On Tue, 2006-01-31 at 19:52 +0100, Bart Couvreur wrote:
> What place(s) must I open port 9000? The router? Each
of the client
> machines? How safe is this -- or rather, maybe I should ask, what
> precautions are advisable?
> Thanks for the help. I hope my language isn't too awkward. Doing
> seems to be the only way to really learn this stuff.
>
Probably best to open this on your box only (unless off course you
want to run an Internet radio, which would mean opening the port on
the router aswell). The client machines mostly use other ports to
access slimserver, which means they establish a connection, something
which is almost always doable, you don't have to open ports on a
client to let it make connections. On the server box you can open the
port (presuming you only run iptables) as root:
# iptables -I INPUT -s 192.168.0.0/24 --dport 9000 -j ACCEPT
(change 192.168.0.0 to whatever your network is)
# iptables-save
(to save the changes on rebooting the box)
This will allow only people on your network to reach slimserver.
Opening a port to the network is not so unsafe, especially since there
is a server listening on that port. Only advice I could give is, make
sure that slimsrever stays up to date.
I'm only interested in streaming audio over the LAN (for the time being
anyway.)
The slimserver is on 192.168.1.11 behind default gateway 192.168.1.1
(the router). The router is behind LAN address 192.168.0.1 (the DSL
modem). I've been assuming that 192.168.1.0/24 is the right form for my
network source IP address here.
(1) So why isn't this working?
root@PuteA Sat Feb 04 16:52:31
[240] ~ $ iptables -I INPUT -s 192.168.1.0/24 --dport 9000 -j ACCEPT
iptables v1.3.0: Unknown arg `--dport'
(2) Also, I've noticed that the box on which I've installed slimserver
now has another user (which I did not add!) called "slimserver" with a
home directory of /usr/local/slimserver. Under "User Properties -->
Account Info" the "local password is locked" box is checked.
Thanks for the help on this!