see a message something like this:

Thu 20 Aug 2009 10:54:09 PM KST		Re-reading cc_config.xml
Thu 20 Aug 2009 10:54:09 PM KST		Re-read config file
Thu 20 Aug 2009 10:54:09 PM KST		log flags: task, file_xfer, sched_ops


but with the flag you used.

I'm off to bed, but I'll try to check back in before work in the morning.

Kathryn :o)
ID: 26704 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 26705 - Posted: 20 Aug 2009, 14:04:02 UTC

As another experiment (to see if it's anything to do with the install by yum), you could download the package from Berkeley (it's an .sh file).

Put it in your home directory.

Open up a terminal and do

sh boinc_6.6.36_x86_64-pc-linux-gnu.sh


(assuming you have the 64 bit version)

Then (because the run_manager script seems to be broken)



cd BOINC
./run_client & ./run_manager

Kathryn :o)
ID: 26705 · Report as offensive
Milos Jakubicek

Send message
Joined: 19 Feb 08
Posts: 23
Czech Republic
Message 26710 - Posted: 20 Aug 2009, 21:31:13 UTC - in response to Message 26702.  

Hello bridgemaker,

I'm the Fedora package maintainer of BOINC. I'm not aware there should be any outstanding problems regarding firewall/SELinux/anything that should prevent BOINC to work out of the box at this time on Fedora 10/11/rawhide.

It would be helpful if you'd turn on all the debug flags in cc_config.xml as Kathryn suggested and post the results here so that we could see precisely at what point the communications breaks.

Regards,
Milos
ID: 26710 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 26711 - Posted: 20 Aug 2009, 21:40:43 UTC

Probably a silly question, but can the computer in question get to the internet in a browser?

What about hitting a project's scheduler in a browser. Try this test project.
Kathryn :o)
ID: 26711 · Report as offensive
Nicolas

Send message
Joined: 19 Jan 07
Posts: 1179
Argentina
Message 26712 - Posted: 20 Aug 2009, 21:44:02 UTC - in response to Message 26710.  

It would be helpful if you'd turn on all the debug flags in cc_config.xml as Kathryn suggested and post the results here so that we could see precisely at what point the communications breaks.

Enabling all flags is a bad idea. The important information will get lost very quickly in the giant amount of unneeded information. For example, just looking at the Messages tab will cause 2x logs, because the normal messages will be logged, and the client<->GUI communication to get the list of messages will also be logged.

ID: 26712 · Report as offensive
bridgemaker

Send message
Joined: 19 Aug 09
Posts: 12
United States
Message 26719 - Posted: 21 Aug 2009, 3:45:16 UTC - in response to Message 26704.  

I am searching for a cc_config.xml file throughout my entire system now. I went to /var/lib/boinc directly to check for such a file. No such file is shown, and no such file is showing up in the search throughout the system.

One of the posters had mentioned a gui_rpc_auth.cfg file. There is one in /var/lib/boinc and it is 32 bytes long.

ID: 26719 · Report as offensive
bridgemaker

Send message
Joined: 19 Aug 09
Posts: 12
United States
Message 26720 - Posted: 21 Aug 2009, 3:45:55 UTC
Last modified: 21 Aug 2009, 4:16:40 UTC

Oh, and connecting to the internet is no problem. There is no "advanced" option in the boinc manager.
ID: 26720 · Report as offensive
Les Bayliss
Help desk expert

Send message
Joined: 25 Nov 05
Posts: 1654
Australia
Message 26721 - Posted: 21 Aug 2009, 4:55:01 UTC

The cc_config.xml file is something that YOU have to deliberately create.

The advanced option is, I think, only in Grid and Accessible views, not the Simple view.

ID: 26721 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 26722 - Posted: 21 Aug 2009, 9:41:34 UTC - in response to Message 26721.  

The cc_config.xml file is something that YOU have to deliberately create.

The advanced option is, I think, only in Grid and Accessible views, not the Simple view.



Yes and Yes
Kathryn :o)
ID: 26722 · Report as offensive
bridgemaker

Send message
Joined: 19 Aug 09
Posts: 12
United States
Message 26725 - Posted: 21 Aug 2009, 13:14:57 UTC - in response to Message 26721.  

I followed the link regarding cc_config.xml but have no idea how to set flags or such. This is getting far more complicated than it is worth, and I am bowing out.

Thanks for your attempts at helping me.
ID: 26725 · Report as offensive

Message boards : Questions and problems : What do I do to configure my firewall?

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.