Topic: Linksys Cable/DSL router Issue with SME 5

[Dave Wilson]

Hey there.  I recently had my server hacked into where they changed all my passwords on me.  It was recommended that I buy the Linksys Cable/DSL router to enhance my security.

So far everything seems to be going good except that I am unable to access my e-mail.  I've tried forwarding various ports in different ways but nothing seem to be working.

Now, I did a search here for information on proper forwarding and I find that people aren't even using the Linksys they own or have simply sold the thing.  So what am I doing wrong?  How can I be secure and still have a ll my services running off the SME box?

My current setup is this;

Wall -> Linksys
Linksys -> SME 5 box and to WinXP Box

Linksys is forwarding,
1 - 24
26 - 130
to my SME box.

My SME and Win XP are both on the internal network and I have verified that the server is retreiving e-mail but my XP box or any systems on the internet are not able to find the server in order to retrieve e-mail.  All other services work fine (FTP, HTTP).

What have I done wrong?  Thanks.

[Dan Brown]

If your server were truly hacked, I'm sure security@e-smith.com would _really_ like to know about it, especially if you still have system logs from around that time.

A Linksys router won't really enhance your security if you're still trying to provide all the services from the SME system to the outside world; as it was (presumably) through one of them that your attacker got in.

As to your question, why aren't you forwarding port 25?  That's needed for you to be able to receive e-mail from the outside?

[Dave Wilson]

Well, I've completely reformatted and re-installed the server since I couldn't even log in through root...so, even if I had the logs I wouldn't have been able to get to them to pass along.  However, now that you mention it, where are they kept and are they active by default?

As for the forwarding, that's how my forwarding is setup now.  I've just changed it, it was,

1 - 52
54 - 100
101 - 109
111 - 130

This was a recommended setup from Linksys but it didn't make sense to me.  Granted I'm extremely new to all of this but port 25 is for SMTP which is outgoing mail and 110 is POP3 which is incoming mail right?  So then I would want to forward 110 to my server but not 25.  Or am I backwards on this?  Either way, neither set up will work for me in getting my e-mail off the server and to my users.

So, again I ask, what is the best forwarding setup?  How can I make this work properly?  Thank you.

[Dan Brown]

Log files are generally stored in /var/log/.  The main system log file is /var/log/messages, but some systems like mail and the web server use separate log files (all in that directory).  By default, the system logs lots of stuff.

For future reference, you didn't need to format and reinstall, so long as you still had physical access to the box.  You could have rebooted in single-user mode, and changed the root password back to something usable (this has been discussed here before; a search should find more details).

IMO, as I said above, the Linksys router won't measurably improve your security by itself.  It especially won't help if you're forwarding everything to the SME machine.  Whoever attacked your machine almost certainly did so by accessing one of your open services, and you're continuing (or trying) to keep those open to the outside world.  So if, for example, they exploited a vulnerability in Apache (the web server), they'd still be able to exploit the same vulnerability, since they still have access to Apache.  If you don't want public access to your services, set the system up as a private server and gateway, and they'll be blocked.  Either way, the Linksys router is a waste of money in your application.

On the question of mail ports, it isn't quite as simple as you suggest.  Mail usually travels from server to server using SMTP, which uses port 25.  So, mail coming in to your server (in most cases) comes in on port 25, and outbound mail leaves on port 25.  That's the case if your system is the primary mail server for your domain.  If your system is set up to use fetchmail for all incoming mail, then the status of port 25 isn't relevant.

On your specific question about how to set up the Linksys router, I really don't have an answer--as I've said above, it's not really likely to do you any good.

[Dave Wilson]

Okay, but the SME box doesn't act as a firewall for itself does it?  And what is Port 110 for if not incoming e-mail?  I guess I'm really missing something here.  And why is it that while my XP box can get to my web pages it can't get to my e-mail which is on the same server?

I appreciate your help in this, I'm still quite new and I'm sure some of my questions must make you guys just shake your head.

[Dan Brown]

Yes, the SME box is its own firewall.  Port 110 is used by the POP protocol, which is often (but not always) how client machines receive e-mail.  No idea what's going on with your XP machine without a lot more information (configuration, error messages, etc).

[Ron]

Dave,

I'm confused why you need so many ports opened up for forwarding.  I have a linksys box for a firewall and unless you are using the email server on the SME the only port you should need to open is port 25 (smtp).  All other traffic that originates from the internal network will be cached and the return traffic allowed back in.  The more ports you open the weaker the firewall.

Ron

[Dave Wilson]

Ron, That's exactly why I want to know how to have forwarding setup.  I am using my SME box to do Web Hosting which includes E-mail services and FTP services and I may need to allow Telnet and other services in the future.  I realize that that makes for a very wide open network but it's gotta be done.  At least as far as I know.  Remember, I'm still quite new to this game.

Anyway, I hope that helps clarify some things.  I'm pretty sure that having only port 25 open will not work for me.  

As for error messages from my XP box, I have Outlook Express setup as if I were logging in to any normal mail server.  If I take the Linksys out of the picture it logs in just fine.  When I put the Linksys back it times out (the message that Outlook has waited 60 seconds with no response from the server comes up).

So, once again.  Any help is greatly appreciated.  Thank you.

[Ron]

Web - Port 80
FTP - Port 21
SMTP - Port 25
Telnet - Port 23  But wouldn't unless you have too.

These are the ports you have descriped.  I would only open the ports needed not ranges.  But again,  I don't know how you have everything connected.  Any outbound traffic by default will pass the linksys box.  The port forwarding should only be needed to traffic from WAN to LAN.

Ron

bigdog@homepc.dyndns.org

[Harvey]

Regarding your inability to communicate between the SME Server and your Windows XP box, what are the IP addresses and subnets of both the SME server and the XP box?

[Dave Wilson]

Harvey, they are what the Linksys dishes out by default...DHCP is from 100 up with 2 - 99 reserved for Static addresses of which my SME Server has one and my XP box has one on 192.168.1.???

How does that help?  From my XP Box I can do everything; FTP(although authentication is slow), HTTP, perform administration functions on the server, but I can't get a connection to the e-mail services.

It's getting quite frustrating but I'm hoping my battle will be over soon.  I'm about to give Ron's ports a try but I'm pretty sure that's not going to help me in what I'm trying to resolve.

[TekUnsupported]

My E-smith is sitting as 192.168.1.2 static on my LAN.  My Linksys is of course 192.168.1.1  E-smith is configured in "Server Only mode" with only 1 NIC inside.

Rest of my Boxes on the LAN are all configured via DHCP served from the Linksys (WinME @ 192.168.1.100, Win98 @ 192.168.1.101, Laptop @ 192.168.1.102)

The only port forwarding I have turned on with the Linksys on a PPPoE DSL connection....

Port 80 -> 192.168.1.2 (web)
Port 20 - 21 -> 192.168.1.2 (ftp)

Everything else works just fine.

[Dave Wilson]

Okay, I've setup my router to route only ports 21, 25, 80 and that doesn't fix my problem.  I've setup the ports to also forward port 110 and that doesn't work.  I've set my server to run in Server only mode with the two different settings and that doesn't work.

My XP box is 192.168.1.10, my server is 192.168.1.3 and at the moment the server is in Server only mode and my router is routing ports 21, 25, 80 and 110 to 192.168.1.3.   When I try to connect to the server using the IP address or a domain name using Outlook Express I get the following message;

"Your POP3 server has not responded in 60 seconds.  Would you like to wait another 60 seconds for your server to respond?"

What the hell am I doing wrong?  HTTP works, FTP works, Server-Manager works.

Thanks to anyone who can actually help.

[Dave Wilson]

Nothing works from my XP box now.  It's like my XP box doesn't see the server at all even though they're on the same network...This is really frustrating...

[Ron]

Dave,

If you are using the 4 port linksys dsl router and you have the SME and XP on ports 1-4 and they can't talk you have connectivity issues.  You should not need any ports opened on the linksys because the ports would be operating as a standard switch.  You can go in the linksys box and look at the mac addresses it sees.  Both the SME and XP machines should be there, if not you need to check cabling .  You should be able to ping  the two machines since they are on the same subnet check network mask most likely set for  255.255.255.0.  Also each machine should be able to ping itself.