Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Skydiver on August 31, 2005, 08:33:01 AM

Title: iptables service SME 7.0 beta 2
Post by: Skydiver on August 31, 2005, 08:33:01 AM

Hi im testing the SME 7.0 beta 2

im trying to test some firewall items

normally im shore with iptables you just use the command:

service iptables stop/start etc...

does anyone know if this has changed in the new release?

Title: Re: iptables service SME 7.0 beta 2
Post by: CharlieBrady on August 31, 2005, 06:11:13 PM

Quote from: "Skydiver"

Hi im testing the SME 7.0 beta 2

im trying to test some firewall items

normally im shore with iptables you just use the command:

service iptables stop/start etc...

does anyone know if this has changed in the new release?

The firewall service is called "masq", as it always has in SME. The use of the "service" command has always been deprecated in SME. Use the /etc/rc7.d/ symlink instead, e.g.

/etc/rc7.d/S*masq start

Title: Re: iptables service SME 7.0 beta 2
Post by: Skydiver on August 31, 2005, 10:00:24 PM

Thanks CharlieBrady

I must have been thinking about 6.5.

I am looking at the server-manager and i note the port forwarding menu item. My tests show that this works in server/gateway mode.

Is there the ability to open ports from the server manager?

Title: firewall rules
Post by: Skydiver on August 31, 2005, 10:59:59 PM

Ok found posts relating to the firewall.

Seems no easy way to update the rules.

Should i be editing the masq file and add them there or would placing the rules in :  /etc/rc.d/rc.local
work the same way.

Title: Re: iptables service SME 7.0 beta 2
Post by: CharlieBrady on August 31, 2005, 11:32:47 PM

Quote from: "Skydiver"

I must have been thinking about 6.5.

No, that's no different.

Quote

Is there the ability to open ports from the server manager?

This has been answered here many times. There is a contrib panel available, but it doesn't work for many, because they do not understand why they are trying to open ports. Ports only need to be opened if you have added a service to the server itself. Those services should be configured by their own e-smith-blah package, and that package will provide a template fragment for the masq script which opens any ports which need to be opened, for a public service.

In 7.0, all you need to do to open a port is to create a service db record:

config set blah status enabled access public TCPPort nnn

then:

expand-template /etc/rc.d/init.d/masq
/etc/rc.d/init.d/masq adjust

Voila!

Title: Firewall 7.0
Post by: Skydiver on September 01, 2005, 12:06:29 AM

Thanks for clearing that all up for me.


I will use the information you provided and complete some testing..

 
I have tested password access to ibays both from the internet and local networks.

Many of the server manager features in the default install have now been tested and no errors noted yet.