Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: delineate on March 02, 2006, 07:08:18 AM

Title: Firewall Ports you need to open in server-only mode
Post by: delineate on March 02, 2006, 07:08:18 AM

This is just a note for those who have their sme7.0 behind a firewall.
It's a good idea to allow SME access out on port 2703 if you are running with spam filtering enabled. It's needed by the razor spam engine. Another good one is 53 for spamd reverse black list DNS lookups, even if your firewall runs DNS cache as well.
Any other obscure ports out there we should know about?
Cheers!

Title: Firewall Ports you need to open in server-only mode
Post by: kruhm on March 04, 2006, 01:54:57 PM

you must have a high-grade firewall as most firewalls dont block outgoing traffic.

you might want to add port port 7 (echo)as Razor2 uses TCP pings to discover what servers are closest to it (from knuddi's faq).

Title: Firewall Ports you need to open in server-only mode
Post by: delineate on March 04, 2006, 05:57:42 PM

Thanks.
I have it set up for a grade school. Am using a custom OpenBSD firewall w/ a dansguardian content filter. So yeah, I have *everything* blocked except what is specifically allowed. Makes Windowsupdate kind of a PITA  :oops:
I've noticed ClamAV updates are getting blocked - have to look into that one yet.

Title: Firewall Ports you need to open in server-only mode
Post by: kruhm on March 04, 2006, 07:11:47 PM

#probably the DG. check the logs at:

cat /var/log/dansguardian/access.log

#it will tell you what site/content being blocked.
#then add the site to the /etc/dansguardian/exceptionsitelist