Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: guest22 on September 19, 2007, 06:14:48 PM

Title: Default open firewall ports
Post by: guest22 on September 19, 2007, 06:14:48 PM

Hi all,

I've searched and looked, but cant seem to find it. Is there listing of all 'open' firewall ports available? (wiki, forums?) I've got a situation where there is another firewall in fron of SME Server and I have to indicate which ports have to be opened on this very strict firewall for normal SME gateway mode.

Thanks in advance and sorry if I missed this listing/command somewhere.
guest

Title: Re: Default open firewall ports
Post by: jahlewis on September 19, 2007, 10:03:32 PM

An external nmap scan of my SME 7.2 server with everything enabled is (222 is my ssh port):

PORT     STATE  SERVICE
22/tcp   closed ssh
25/tcp   open   smtp
80/tcp   open   http
113/tcp  open   auth
222/tcp  open   rsh-spx
443/tcp  open   https
465/tcp  open   smtps
993/tcp  open   imaps
995/tcp  open   pop3s
1723/tcp open   pptp

Title: Re: Default open firewall ports
Post by: guest22 on September 21, 2007, 10:39:30 PM

Thanks, that helped.

guest

Title: Re: Default open firewall ports
Post by: jfarschman on September 24, 2007, 11:06:13 PM

Hey,

  Is slapd not also open.  I just setup a firewall appliance to authenticate with the SME via LDAP and it appeared to work.

Code: [Select]

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      3875/slapd

Title: Re: Default open firewall ports
Post by: jahlewis on September 25, 2007, 02:53:18 AM

These ports are on the external/public interface.  Do you want a list of the open ports on the inside/private interface?

Title: Re: Default open firewall ports
Post by: jfarschman on September 25, 2007, 04:25:31 PM

My bad  :lol:

Title: Re: Default open firewall ports
Post by: CharlieBrady on September 25, 2007, 04:31:11 PM

Quote from: jfarschman on September 24, 2007, 11:06:13 PM

Is slapd not also open.

Not on the public interface, unless you have configured it so - which I wouldn't recommend.

Quote

I just setup a firewall appliance to authenticate with the SME via LDAP and it appeared to work.

Very unlikely, since SME's LDAP contains no authentication information.

Title: Re: Default open firewall ports
Post by: jfarschman on September 25, 2007, 04:50:25 PM

Charlie,

  I do have this working. I can see it in the logfiles.  We have a system setup like this:

SME----Barracuda-----Internet

 1. Email comes in through the Barracuda Spamwall and is queued
 2. Barracuda queries the SME (either LDAP or SMTP for a 550 message) before screening for spam
 3. Appropriate email is forwarded to SME. Spam is quarantined or rejected outright.

Edb is working it too:
http://forums.contribs.org/index.php?topic=37844.0

Title: Re: Default open firewall ports
Post by: CharlieBrady on September 25, 2007, 06:09:48 PM

Quote from: jfarschman on September 25, 2007, 04:50:25 PM

2. Barracuda queries the SME (either LDAP or SMTP for a 550 message) before screening for spam

It's querying usernames, not authenticating. It cannot authenticate users - trust me.