Opening Internal Ports

ShockTherapy · 11-16-2003, 06:33 AM

How do I open Selective UDP ports on a Redhat 9 system.

I am trying to get MSN voice to work through a linux router, I have enabled upnp on it but it seems the internal UDP ports are not open so it can't get through.

I have edited the firewall script and my udp portscanner says that the Ports are open when scanning my external ip. but when I scan the internal network address they are shut.

any ideas?

Hangdog42 · 11-16-2003, 07:55 AM

It depends upon how you wrote the iptables rules. I'm assuming you've got two ethernet cards if you using this as a router and it would be VERY easy to write rules that open the appropriate ports on one interface, but not the other. So the upshot is that you'll have to post your rules in order for anyone to help.

comawhite · 11-16-2003, 09:10 AM

Just a thought: you also may want to forward the selected port instead of just opening it, it did the job for me :-)

ShockTherapy · 11-16-2003, 01:43 PM

The Linux box has one eth card that works the internal network, and an adsl connection set up on ppp0.

The current rules are thus:

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

#echo " Opening UDP port 5000 for msn"

echo -e "\nrc.firewall-2.4 v$FWVER done.\n"

I had some trial port opening code, but I deleted them completely in order to start from scratch.

Hangdog42 · 11-16-2003, 09:08 PM

Have you enabled forwarding? There probably should be a line like

echo "1" > /proc/sys/net/ipv4/ip_forward

in there.

ShockTherapy · 11-16-2003, 11:37 PM

Forwarding and Masquerading work fine. Its just getting those UDP's through it that are driving me crazy.

Hangdog42 · 11-17-2003, 08:21 AM

You've got a line commented out that pretty much allows all forwarding between exinf and intif. Does it work when you do that rather than the state matching? (Yes, I know its a bad idea to allow all trafic like that, but it may give a clue as to what's wrong)

The other thing is that you are logging.....Do your logs show anything interesting?

I'll admit to a bit of confusion here. This really isn't a restrictive firewall.