Topic: opening ports in the firewall

[grist]

howdy,
i've been using sme server 6 for a few months and have just loaded an application up on it that listens for incoming connections on a specified port. the problem is that i can't connect to this port from the outside world (works fine from the lan). i am picking that i need to open a port in the firewall to allow the incoming connection but am having trouble finding information on how to do this.

can someone help or point me in the right direction please.

thanks,
grist.
-------------------------------------

Quantum Mechanics: The dreams stuff is made of.

[RavenIV]

use the search-funktion of this forum.
that question was diskussed very often.

cheers

[grist]

so i tried an advanced search for 'open port firewall' before i made this post and these are the only hits i got, none of which seem to contain what i want to know.

Forums Howto Kernel upgrade.
  smeghead (2004/9/16 5:35:30)
Forums WANTED: Team leaders & members
  dpcritchley (2004/9/10 3:26:06)
Forums port 110: Connect failed, but only on LAN
  trenskow (2004/8/30 4:22:48)


suggestions for better search terms? i figured this would have come up a lot and was surprised the search didn't turn anything up.

cheers,
grist.

[meanpenguin]

The 5.6 version should work with 6.0.1

http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/portopening/

Ed

[grist]

excellent. that seems to have done the trick.

i notice there is a v6 one there too, but i got a dependency error trying to install it.


ta muchly,
grist.

[meanpenguin]

Where is the v6 one?
And what was the dependency error?

Ed

[briank]

Muzo's firewall contrib will open ports in ver 6
Regards
Brian

[grist]

oops, my mistake. it was v5.6, but this is the error...


/bin/rpm -Uvh e-smith-packetfilter-1.13.0-04.noarch.rpm
error: failed dependencies:
        e-smith-packetfilter >= 1.13.0-13 is needed by e-smith-portforwarding-0.2.0-02
        e-smith-packetfilter >= 1.13.0-22 is needed by e-smith-pptpd-1.10.0-02


i installed the v5.5 one fine. i have sme v6.0 with no patches or additions (apart from dircproxy which is what i am trying to get running). for some reason it doesn't seem to be binding to the wan network card although it works fine on the lan one.  :/

[mj62]

Muzo's firewall contrib will open ports in ver 6
Regards
Brian

Hi - I did a search for this firewall contrib, but didn't see it.  Is this some kind of interface for V6 to allow for opening of ports?


We're running SoulSeek here and seeing a steady flow of 'denylog's on DPT=2234 in /var/log/messages, even though I applied the 5.5 patch for opening ports and I've opened this 2234.

It does say the ports are opened:

Current list of non-default open ports.
Protocol Ext Port  TCP 2234 Remove... TCP 5534 Remove...


Perhaps I need to get some kind of version 6 patch in place?

Any advice is greatly appreciated.

Thank you for your help,
Matt

[Black]

dude I did a post on this a while ago but if you search for "ports" it doesnt show up?? wtf

http://forums.contribs.org/index.php?topic=21907.0

I am still not clear on the template things but this is how you open a port:

Ok with much fan fair I have finally figured this out. Now there are two ways of doing this. the "Regular Way" and the "E-Smith Way" this lesson is the Regular way working with squid. It took alot of time to get this but later I will work on the template issue. And to be honest with you, Shame to those who ignored my plea for help :)At least you could have responded to it..lol(I got 1 response, open source baby!)



To open any port on your e-smith without the template option you have to edit the squid.conf file as follows:
Logon : root
Password (enter password)
Now your at your prompt(doesn't matter what yours looks like as long as you're root)

Type This:

cd /etc/squid

You will now be in the squid directory(if your not then find it by typing without quotes "locate squid"
and get yourself to that directory.

Once your in the squid directory type this:

pico squid.conf

now you will see alot of text but don't worry, you two options if you mess up:

So anyways, You want to edit 2 lines as follows:

On the acl SSL_ports line add (your port) i.e 8080 or 8087 or both.(make sure you have a space between each port) Then You MAY need to edit the acl Safe_ports line to say the same thing(if needed)

One port is Secure and the other is standard....

You can try each one first(i.e SSL or Safe_Ports) then type this:

CTRL(Control Key) x It will ask you to if you want to save the file or not. Choose Y press enter or Choose N for NO

If you mess up and press Y without being sure then it will ask you about the file name, Just add 1 to it and it will save it as squid1.conf(you can always delete it later)(the system only knows squid.conf anyways)

When your ready type :

/etc/rc.d/rc7.d/S90squid restart (wait a minute so it can reload) then go back to your browser and check your connection,

acl Safe_ports (0000) <---Add your port here as well.(without brackets)

So in closing to open a port you type this in:

/etc/squid/

pico squid.conf

On the acl SSL_ports line add 0000 <--Your Port). Then do a
/etc/rc.d/rc7.d/S90squid restart

If it still doesn't work then edit :

acl Safe_ports (0000) <---Add your port here as well.(without brackets) Then :

/etc/rc.d/rc7.d/S90squid restart


and test.

Good Luck!

[briank]

Hi Matt
The link for Muzo's firewall contrib is
http://no.longer.valid/mylinks/singlelink.php?cid=123&lid=372
It will list the rules and open/deny ports
Regards
Brian

[mj62]

Thank You --

I wasn't brave enough to tackle that squid suggestion, but the Muzo Firewall one seemed to removed all the 2234 denylog messages from /var/log/messages, so that's good news to me