Topic: opening ports

[dwater]

Hi,

Just noticed many denylog entries in /var/log/messages :

perl -ane 'if ( /denylog/ ) { /(IN=eth[01])/; print "$1\t"; /(SPT=[0-9]+)/; print "$1\t"; /(DPT=[0-9]+)/; print "$1\n";}' /var/log/messages | sort -u
IN=eth1 SPT=10000       DPT=1063
IN=eth1 SPT=10000       DPT=1165
IN=eth1 SPT=10000       DPT=1216
IN=eth1 SPT=10000       DPT=1272
IN=eth1 SPT=10000       DPT=1390
IN=eth1 SPT=10000       DPT=1420
IN=eth1 SPT=10000       DPT=1470
IN=eth1 SPT=10000       DPT=1644
IN=eth1 SPT=23  DPT=1639
IN=eth1 SPT=5050        DPT=1035
IN=eth1 SPT=68  DPT=67

Port 10000 rings a bell as being one used by VPN.
Port 23 is telnet - looks a bit suspicious.
Port 68 is bootp - to be expected?

I think the 10000 may be people on our lan who are trying to use VPN. I suppose this message means that they are failing to do so

Some googling shows that I need to open ports 500, 4500, and 10000.

How can I do this?

Max.

[Olsen]

Using the server-manager (www.yourdomain.com/server-manager)  Under Configuration (depending on what flavor you have, is a menu item "Port Opening".  That should do it.

[dwater]

Using the server-manager (www.yourdomain.com/server-manager)  Under Configuration (depending on what flavor you have, is a menu item "Port Opening".  That should do it.

I don't have such an option. How do I get 'Port Opening' on my menu? Is there a contrib to do it?

I found reference to a masq-manager contrib at :

http://www.muzo.homeip.net/nest/contribs/Rpm/Masq_Manager/

but I can't seem to reach that site from here. Is it still active?

Max.

[Olsen]

Check this link out.  It will walk you through opening VPN.

http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_30.htm


The contrib I have installed on my server for opening ports is

dmc-mitel-portopening 0.0.1-4

However, I am having trouble finding anyone who is hosting the file anymore.....

[dwater]

Check this link out.  It will walk you through opening VPN.

http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_30.htm


The contrib I have installed on my server for opening ports is

dmc-mitel-portopening 0.0.1-4

However, I am having trouble finding anyone who is hosting the file anymore.....

The howto quotes :

rpm -Uvh http://sme.swerts-knudsen.dk/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm

I'm giving it a try now.

Thanks.

Max.

[CharlieBrady]

Port 10000 rings a bell as being one used by VPN.
Port 23 is telnet - looks a bit suspicious.
Port 68 is bootp - to be expected?

I think the 10000 may be people on our lan who are trying to use VPN. I suppose this message means that they are failing to do so

Unlikely. Most iptables logs are either stray traffic, or skript kiddies probing for weaknesses.

Some googling shows that I need to open ports 500, 4500, and 10000.

There is absolutely no point in opening ports on the server unless you have installed software on the server which is listening to those ports. From what you say, you haven't done that.

[dwater]

Port 10000 rings a bell as being one used by VPN.
Port 23 is telnet - looks a bit suspicious.
Port 68 is bootp - to be expected?

I think the 10000 may be people on our lan who are trying to use VPN. I suppose this message means that they are failing to do so

Unlikely. Most iptables logs are either stray traffic, or skript kiddies probing for weaknesses.

Some googling shows that I need to open ports 500, 4500, and 10000.

There is absolutely no point in opening ports on the server unless you have installed software on the server which is listening to those ports. From what you say, you haven't done that.

When I was running FC3 in the same role as I am now running SME, I had iptables simply forward traffic from those ports. I know people on my subnet use Cisco VPN (but I don't know that they have definitely tried to since I started using SME, but it's likely).

Isn't the process of 'opening the ports' on SME the same as telling iptable to simply forward traffic on those ports to the other interface?

I'm confused...thanks for any enlightenment.

Max.