Topic: Firewall on SME server 5.6?

[Lars]

I have a problem with the firewall in SME server 5.6, i don't know where the rules are. Can someone help me finding them?

Thanks

Lars

MyAss.dk @ Denmark

[guestHH]

/etc/rc.d/init.d/masq

[Lars]

can you tell me how can i port forward some ports from the internet to the local network?

// Lars

[guestHH]

ftp://ftp.e-smith.org/pub/e-smith/contrib/CharlieBrady/RPMS/noarch/

look for port forwarding

[Lars]

Thanks dude

Do you know if i can forward to a MAC address?

[Bill Talcott]

I haven't seen the 5.6 version, but in the older versions you can only use it to enter a single port at a time to an IP. If you're worried about DHCP stuff, you can assign that MAC a static IP via the Hostnames and Addresses panel.

[Lars]

how does it have too look when my MAC address is 12-D7-A4-EA-22-C4
and I want to use 192.168.1.10 for the client

[ryan]

Quick question,

Are the firewall rules on 5.6 more, less, or equally secure as 5.1.2?

ryan

[Ray Mitchell]

Ryan
I don't profess to fully understand it all but I would say it is better than 5.1.2

See
http://www.e-smith.org/article.php3&mode=threaded&order=0

To quote
"The firewalling code has been upgraded to include stateful packet inspection.

Packet filter and masquerading changes
The firewalling code has been rewritten to use the Linux iptables interface, and enables connection tracking to allow stateful packet filtering.
All actions which modify firewalling rules now use a new interface which preserves all existing rules. Previous versions rebuilt and reloaded all rules when modifications were required.
Specific protocol modules have been loaded to handle masquerading of FTP, TFTP and PPTP protocols.
The masquerading of all capablities of the H.323, ICQ and RTSP protocols is not supported in this release. Supported customers who require these features should contact smesupport@mitel.com to determine their availability.
The pidentd software which provided responses to IDENT queries has been replaced by oidentd. oidentd has a flexible mechanism for specifying IDENT responses and includes support for identifying netfilter masqueraded connections.
The iptstate program has been added to the release to provide a detailed view of masqueraded connections. This software is currently only available to administrators logged onto the server."

Regards
Ray Mitchell

[Jeroen]

Wondering if IRC including DCC-chat DCC-sent are still possible?

[Treco]

Well, with xchat i can dcc-chat and dcc-send, but some my friends on the same lan cant do it with mirc, i can bet that they have their irc client bad configured. With xchat i dont have any prob.

[Jeroen]

Treco wrote:
>
> Well, with xchat i can dcc-chat and dcc-send, but some my
> friends on the same lan cant do it with mirc, i can bet that
> they have their irc client bad configured. With xchat i dont
> have any prob.

Thanks for the info.

Jeroen

[ryan]

At home, I can't dcc with mirc through 5.1.2.  I use Virc and it works fine.

[ryan]

Virc is very similar to mirc and runs on windows.ryan wrote:
>
> At home, I can't dcc with mirc through 5.1.2.  I use Virc and
> it works fine.

[jeroen]

ryan wrote:
>
> Virc is very similar to mirc and runs on windows.ryan wrote:
> >
> > At home, I can't dcc with mirc through 5.1.2.  I use Virc and
> > it works fine.

I use mirc with 5.1.2 now, dcc works fine for me. Did you make sure that you -ONLY- connect to the server on port 6667?

Jeroen