Topic: How do I open specific ports in the firewall?

[F22-Raptor]

So how does one open a particular port in the firewall?
I've read the Firewall FAQ, searched the forum and I still don't have a clue how this is done.

I need to open a port on my server for incoming email (don't ask why, the ISP is blocking ports) and between the right iptables commands and templates-custom I'm totally lost.

So far I've got:
iptables -I INPUT -p tcp --dport 5505 -j ACCEPT

Is this correct, if so how do I make it permanent? maybe there is somebody out there who can explain the logic behind templates, how they work and what to keep in mind when making changes.

Thank you in advance for your help and please, don't reply if you don't have anything positive to add to the post, things like use Google or the forum won't help anyone, like I mentioned above, I've looked a the FAQs and did my home work. After hours of frustration I ended up posting here.

D.

[raem]

F22-Raptor

So how does one open a particular port in the firewall?

It is usually always better to state what you are trying to achieve finally, rather than ask how to do something that you believe is what you need to do in order to achieve your overall aim.

I've read the Firewall FAQ, searched the forum and I still don't have a clue how this is done.
I need to open a port on my server for incoming email...

Based on those statements you also need to read the various Howtos and Contribs articles as many other issues are covered there.
http://wiki.contribs.org/Category:Howto
http://wiki.contribs.org/Category:Contrib

...and specifically if you had read the Howto's then you would have seen:
http://wiki.contribs.org/PortRedirect


You don't need to use seperate iptables commands as the server manager port fowarding (& opening) panel will do what you need, when used/configured appropriately.

[mmccarn]

There are two ways to open a custom port in SME:

1. You want to open a new port in order to access an existing service, either on your SME or on an internal host:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Port_forwarding

2. You have installed custom software on your SME that uses port "nnn", and now you want people to actually be able to use it:
http://wiki.contribs.org/Firewall#DB_Settings

[F22-Raptor]

Thanks guys, I finally figured out how to do it, see below for an brief description.

Here's what I needed to do, I use a mail hope service which redirects mail for my domain to port nnn and I need to open port nnn on my SME.

I've configured the port forward to something like:
Protocol: TCP
Source port: nnn
Destination Host IP Address: localhost
Destination port(s): nnn

So far everthing is OK.

Do you see any problems with my setup, is it OK to use localhost as a parameter?

Thanks.

D.

[mmccarn]

That's the approved method - redirect port xxxx to localhost port 25 (for inbound SMTP)

[besterl]

Hi Guys - I am glad to see F22-Raptor got sorted.

I have a slight variation on his problem.

I used to run 6.01.01 Custom and in there I had both the port forwarding as well as port opening available.

I opened port 9001 as various PC's used a custom app that needed port 9001 to be open.

Since installing 7.2 these guys were not able to work.

In 7.2 the port forwarding is available but not the port opening.

Since a couple of PC's need the same port to be open - I cannot summarily forward port 9001 to a specific IP on the inside....

Thus my problem - Is there a way of opening a specific port?

Thanks

[raem]

besterl

In 7.2 the port forwarding is available but not the port opening.

In sme7.x it IS a port forwarding and opening panel.

Did you even bother to read the words on the panel ?
"You can use this panel to modify your firewall rules so as to open a specific port on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN."

Since a couple of PC's need the same port to be open - I cannot summarily forward port 9001 to a specific IP on the inside....

You cannot forward the same port to more than one PC, it is not possible.
Use a different port for the second PC.

If this is of use, the Firewall FAQ has details about enabling services.
http://wiki.contribs.org/Firewall

[F22-Raptor]

Try this:
Protocol: TCP
Source port: 9001
Destination Host IP Address: localhost
Destination port(s): 9001

In regards to the wording on the port forwarding panel:
"You can use this panel to modify your firewall rules so as to open a specific port on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.", the only interpretation I see there is that you can open a port to FORWARD it to ANOTHER host.
I had the same problem trying to understand how to simply just open a port in the firewall without having to forward it to another host.
After experimenting with the setting as shown above I got it to work, the only difference is that in my case the destination port was needed on the SME machine.

Try it and post back here to let us know how it turned out.

I hope this helps.

D.

[yersin]

Hi everybody.

And how do I block certain ports only for certain hours?

Thanks
(I'm a newbie)

[raem]

yersin

Generally speaking, you could create cron jobs that will run at the changeover times, and these cron jobs will reconfigure port access (as required) using standard sme commands and/or iptables commands.

[yersin]

yersin

Generally speaking, you could create cron jobs that will run at the changeover times, and these cron jobs will reconfigure port access (as required) using standard sme commands and/or iptables commands.

Thank you, Ray.
And how do I create cron jobs? Can't it be done using squid?

(I'm a newbie)