Topic: Using port 2525 for SMTP traffic

[pwalter]

Trevor B,

Thanks for the updated script. I had a small problem with the original script - I use pppoe to connect to my isp, and, whenever the pppoe connection disconnected, it would not restart automatically because it the ip-up event is "supervised" - and, since ip-up never really terminated because of the redir program, supervise never recognized that ip-up should be restarted. I fixed that by using "exec" to start redir, but then I ended up with multiple copies of redir running. My bash skills are very poor - I tried to modify the script to detect if redir was already active, and skip starting it if it was, but failed miserably. Can you suggest a method of avoiding this problem?

Peter

[TrevorB]

I use pppoe to connect to my isp, and, whenever the pppoe connection disconnected, it would not restart automatically because it the ip-up event is "supervised" - and, since ip-up never really terminated because of the redir program, supervise never recognized that ip-up should be restarted. I fixed that by using "exec" to start redir, but then I ended up with multiple copies of redir running. My bash skills are very poor - I tried to modify the script to detect if redir was already active, and skip starting it if it was, but failed miserably. Can you suggest a method of avoiding this problem?

Peter

Peter,

this would obviously happen for me too (but I'm on cable and my IP has only chnaged twice in the many years I've been with them...).

Would suggest that it is easiest to include all redir bits in one script (I have seperate ones for smtp & www) and do a kill of all running redir processes before starting the new ones (but be carefull that there aren't any other processes running that will be caught by your script).

I will play with this at some stage (just not right now, some tax stuff to sort this weekend), but you could look at using something like (but don't quote me - I'm doing this from memory & my scripting skills are a little rusty
for pid in 'ps -ef | grep /usr/local/sbin/redir'
do
  kill 'echo $pid | cut -f2 -d" "'
done

Trevor B

[pwalter]

Trevor B,

Thanks for the suggestion - I will try it out.
In the meantime, this is what I have been using:
[smtp-redir script in /etc/e-smith/events/actions]

#!/bin/bash

#------------------------------------------------------------
# Hacked script to try to redirect smtp traffic from external
# port 2525 to internal port 25
#------------------------------------------------------------

# description: Configures IP redirection from an external port
# to an alternate internal port.
ISREDIR=$(pidof -x redir.pl)
if [ $ISREDIR="" ] ; then
   OUTERNET=$(/sbin/e-smith/db configuration get ExternalIP)
   echo /usr/local/bin/redir --lport=2525 --laddr=$OUTERNET --cport=25 --caddr=$OUTERNET
   exec /usr/local/bin/redir --lport=2525 --laddr=$OUTERNET --cport=25 --caddr=$OUTERNET
fi
exit 0

But, for reasons I think are unrelated to the script, pppoe would not restart in a timely fashion (my isp connection seems to fail a lot), so I also have a cron job as follows:

OUTERNET=$(/sbin/e-smith/db configuration get ExternalIP)
PPPUP=$(/sbin/ifconfig | grep pppoe)
if [$PPPUP = ""]
then
   PID=$(svstat /service/pppoe)
   PID=${PID%%)*}
   PID=${PID#*pid}
   kill -s 9 $PID
   ADMIN=$(/sbin/e-smith/db configuration get AdminEmail)
   echo "pid $PID killed because ppp0 was not found." | mail -s "Restarted PPPOE" $ADMIN
fi

Klugey, but it works.

Peter

[TrevorB]

I took an equally klugey, but different approach.

I called this script restart-redir and symlinked it in rather than the www-redir & smtp-redir ones as I had previously.
ln -s /etc/e-smith/events/actions/restart-redir /etc/e-smith/events/ip-up/S88restart-redir
ln -s /etc/e-smith/events/actions/restart-redir /etc/e-smith/events/ip-change/S88restart-redir

I guess that if I added a configuration item redir which had matching pairs, it would be easy to automate the script (and then I'd need a simple panel and ......

Trevor B

Code: [Select]

#!/bin/sh

#------------------------------------------------------------
# Hacked script to try to redirect traffic from external
# ports 2525 & 940 to external port 25
# and port 8080  to external port 80
#------------------------------------------------------------

# kill all the existing redir sessions prior to starting the new ones

killall -eq /usr/local/bin/redir

# Configures IP redirection from an external port to an alternate external port.

OUTERNET=$(/sbin/e-smith/db configuration get ExternalIP)
/usr/local/bin/redir --lport=2525 --laddr=$OUTERNET --cport=25 --caddr=$OUTERNET &
/usr/local/bin/redir --lport=940 --laddr=$OUTERNET --cport=25 --caddr=$OUTERNET &
/usr/local/bin/redir --lport=8080 --laddr=$OUTERNET --cport=80 --caddr=$OUTERNET &

exit 0

[pwalter]

Trevor B,

Your kluge *is* superior to my kluge - far more extensible. I am going to revise mine to match yours.

Hmmm... I am sure that this is something that would be useful to others, if only (sigh) we could get a FormMagick / rpm guru involved to create a sme-redir rpm and a configuration panel. Are there any SME gurus out there willing to spend an hour or so on doing this? it would be a nice addition to SME 7.x, particularly if it also opened the specified ports without needing the port-opening contrib.

Peter

[TrevorB]

Hmmm... I am sure that this is something that would be useful to others, if only (sigh) we could get a FormMagick / rpm guru involved to create a sme-redir rpm and a configuration panel. Are there any SME gurus out there willing to spend an hour or so on doing this? it would be a nice addition to SME 7.x, particularly if it also opened the specified ports without needing the port-opening contrib.

Peter

Don't need a guru, I can build the panel, package, etc. (have done a couple, but am certainly NOT a guru). It is more when, as I'm just a little busy at the moment.

You don't have to use FormMagick, you can use perl, but it should be easier with FormMagick, once you know how....

I have a couple of issues
1. the best way of opening/closing the ports, and
2. the best way to store the port pairs.

Not exactly sure the best way to open the ports and a little worried about the closing the ports when you disable a redir, in case it was wrongfully set or an important port. May need a 'Do you want to also close the port?' query on the panel...

I was thinking I might need a sepearte config database with a line per pair (called redir?):
<name>|status|<enabled|disabled>|External_Port|<external port>|Internal_Port|<internal port>

example:
smtp|status|enabled|External_Port|2525|Internal_Port|25
http|status|enabled|External_Port|8080|Internal_Port|80

Anyway, need the basics first. So off scripting I go and then  panel building....

Trevor B

[gordonr]

I have a couple of issues
1. the best way of opening/closing the ports, and
2. the best way to store the port pairs.

Sorry to come in so late on this thread, but what's wrong with setting up a Port Forward from port 2525 to port 25 via the Port Forwarding panel?

In 6.0/6.5, you need to port forward to your _external_ IP address, which is a challenge for dynamic IP addresses. But in 7.0 you can use "localhost" as the destination and have the dynamic IP change tracked automagically.

Backporting that change to 6.x wouldn't be hard if someone felt like a small challenge. It would seem to be far simpler than duplicating this with redir, a new db, panel, etc.

Am I missing something?

[TrevorB]

Sorry to come in so late on this thread, but what's wrong with setting up a Port Forward from port 2525 to port 25 via the Port Forwarding panel?

In 6.0/6.5, you need to port forward to your _external_ IP address, which is a challenge for dymamic IP addresses. But in 7.0 you can use "localhost" as the destination and have the dynamic IP change tracked automagically.

OK, wasn't sure that this would work (but I guess if redir works, then so would using the external IP in port-forwarding.

The dynamic IP thing will be a problem for Peter and those with rapidly changing IP's, but shouldn't worry me.

I'll be running 7.0 as soon as I can - once I get setup properly and help you guys with the testing etc. (my old test box is a P1, so won't work with 7.0..., and I can easily live with what I have (have been for > 3 years)

Backporting that change to 6.x wouldn't be hard if someone felt like a small challenge. It would seem to be far simpler than duplicating this with redir, a new db, panel, etc.

Am I missing something?

Glad you came by.

No, I don't think you missed anything. I guess we didn't realise that it would be so easy with 7.0 (BTW, won't using localhost expose the mail server for relaying etc.?).

I'll finish off the script (using my redir db to prime the ports) as I've almost finished the script and it is easy to update the db (/sbin/e-smith/db redir setprop smtp status enabled, etc), but not do a panel or package.

Thanks Gordon
Trevor B

[gordonr]

OK, wasn't sure that this would work (but I guess if redir works, then so would using the external IP in port-forwarding.

Yep. And port forwarding will be more efficient - the data doesn't have to come down to a user space process.

The dynamic IP thing will be a problem for Peter and those with rapidly changing IP's, but shouldn't worry me.

The changes in 7.0alpha handle dynamic IPs correctly. I haven't tried it, but the 7.0 version of e-smith-portforwarding may well work on 6.x

I'll be running 7.0 as soon as I can - once I get setup properly and help you guys with the testing etc. (my old test box is a P1, so won't work with 7.0..., and I can easily live with what I have (have been for > 3 years)

Sorry, there comes a time...you can get a very powerful box with mirrored drives for around AUD$900 these days.

No, I don't think you missed anything. I guess we didn't realise that it would be so easy with 7.0

We aim to please

(BTW, won't using localhost expose the mail server for relaying etc.?).

No. "localhost" is just used as a database token and expanded to the current external IP when we adjust the firewall. If you enter any of $ExternalIP, $InternalIP, localhost or 127.0.0.1 into the panel, we store it as "localhost" and fix it up on the fly.

I'll finish off the script (using my redir db to prime the ports) as I've almost finished the script and it is easy to update the db (/sbin/e-smith/db redir setprop smtp status enabled, etc), but not do a panel or package.

I think it would be more valuable to try the later e-smith-portforwarding on 6.x and fix any breakage. That way you know that the changes will be catered for during an upgrade to 7.0 and we wouldn't need redir at all.

[pwalter]

Trevor, Gordon,

Thanks for the discussion. For myself, the news of portforwarding improvements have finally tipped the balance, and I now have a good reason to try out SME 7.0 - my system has always been near the "bleeding edge" anyway.

I did have a brief look at extracting the rpms from the SME 7.0 Alpha 26 distro and applying them to my 6.01 system - but it seems that the time would be better spent investigating what I need to change on my system to accomodate 7.0, since I will be moving my production system to 7.0 (after Alpha 3,272) anyway  

[TrevorB]

Sorry, there comes a time...you can get a very powerful box with mirrored drives for around AUD$900 these days.

Yeah, I know, but I just recycled the kids PC's (very cheaply - thanks MSY), so I need to be cautious around 'she who must be obeyed'. I'll have to look at finding a box to put the working bits from the kids discards in.

I think it would be more valuable to try the later e-smith-portforwarding on 6.x and fix any breakage. That way you know that the changes will be catered for during an upgrade to 7.0 and we wouldn't need redir at all.

Effort redirected. I can do this on the old P1

Trevor B