Topic: SME 6.0b3 - port opening

[Gyula Voros]

Hi,

I'm sorry if this is in the forums already, I couldn't find it. I'm looking for a way to open a port on my SME 6.0b3 box, to run another server app (FreeNet) that listens on specific port. I can forward the port to a machine on my LAN and everything works fine, but if I run it on my SME server/gateway, i don't get any incoming connections - I imagine this is because the port is firewalled.

So, how do I open a port? ... if you don't mind including what file I should edit for I'd appreciate it. Thanks!

-- Gyula

[Mike]

Isn't there a port opening panel already in de server-manager???

[Michael Soulier]

Gyula Voros wrote:
>
> So, how do I open a port? ... if you don't mind including
> what file I should edit for I'd appreciate it. Thanks!

Officially, you use a custom masq fragment to open the port you need.

Something like...

mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
echo '$OUT = allow_tcp_in(, 1)' > \
    /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90InboundTCP10Custom
/sbin/e-smith/signal-event remoteaccess-update

Where is the port you wish to open.

Mike

[neurotecimbecile]

well,

  all the port opening stuff is in the service managaer,,just lok at it and then you can open a port ,,,,,thants it

[Gyula Voros]

Thanks for the suggestions. I got it working by using Michael Soulier's method but I had to add the following

adjust_tcp_in ACCEPT $NEW_InboundTCP

to the custom template fragment instead of the $OUT = .... that was suggested.

And there is a port *forwarding* panel in SME Manager... but I tried 'forwarding' a port to the server, but that didn't seem to work. I just needed the port open so a process running on the SME box listening to the port would actually hear stuff. And now I have it working beautifully.

Too bad FreeNet seems to be having problems at the moment. Interesting concept, though.

Thanks everyone,

-- Gyula

[Michael Soulier]

Gyula Voros wrote:
>
> Thanks for the suggestions. I got it working by using Michael
> Soulier's method but I had to add the following
>
> adjust_tcp_in ACCEPT $NEW_InboundTCP
>
> to the custom template fragment instead of the $OUT = ....
> that was suggested.

My bad. The suggested fragment needs braces around it.

[root@sme1-60 root]# cat /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90InboundTCP10Custom
{
$OUT = allow_tcp_in(3333, 1)
}

> And there is a port *forwarding* panel in SME Manager... but
> I tried 'forwarding' a port to the server, but that didn't
> seem to work. I just needed the port open so a process
> running on the SME box listening to the port would actually
> hear stuff. And now I have it working beautifully.

The portforwarding panel was designed to forward external traffic to internal boxes, not for forwarding to itself.  We may add that capability, but I don't see a big demand for it.

Mike

[Brad]

Well Michael Soulier,  I would like to see the SME Server open a port to itself in the Server Manager.

Perhaps I will add it to the wish list.

[Dan Brown]

To what end?  If a port needs to be open for an application, that application (or the e-smith interface RPM) should open the port itself.

[Michael Soulier]

Dan Brown wrote:
>
> To what end?  If a port needs to be open for an application,
> that application (or the e-smith interface RPM) should open
> the port itself.

Agreed. We're looking at changes required to permit the portforwarding panel to properly forward ports to localhost, which currently does not work. I don't see the point of a "port-opening" panel. If you are installing a new service, write an e-smith package to go with it, that includes masq fragments to modify the firewall rules appropriately, not to mention the templates for the service's configuration files.

Mike

[Mark]

This sounds like it solves a need of mine. Where can I read a bit more creating and using masg fragments? I have searched the manuals and forums for "masq fragment" and similiar without harvesting too much.

TIA,

 - Mark

[Newies]

Hi Michael Soulie,

I had followed the instruction given above but I still cant open the port 10080 for the SME 6.0(Server and gateway)...

{

$OUT = allow_tcp_in(10080,1)

}

[msoulier]

This sounds like it solves a need of mine. Where can I read a bit more creating and using masg fragments? I have searched the manuals and forums for "masq fragment" and similiar without harvesting too much.

TIA,

 - Mark

The best place is the server itself.

/etc/e-smith/templates/etc/rc.d/init.d/masq

Mike