Topic: how to open ports sme7

[dub]

hello world,

is somebody now how to open tcp ports on sme 7b4

thanks

[arne]

"To open a port" can be two completely different things.

a. To "open" or forward a port to a server on lan.
b. To open a port to one internal processes running at the gateway PC.

please explain the requirement a little bit bether.

Arne.

[dub]

I need to open port on lan and then use port forwarding contrib to foward it

And open external port for specials applications.

no way at time in sme7 and contrib.

How to do it in code line

thanks

[dub]

sorry

its for server in gateway mode

[arne]

When it comes to "opening" and forwarding udp or tcp trafic into servers on the lan, this is very easy. You just use the standard function on the server-manager panel, go into the function for port forwarding, and all "actions" are done automatic. (Port opening, port forwarding etc.) There is absolutely no need for any shell commands for that.

If it is also a question of opening for certain ports or trafic to the internal local processes on the gateway machine itself, that's an other story.

Linux (with 2.4.x or 2.6.x kernel) has two completely different set of built inn firewalls. One set is for filtering and forwarding trafick to lan. The other is for filtering the trafic into the local processes on the gateway. Technically the one firewall that controll the inncomming trafic to lan can be completely open, when the firewall that controll access to local gateway processes can be completely locked or vise versa. You dont have to lock up "the gateway firewall" to be able to have free access via "the lan access firewall".

(In earlier revisions of Linux kernel it worked the other way, there were only one firewall that opened for access to local processes and lan.)

SME 7.4 B4 has a fully automated controll function, via the server-manager panel, for controlling the trafic to servers located on the lan. (Enables controll of one of the two firewalls.)

(Actually the Linux revisions of two day has more than two firewall sets, it's also possible to filter the outgoing trafic, so the set of independent firewalls is at least 3, depending a bit how you like to see the situation.)

[arne]

"of two day" .. of cource not two days but "to day".

[dub]

ok i'm now in 7b5

i need to open port 22000 in local access
and external acces to...

how doing that ??

thanks for your comments

[dub]

i add an engine and need to view data and work with on the lan but also with external client (personnal built application)

[arne]

If the application is running on the gateway PC itself ..

There is a real and proper way of doing this modification (did see the real and proper way mentioned in a tread here some days ago), and there is also a "quick and dirty one" for testing.

"The quick and dirty" method as mentioned here is a bit dangerous because minor mistakes can destroy the security of your gateway completeley. It can be mentioned but not recomended.

This command will/should put in a whole in your firewall that will leak in the specified trafic:

iptables -I INPUT -i eth1 -p tcp --dport 22000 -j ACCEPT

(If it is udp, "tcp" in the string has to be replaced by "udp". You might also have to check that eth1 is your external card.)

If you reboot your sme server-gateway this whole will be gone and the orginal security will be back.

[dub]

Ok it work but how to keep it all the time

rebooting will be necessary !!!

thanks for your help

[Black]

Just tell the guy how to open/forward a port via the server manager. If you cant do it under 2 sentences then someone needs to fix the problem in the distro.

There should be no reason why this guy has to post 5 times to get an answer for port opening.

[arne]

"Just tell the guy how to open/forward a port via the server manager."

Well the point is that Linux have a number of firewalls. This is to day common for most distros.

The question is then "which one of those firewalls in the Linux kernel doed he want to get opened."

Anwer to this question seems to be: He does not want to get opened the fireeall that can be managed via the server-manager. He want to get opened one of the other firewalls.

I think it is not a probelem in the distro that it does not contain a function for configuration that has never been in this distribution before, a server-manager control of the input or output chain of the netfilter module.

[arne]

By the way .. I saw for a few days ago a description of how to make proper and permanent netfilter input chain modifications in one tread in this forum. (So it can be searced for.) It has to be done as a template modification. Don't remeber the details.

[CharlieBrady]

Just tell the guy how to open/forward a port via the server manager.

Well, you are rather rude, aren't you. Arne has already said how to forward a port via the server manager. He tried to help. You haven't tried to help anyone.

There should be no reason why this guy has to post 5 times to get an answer for port opening.

Most people who want to "open a port" don't know what they are trying to achieve. Opening a port on the server itself usually isn't required.

[dub]

Ok mens keep cool !

just one or two ideas...

After Arne suggest i ve try to find the fabulous post where we can find the netfilter customsation but finding nothing.

For charly we try to understand the difference with or product centos servers.  For lot of things your job is so great...but in 2005-06 many softs and engines need to use several ports to communicate.

Actually or base engine work fine and all services are ok we just need to exchange or 128 bits crypting ('by or engine') data to a TCP hole.

Nothing more .....two minutes in centos a little bit more with sme7 but i'hope to find

If you can help me thanks a lot if not just keep relax

no problems i understand after few hours reading posts that many questions are under ways