Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: smnirosh on March 18, 2020, 07:59:37 PM

Title: Opening a port without specifica service
Post by: smnirosh on March 18, 2020, 07:59:37 PM

Hello friends, I just posted a problem I had one day ago about licensing server.
I have read the https://wiki.contribs.org/Firewall#Custom_templates topic and found there is the method only to close the port. To open the port what changes i have to amend and how to open the port without specifying a service associated it? Thanks

Title: Re: Opening a port without specifica service
Post by: janet on March 19, 2020, 03:24:07 AM

smnirosh

You do not give specifics & details about what you are trying to achieve, so the best advice to give is unknown.

Take a look at the Port Forwarding panel, & use localhost as the destination, leave Allow Hosts blank

Quoting the panel text:
"Configure Port Forwarding
You can use this panel to modify your firewall rules so as to open a specific port on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.
WARNING: Misuse of this feature can seriously compromise the security of your network. Do not use this feature lightly, or without fully understanding the implications of your actions.

Configure Port Forwarding
Select the protocol, the port you wish to forward, the destination host, and the port on the destination host that you wish to forward to. If you wish to specify a port range, enter the lower and upper boundaries separated by a hyphen. The destination port may be left blank, which will instruct the firewall to leave the source port unaltered."


Alternatively right at the start of that Firewall article is this link:
https://wiki.contribs.org/Firewall#Additional_information_on_customizing_iptables

Note this comment:
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.

Title: Re: Opening a port without specifica service
Post by: smnirosh on March 21, 2020, 12:34:48 PM

Thanks very much janet for your commenting upon my question. I used webgui to configure it easily.

Title: Re: Opening a port without specifica service
Post by: ReetP on March 21, 2020, 03:27:05 PM

The masq templates already automatically look for any service that is enabled and public and will open a port.

If you JUST want to open a port to THIS server you can add a dummy service.

For instance you are running some local software with a virtual host on port 1243

Code: [Select]

config set myservice service TCPPort 1234 access public status enabled

Code: [Select]

signal-event remoteaccess-update
That will add a rule in the firewall to open that port to a local service.

You can add items like AllowHost and DenyHosts as well if required.

(that should be correct if I remember rightly)