[distcc] Trouble with NAT (client/server connection persistent?)

Kevin distcc at gnosys.biz
Sat Aug 21 02:11:37 GMT 2004 

Hi All-

I operate a fast, dual-CPU server at work that I'd like to make a
volunteer for some of my other machines at home, but at home I'm behind
a NAT firewall that blocks all incoming connections (by design).

Thinking that the distcc protocol is client-server in nature with the
volunteer being the server and receiving connections at port 3632
(presumably not initiating any) from the client originating at some
random high-numbered port (where the build job originates), I was
thinking that this should work if I want to farm compile jobs initiated
at home out to the big server at work.  The client at home behind the
NAT firewall initiates the connection outbound through the home firewall
to the distcc port on the server (with firewalling at the server at work
configured to allow the connection from the NAT address).  If the
connection between the client and the server is persistent throughout
the time that the server/volunteer is compiling the job that's been
given to it by the client, then this scheme should work, right?  I mean,
I do the same thing with ssh connecting to sshd all the time through
this NAT firewall.

Anyway, it's not working for me whereas it is working between machines
that are all behind the NAT firewall.  Is my thinking wrong here?  Is
anyone else doing something like this?

I read the distcc faq and whitepaper and searched the archives for NAT
and googled around but didn't see anything to help with this.

Is my understanding (gained from the whitepaper) correct in thinking
that the machine where the make job is initiated is the client and the
client preprocesses the .c file, initiates the connection to the
volunteer/server, says, "hey, compile this file for me", keeps the
connection open while the volunteer does the compile job, and then using
the same connection, the server says, "hey, here's the object file"
after which the client tears down the connection.  Is that correct?  Is
so, shouldn't this scheme work?

Any thoughts most welcome.

-Kevin

More information about the distcc mailing list