1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
|
This document applies if and only if setup-daemontools.sh has been used
to set up leafnode for use with daemontools.
These are configurable parameters that deal with leafnode accepting
connections:
1. The IP leafnode is listening on. It defaults to 127.0.0.1
(localhost). Only the leafnode computer can connect to itself, and
only to 127.0.0.1, not to other local addresses.
To change this,
a) edit the first line of /service/leafnode-1/env/LISTENIP, and
b) run: /command/svc -t /service/leafnode-1
This is necessary to restart tcpserver to let it notice the
LISTENIP change. Warning: This will abort all pending connections,
but most newsreaders should recover from this.
WARNING: You will also need to edit the nntp.rules file and rebuild
the nntp.cdb file, see section 3 below.
You can place "0" (without the quotes) on the first line to let
leafnode listen to all interfaces. This can be used for multi-homed
hosts (hosts with more than one external interface).
2. The maximum number of clients that can be connected at the same time.
It defaults to 7.
To change this,
a) edit the first line of /service/leafnode-1/env/MAXCONNECTIONS and
b) run: /command/svc -t /service/leafnode-1
(this will abort all pending connections, but most newsreaders
should recover from this)
3. The access rules. They default to:
127.0.0.1:allow
:deny
The last line is a wildcard used when no other rule matches. The
corresponding rule is accessed directly. You can also write IP
ranges, such as 192.168.0.5-9, and wildcards, such as 172.16. which
means 172.16.0.0 to 172.16.255.255 (65536 addresses). Details are at
Dan J. Bernstein's home page, http://cr.yp.to/ucspi-tcp/tcprules.html
To edit the access control, do this:
a) type: cd /service/leafnode-1
b) edit the nntp.rules file
c) type: make
Step c) transforms the human-readable nntp.rules file into the
tcpserver-readable nntp.cdb file.
You do NOT need to use svc -t, tcpserver will automatically heed the
newly-updated nntp.cdb file (in contrast to the LISTENIP change
above). Existing connections that then have a "deny" instruction will
NOT be terminated however.
NOTE: leafnode has another last line of defense against inadvertently
opening the own computer to the wide world, that will prevent access
from non-local IP addresses. If you have a friend on a static IP
outside your LAN whom you want to give leafnode access, you must also
edit leafnode's config file. Look there for "allowstrangers".
(C) 2002 by Matthias Andree, see COPYING for the licensing conditions.
|