Topic: Allowing Ports

[Michael Gibson]

Hello,

I have SME 5.1.2 and was wondering how I open a port. I am not super experienced with the Linux commands andwould appreciate some help.

Is there a tool (rpm I think that I can load to allow ports?)

If so where can I get this and how do I install it.

Thanks
Michael

[JeffC]

Michael,

contribs.org is your friend. :>

contribs.org > contribs file library > dmay > mitel > contribs > portopening

That should get you what you need.

-jeff

[Charlie Brady]

Michael Gibson wrote:

> I have SME 5.1.2 and was wondering how I open a port. I am
> not super experienced with the Linux commands andwould
> appreciate some help.

First thing is that you should no longer use 5.1.2 - it is not being maintained, and is likely insecure.

Secondly there's no point in opening ports unless software on the server is using those ports, and any required ports should be opened by an interface package ( see http://www.e-smith.org/docs/howto/howto_modify_e-smith_interface_rpm.php3).

If you're customising and adding software which doesn't have an interface package, then you can use a custom template to open a port.

If you haven't added software to the server this is no point at all in opening ports in the packet firewall.

Charlie

[Michael Gibson]

Thanks for the replys, Now I have downloaded the file, is there any quick and easy steps to installing the rpm???

Thanks for your time.

[Charlie Brady]

Michael Gibson wrote:

> Thanks for the replys, Now I have downloaded the file, is
> there any quick and easy steps to installing the rpm???

Don't. It's unlikely to solve your (unspecified) problem - either that, or there is likely to be a simpler and more reliable way.  What problem are you trying to solve?

Charlie

[Michael Gibson]

Allowing a port to be opened.


I have a set up at home with 4 people accessing a sme server for firewall and proxy and 2 people want to be able to use yahoo webcam over the net and I need to open a port that is blocked by the server.

[Charlie Brady]

Michael Gibson wrote:

> I have a set up at home with 4 people accessing a sme server
> for firewall and proxy and 2 people want to be able to use
> yahoo webcam over the net and I need to open a port that is
> blocked by the server.

Opening a port on the server will achieve nothing - the webcam software is not running on your server.

You don't need to open a port, you need to forward a port to an internal machine. However, you can only forward inbound connections on any particular port to one internal machine. Hence, only one of your users can use yahoo webcam (TCP port 5100) over the net.

Charlie

[Michiel]

> Hence, only one of your users can use yahoo webcam (TCP port
> 5100) over the net.

I thought kernel 2.4 (hence SME 5.6) would allow you to run multiple seesions? I tested it with two hosts on the LAN and one external doing any-to-any, and it worked out of the box with 5.6.

Michiel

[Charlie Brady]

Michiel wrote:

> I tested it with two hosts on the LAN and
> one external doing any-to-any, and it worked out of the box
> with 5.6.

I don't know what you mean by any-to-any.

Any number of machines can create outbound TCP connections to the same server on the same port. But inbound connections on any port can only be forwarded to one internal machine.

Yahoo documentation:

http://help.yahoo.com/help/us/mesg/webcams/webcams-13.html

says you need to accept inbound TCP on port 5100. If that's not the case, then fine, it'll just work.

In any case, opening ports in the firewall won't help. It'd just mean that connections were rejected at the socket layer rather than by netfilter.

Charlie

[Michiel]

> Any number of machines can create outbound TCP connections to
> the same server on the same port. But inbound connections on
> any port can only be forwarded to one internal machine.

Obviously I'm dancing on dangerous ground if I disagree with you on technical issues, but here we go...

I tested the following set-up:

- Two WinXP boxes on my LAN, both connected to the Internet through an SME 5.6 gateway with cable connection (dynamic IP).

- A third box connected directly to the internet via a different ISP. Also WinXP and dynamic IP.

Without any tweaking I estblished simultaneous Yahoo video sessions between each of the boxes (so three sessions were running at the same time). SuperWebcam mode did not work as it requires a direct connection to the client, but normal mode is OK.

In other words, SME 5.6 is an even better product than you realize yourself

Michiel

[Charlie Brady]

Michiel wrote:

> I tested the following set-up:
>
> - Two WinXP boxes on my LAN, both connected to the Internet
> through an SME 5.6 gateway with cable connection (dynamic IP).
>
> - A third box connected directly to the internet via a
> different ISP. Also WinXP and dynamic IP.
>
> Without any tweaking I estblished simultaneous Yahoo video
> sessions between each of the boxes (so three sessions were
> running at the same time).

I don't doubt that they were. But what you didn't do was to connect from the third box to each of the first two. The direction is significant. It's just not logically or physically possible to port forward port 5100 from the gateway box to both WinXP A and WinXP B.

Based on what you say the Yahoo advice is incorrect. It's *not* necessary to have inbound TCP connections to port 5100. And my original point stands, that no "port opening" is necessary or useful.

> In other words, SME 5.6 is an even better product than you
> realize yourself

Perhaps. But only within the realm of the possible, please

Be sure to try 6.0beta2 - even better by far!

Charlie

[Javier Teran]

Hi, How i can do for allow to my private network access to netmeeting, msn and yahoo messenger video conference? the PFW forward to an ip address destination, i can do permit to all net? how?.

thanks..