Topic: Port Forwarding stop working after ADSL reconnect

[lightman]

Hi

I was looking on the board and couldn't find anything about this.

I have 2 boxes with the same problem, one is SME 5 and the other is 5.6.

I have port forwarding for several ports, if for some reason
the ADSL went down, and reconnect, the port forwarding stops working.

To solve I have to either reboot the box, or go to the control panel
and create or delete some port, doesn't matter which, and
if i create or delete, just any change make it works again.

is there any solution for this?,can anyone please tell me which script
reload the entire port forwarding and which is for the adsl reconnect?
so I can maybe add it at the end of the adsl script so it will
reload the port forwarding (as if I make a change in the port
forwarding panel?).

or perhaps someone has a better solution

thanks a lot
Lightman

[gordonr]

I have port forwarding for several ports, if for some reason
the ADSL went down, and reconnect, the port forwarding stops working.

If you have a static IP, this is a bug. If you have a dynamic IP and you are running something less than 7.0beta, this is a limitation of the port-forwarding implementation.

In either case, please raise it in the bug tracker.

As a workaround, run "/sbin/e-smith/signal-event remoteaccess-update", but please raise it in the bug tracker so we can work out what's happening.

Thanks,

Gordon

[lightman]

Hi gordonr

thanks for reply

I'm with dynamic IP address, an using versions 5, 5.5 and 5.6 all have the same issue

I have no problem posting in the bug tracker, I didn't do it because I'm using an older version and perhaps the more newer versions of sme server doesn't have this issue.

you think that I should do it anyway? (post in the bug tracker?)

thanks again
lightman

[gordonr]

Hi gordonr

thanks for reply

I'm with dynamic IP address, an using versions 5, 5.5 and 5.6 all have the same issue

Nobody should be using any release before 6.0 - they have known, exploitable security issues. Upgrade to at least 6.0 and apply all updates.

Port forwarding will not work after an IP change on anything less than 7.0alpha. The port forwarding rules prior to that were written using the external IP address when the rule was created, and so when that changed, the rules were wrong.

In 7.0alpha I changed that to auto-generate the rules based on the current external IP address.

you think that I should do it anyway? (post in the bug tracker?)

thanks again
lightman

I'd suggest moving to 7.0beta. Someone could patch the change back to 6.x, but I think we should move on.

[gbaird]

DO NOT move to sme 7 beta

This is NOT a final release betas are for testing only!

I have been running Sme 6.5 rc1 and it is just an upgraded Sme 6.01 for some time and no problems It is a ---STABLE RELEASE--- just no longer in production as they have moved to version 7 based on CentOS

RC is greater than BETA in any system

Sme 7beta has problems after you correct the YUM config files it will download 156 megs of updates THAT IS NOT GOOD

For a production server use a stable release of whatever system you choose

gordonr thinks Sme 7 is perfect!

[lightman]

Hi, thanks to both for reply

gordonr you are right about using an older version
but I have disabled the "dangerous" features that
have known security bugs for now.

I didn't upgrade because lack of time and because
SME6 is painfully SLOW compared to SME 5.6, but
I'm planning to doit in the future.

as gbaird said, I'm not very happy with a beta version
for production usage, but I'm going to test it at home first  

I have another server made by me (smaller one, fewer features)
 and the way I solve the IP change - port forwarding problem, was
using the cron, with a script every 2 minutes test the external IP
if it is different than the last time, it reloads the
iptables
rules, I know it's a nasty idea but it solved my problem ,
 however in SME, I don't know what
script load the entire current rules (including the
port forwarding ones) that's why I didn't doit here yet.

anyway if SME7 has this feature built in... I better
start trying, and wait for the final release to
update all of my other servers

thanks a lot
lightman

[mrjhb3]

Hi, thanks to both for reply

anyway if SME7 has this feature built in... I better
start trying, and wait for the final release to
update all of my other servers

thanks a lot
lightman

Watch what gbaird is saying.  He has a personal vendeta going on with Gordon and a lot of other contribs.org users/members.  6.5 has NOT been abandoned, it is still being worked on in conjunction with 7.0, just not as fast as all of the main developers are working on 7.0.  If you look at the bug tracker, you will see that the maintenance team is making some progress with the reported 6.5 bugs and trying to get out the latest RH7.3 legacy RPM's that SME utilizes.  I hope to see an RC2 come out soon after the elections are over.  

As far as the amount of files downloaded via yum after the b5 install, this was communicated to all that the ISO was running behind the development efforts.  I would suspect after B6 is released, you won't have as much to download, but will probably have files that need to be downloaded as the development doesn't stop just because of another beta release.

If you upgrade to 6.5, and the port-forwarding doesn't work, then please file a bug and maybe we will be able to back-port with work gordon did to fix this in 7.0.  Just make sure to include thet this event needs to be run currently to fix your issue: "/sbin/e-smith/signal-event remoteaccess-update"  That should give someone a head-start on where to look and compare with the 7.0 code.

I am using 6.5 and have been quite happy with it.

My .02 cents worth,

JB

[gordonr]

gordonr you are right about using an older version
but I have disabled the "dangerous" features that
have known security bugs for now.

I'm not at all sure how you disable the kernel

[lightman]

Hello mrjhb3 and gordonr

Thanks for reply.

I think that I'm going to test 6.5rc1 for the time being
and use my nasty 'cron' method with a script to find out
if the ip really changed and in that case execute the:
/sbin/e-smith/signal-event remoteaccess-update command  

I didn't know that there where vulnerabilities in the kernel
too oopss.... I should start replacing my servers ASAP .

my main concern (besides security) is how heavy is the
distribution is, that's why I decide so far not to upgrade but if there is severe
 security issues in the kernel i have no other choice but to upgrade.

one question: Is there a place where I can look for the current vulnerabilities for every SME version?
so I can decide based in my current implementation if it is an issue or not?.

thanks again for taking the time, it was very helpful.

c-u
lightman