Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: tobre6 on March 23, 2005, 12:07:51 AM
-
Hello!
I would like to administrate my computer that is behind SME 6.5 firewall over the Internet. I am using Remote Administrator (www.radmin.com) and it uses port 4899 but I have to open it in SME box and then forward to another computer. Forwarding is no problem, but opening. Is there any rpm for that? I used Google, but I didn't found almost anything.
Thanks!
-
Forwarding is no problem, but opening. Is there any rpm for that? I used Google, but I didn't found almost anything.
I search here would tell you there's no point in opening ports on the SME server. You just need to port forward. There's a panel for doing that.
-
I search here would tell you there's no point in opening ports on the SME server. You just need to port forward. There's a panel for doing that.
Hmm, yes I have forwarded TCP port 4899 but if I scan server with some kind of port scanner it tells me that port 4899 is not opened. Wierd. :-?
Any suggestions[/quote]
-
Hmm, yes I have forwarded TCP port 4899 but if I scan server with some kind of port scanner it tells me that port 4899 is not opened. Wierd. :-?
Any suggestions
Hi tobre6,
When you are scanning for ports that have been port forwarded to another computer, you need to have that program on that computer that the port has been forwarded to, so the port shows as openned when you run a port scan. Otherwise it will show as closed.
HTH
-
When you are scanning for ports that have been port forwarded to another computer, you need to have that program on that computer that the port has been forwarded to, so the port shows as openned when you run a port scan.
You also need to scan from the Internet side, not the LAN side.
-
You also need to scan from the Internet side, not the LAN side.
Thanks Charlie, i forgot to add that in my reply. :oops:
-
You also need to scan from the Internet side, not the LAN side.
Thanks Charlie, i forgot to add that in my reply. :oops:
Thank you all! Now it is working like I expected. ;) I scanned from the LAN side and therefore thought that it doesn't work.:=)
Thanks!
-
While I hate to disagree with Charlie there are some occasions when opening an additional port on SME in server & gateway mode is a requirement rather than simply a port forward. For example we run a lot of Domino installs on SME and require 1352 open. The following contrib (search for it) will add a panel to do the job
sme-6.0-masq-manager-0.1-2.noarch.rpm
-
SME 6.5
I added the rpm and used the sme manager to open the port i required but it still shows port as closed from the internet.
I rebooted the sme box and note masq disabled
I figure this is because the server is in server only mode with one nic.
I then used:
/sbin/e-smith/db configuration setprop masq status enabled
/sbin/e-smith/signal-event console-save
/sbin/reboot
masq still says disabled and port is closed.
do i need to change something in squid
-
Skydiver
What you're doing doesn't make sense to me.
In server only mode it implies there is a seperate firewall (another sme gateway mode server or hardware firewall etc) and you should be opening ports there, rather than on your sme server only box.
I think you need to open & forward that port from your firewall to your sme server.
-
While I hate to disagree with Charlie there are some occasions when opening an additional port on SME in server & gateway mode is a requirement rather than simply a port forward.
I gave only the short form of my Frequently Given Answer here (as that was all that was relevant). The full answer says there's not point in opening ports unless you have installed additional software on the server which is listening to those ports.
Domino, in your case, fits that condition. You can open the port or ports that domino needs by a simple custom template. If you happened to build an smeserver-domino RPM to set up domino so it runs nicely in an SME server, then that RPM would contain the necessary code to open the port.
-
sorry for my poor english
I used http://sme.swerts-knudsen.dk/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm
in sme 6.5rc1
for the installation of openvpn follow howto of knudsen (for open port 1194 UDP port)
and well test are ok.
-
Skydiver
What you're doing doesn't make sense to me.
In server only mode it implies there is a seperate firewall (another sme gateway mode server or hardware firewall etc) and you should be opening ports there, rather than on your sme server only box.
I think you need to open & forward that port from your firewall to your sme server.
Thanks for your reply. I have a router that opens and port forwards ports to my SME box's and it works fine with the opened service ports 80,110,25,21.
I am running some applications that listen on different ports and i need to open those ports for connection from the forwarded ports otherwise the ports are seen as stealth mode.
Cheers
-
Anyone know how to open ports on sme 7.0 alpha5 in server only mode?
-
Skydiver
There are a few suggestions posted in this thread:
Check if these run on sme7a5
http://sme.swerts-knudsen.dk/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm
sme-6.0-masq-manager-0.1-2.noarch.rpm
or as Charlie suggests (amended slightly)
You can open the port or ports that your application needs by a simple custom template. If you happened to build an smeserver-application RPM to set up the application so it runs nicely in an SME server, then that RPM would contain the necessary code to open the port.
You could enable & disable applications & services that use specific known ports, and then examine the before & after changes in config files, and then determine how to do it for different ports.
-
Skydiver
There are a few suggestions posted in this thread:
Check if these run on sme7a5
http://sme.swerts-knudsen.dk/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm
sme-6.0-masq-manager-0.1-2.noarch.rpm
This did not work on the SME 7.0 Alpha3 .. it adds the manager stuff but errors on create rule. a refresh shows the port is enabled but the port is actually closed. Removed RPM looking for next option.
or as Charlie suggests (amended slightly)
You can open the port or ports that your application needs by a simple custom template. If you happened to build an smeserver-application RPM to set up the application so it runs nicely in an SME server, then that RPM would contain the necessary code to open the port.
This is i guess going to be the best option for myself only issue is i have no idea how to create the custom template i am trying though.
You could enable & disable applications & services that use specific known ports, and then examine the before & after changes in config files, and then determine how to do it for different ports.
I have found the services file and viewed it. I wonder if i can just add the port details in the general section of that file? 10standard
-
Hi guys,
I hope i'm not sticking my neck out here but i've have found SME a solid firwall on it's own merit, so what's the use with all these hardware firwalls? They only complicate things. If anyone feels more secure beacause they have a hardware firewall forget it beacause at the end of the day including cisco firwalls there are all dedicated pc's running under some form of unix or linux to control access and believe me not much better than SME. You have all forgotten the ethos of SME Keep IT Simple!!!!
regards
Jack
:pint: ps i'm so brave I just came back from the pub!
-
Hi guys,
I hope i'm not sticking my neck out here but i've have found SME a solid firwall on it's own merit, so what's the use with all these hardware firwalls? They only complicate things. If anyone feels more secure beacause they have a hardware firewall forget it beacause at the end of the day including cisco firwalls there are all dedicated pc's running under some form of unix or linux to control access and believe me not much better than SME. You have all forgotten the ethos of SME Keep IT Simple!!!!
regards
Jack
:pint: ps i'm so brave I just came back from the pub!
Can you help me solve this with something simple please do. Thanks for your comments simple is good
-
I think the real question is, "yet again" probably aimed at Charlie, or someone else with the knowledge:
How does one create the custom template to achieve opening of a port and what are the contents of the custom template fragment ?
Please, of course.
-
Please please please
Charlie can you please help me with this issue.
wow thats almost a beg. lol
No really i think a result for this will help everyone.