On May 25, 2:30 pm, Sean Corfield <seancorfi...@gmail.com> wrote: > The :host specifies the IP (or hostname) to listen on so if you want > external access you'll need to listen on an IP that is externally > accessible. If you listen on "0.0.0.0" then it'll listen on any IP > address so you can REPL in from outside as well as directly on server > itself (on 127.0.0.1). Our servers have multiple IP addresses and this > caught me out at first when working with our data center folks and > setting up VPN/DMZ access to the host/port.
This may be good advice in some cases (eg when all network access to your server is "trusted"), but on a lot of production servers it strikes me as very dangerous to apply this suggestion carelessly. Assuming you have SSH access to the machine, by far the safest way to do it is to have swank only listen on localhost, and then use SSH port forwarding to redirect the connection through the localhost interface. For example: akm@dev-machine $ ssh -NfL 4010:localhost:4005 production-machine # from emacs on dev-machine M-x slime-connect RET RET 4010 RET This way the only people who can connect remotely are those who have permission to get a local application (usually sshd) to forward the traffic to the localhost interface on their behalf. -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
