Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Bruce McNamara on September 02, 2000, 12:40:27 PM
-
Well after a bit of playing around with port forwarding I've finally sorted things out.
And think my solution could help others in a similar pickle.
I did the following and don't profess to be an expert but it seems to work,
any correction to this technique would be welcomed.
I have a E-Smith V4 server with one fixed external IP address.
I needed others to be able to access their pop mail accounts on a server
behind the E-Smith box (not the ESmith Mail Server).
To do this I needed to port forward port 110 to the mail server.
First off I installed the IPMASQADM application.
I downloaded and used ipmasqadm-0.4.2-3.i386.rpm
Then installed it by going:
rpm -i ipmasqadm-0.4.2-3.i386.rpm
then I set the port forwarding to happen on startup,
assuming the following:
External Firewall IP (Fixed) = 202.14.102.7
Internal Mail Server IP = 192.168.1.9
Port to forward = 110 (POP)
I added to the following template file:
/etc/e-smith/templates/etc/rc.d/init.d/masq/template-begin
##### IPMASQADM Starts
# Flush portfw rules
/usr/sbin/ipmasqadm portfw -f
# Forward Port 110 (POP) to the inhouse server IP
/usr/sbin/ipmasqadm portfw -a -P tcp -L 202.14.102.7 110 -R 192.168.1.9 110
##### IPMASQADM Ends
You need to run the following to apply the template:
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
then reboot the server to activate changes
Hope this is of help to someone out there.
Bruce
-
Actually, you don't need to reboot the server--just run "service masq start" after the expand-template command.
-
Bruce McNamara wrote:
> Well after a bit of playing around with port forwarding I've
> finally sorted things out. And think my solution could help
> others in a similar pickle.
>
I sure need all the help i can get on this subject :)
>
> First off I installed the IPMASQADM application.
>
> I downloaded and used ipmasqadm-0.4.2-3.i386.rpm
>
> Then installed it by going:
>
> rpm -i ipmasqadm-0.4.2-3.i386.rpm
I have downloaded the file , but i just cant figure out how to transfer it to the E-Smith. That is i can FTP it to the E-Smith but i cant find it on the E-Smith system.
A step by step guide on how to do this would realy help me a lot.
I have a windows 2000 and a winME client conected to the E-Smith system
> then I set the port forwarding to happen on startup, assuming
> the following:
>
> External Firewall IP (Fixed) = 202.14.102.7 Internal Mail
> Server IP = 192.168.1.9 Port to forward = 110 (POP)
Will that also work whit port ranges ?
and whit UDP ports?
> I added to the following template file:
>
> /etc/e-smith/templates/etc/rc.d/init.d....
????? :) here I'm totaly lost
Regards
Jan
-
>I have downloaded the file , but i just cant figure out how to transfer it to the E->Smith. That is i can FTP it to the E-Smith but i cant find it on the E-Smith system.
this is a newbie way to do it, somebody else (guru) can surely suggest something quicker.
depends on where you ftp'ed it to. i use a similar method, i download the file using my w2k box, then ftp the file using my admin account, so i can put it into primary/files. then i telnet into root on e-smith. the file is then in /home/e-smith/files/primary/files
once you get to the diretory containing the file you can rpm or untar or ungzip or edit or whatever you need to do with the file
-
Kevin Lim wrote:
> >I have downloaded the file , but i just cant figure out how
> to transfer it to the E->Smith. That is i can FTP it to the
> E-Smith but i cant find it on the E-Smith system.
>
> this is a newbie way to do it, somebody else (guru) can surely
> suggest something quicker. depends on where you ftp'ed it to.
> i use a similar method, i download the file using my w2k box,
> then ftp the file using my admin account, so i can put it into
> primary/files. then i telnet into root on e-smith. the file
> is then in /home/e-smith/files/primary/files once you get to
> the diretory containing the file you can rpm or untar or ungzip
> or edit or whatever you need to do with the file
And there it was :) many thanks, Kevin :)
Jan
-
I was going to make an rpm top set all this up but we may
be onto E-Smith V99 before I get it going.
There seeed to be a need by a number of us to get this working sooner.
Thanks for helping Jan
Bruce
-
Jan wrote:
> Bruce McNamara wrote:
>
> then I set the port forwarding to happen on startup, assuming
>> the following:
>>
>> External Firewall IP (Fixed) = 202.14.102.7 Internal Mail
>> Server IP = 192.168.1.9 Port to forward = 110 (POP)
> Will that also work whit port ranges ?
> and whit UDP ports?
I tried it for POP 110, SMTP 25, Imap 143, HTTP 80 & HTTPS 443
with sucess but haven't yet tried any others.
> I added to the following template file:
>
> /etc/e-smith/templates/etc/rc.d/init.d....
Add the lines I listed just before the line that has
echo "done"
Hope this is of help.
Bruce
-
Dan Brown wrote:
> Actually, you don't need to reboot the server--just run
> "service masq start" after the expand-template
> command.
Sorry I'm used to Micro$oft where just changing a comma somewhere needs a reboot!!
;-)
-
Bruce McNamara wrote:
> > Will that also work whit port ranges ? > and whit
> UDP ports?
>
> I tried it for POP 110, SMTP 25, Imap 143, HTTP 80 & HTTPS
> 443 with sucess but haven't yet tried any others.
>
> Bruce
Now I have installed ipmasqadm, and typed in the following in the root command promt (on telnet) :
ipmasqadm autofw -A -r tcp 28800 29000 -h 192.168.1.65
ipmasqadm autofw -A -r tcp 47624 47624 -h 192.168.1.65
ipmasqadm autofw -A -r tcp 2300 2400 -h 192.168.1.65
ipmasqadm autofw -A -r udp 2300 2400 -h 192.168.1.65
and it works great, so I guess it works for both tcp and udp ports :)
The ports above is for playing games on msn gaming zone
Now i just got to figure those templates out, so i dont have to type it in after each reboot.
On a diffrent note, I tested the security on 2 sites, http://grc.com and http://dslreports.com
I am not sure what to think of it , has anyone else tryed this?
heres some of the results :
Port State Protocol Commonly
110 open tcp pop-3
113 open tcp auth
143 open tcp imap2
21 open tcp ftp
23 open tcp telnet
25 filtered tcp smtp
3128 open tcp squid-http
389 open tcp ldap
515 open tcp printer
548 open tcp afpovertcp
80 open tcp http
I dont like the Telnet and printer ports is wide open.
Regards
Jan