LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-15-2005, 10:07 AM   #1
ziphem
Member
 
Registered: Feb 2004
Location: US / EU
Distribution: Fedora 20
Posts: 129

Rep: Reputation: 18
Openning ports - 587


I am running a Virtual Server, and I needed to have port 587 open and accepting SMTP connections, because my new ISP will block port 25.

I wasn't sure how to go about this, so I edited /etc/services. My port 465 was accepting mail connections, so in this list, I simply changed that number from 465 to 587. 587 was on the list already of course, but wasn't accepting connections from the outside. So I now have three port 587s in the list.

I wanted to know if this is kosher - are there any problems that could arise from me having done this? I wasn't sure how else to go about getting port 587 working. Any info is greatly apprecaited!!

Thanks!!
 
Old 07-15-2005, 12:30 PM   #2
Solvaut
LQ Newbie
 
Registered: Jul 2005
Posts: 15

Rep: Reputation: 0
if you get this problem fixed please pm me on how you open it up i have a similar problem i want to open a port on my server 12220
 
Old 07-15-2005, 01:23 PM   #3
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Changing /etc/services doesn't open or close a port. You should change it back the way it was.

To open a port, you must start a service that listens on that port. You can check to see what's listening on what port by executing

Code:
# netstat --proto=inet -pnl
To unblock a port, you must modify iptables (firewall) rules. There are two ways to do it.

(1) In FC4, the relevant file is /etc/sysconfig/iptables. If you want to make port 587 available to the planet, add the following line to that file.

Code:
-A INPUT -p tcp --dport 587 -j ACCEPT
After saving the file, execute

Code:
# service iptables restart
*** OR ***

(2) Use the security level gui tool under Desktop->System Tools. (I think that's the submenu name. I'm not sitting in front of my FC4 machine at the moment.) You can add individual ports in the bottom window of the Firewall tab.
 
Old 07-15-2005, 05:20 PM   #4
ziphem
Member
 
Registered: Feb 2004
Location: US / EU
Distribution: Fedora 20
Posts: 129

Original Poster
Rep: Reputation: 18
Hi, thanks for the info! Why is it not a good idea to just modify the etc/services, it worked? I also see the port open. When I change services back, the port is no longer there.

As for the iptables, all I see is iptables-config, and that's it.

What I did do first was to change the port I changed from 465 to 587 back to 465. Then I did:

cd /etc/xinetd.d
cp smtp_psa smtp_additional
vim smtp_additional
and changed the first line to "service submission"
and then restarted xinetd

After, I did

netstat --proto=inet -pnl

and lo and behond, the port is open and seems to be accepting connections (of course I can't fully check to see if it the emails go out, since my server passes everything through the SBL & XBL, and my dynamic IP address that's currently assigned to me by my ISP is listed in there, so my server won't accept my email!)

Thanks a lot for your tips and info on the IP tables and Netstat command, I really appreciate it!!
 
Old 07-15-2005, 08:56 PM   #5
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
The services file is the canonical mapping between services and their IANA-assigned port numbers and protocol types. It's not advisable to modify it, especially ports below 1024, unless you absolutely have to, because it may cause certain services to fail that rely upon the IANA mapping. The 'services' manpage provides details. If it works for you though, then hey, it's okay, but it's a somewhat unorthodox way to go about it and it may (emphasis on "may") cause you problems in the future if you run a service that needs the port you've assigned to something else.

I'm not sure what distribution you're running, but if all you see in /etc/sysconfig is iptables-config, your firewall may not be active. But again, my familiarity lies with Redhat and Fedora, not other distros, and those other distros may squirrel the iptables rules file somewhere else. Irrespective of the distro, to examine the current iptables configuration, run

Code:
# /sbin/iptables -L
If your firewall is turned off, you'll see something like this:

Code:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
I'm not familiar with the virtual server you're running either, or the mail agent you're working with, so I'll bow out and let someone else more knowledgeable in those areas offer assistance.
 
Old 07-16-2005, 12:37 PM   #6
ziphem
Member
 
Registered: Feb 2004
Location: US / EU
Distribution: Fedora 20
Posts: 129

Original Poster
Rep: Reputation: 18
Hi, thanks for responding to my posts. Eek, I realized that maybe I don't have the IP tables setup, I thought it came fully operating when I got my server.

Since this is a BASH login to my server, can you recommend any easy-to-use text-based programs that I can use to configure IP Tables?

Thanks a ton!
 
Old 07-16-2005, 01:54 PM   #7
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
First, run the following command and post the results here.

uname -a
 
Old 07-16-2005, 04:25 PM   #8
ziphem
Member
 
Registered: Feb 2004
Location: US / EU
Distribution: Fedora 20
Posts: 129

Original Poster
Rep: Reputation: 18
Linux localhost.localdomain 2.4.20-021stab022.1.777 #1 Sat Jun 26 17:05:57 MSD 2004 i686 i686 i386 GNU/Linux
 
Old 07-16-2005, 05:00 PM   #9
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
I can't tell from your uname string what distribution you're running. Do you know?

Is there an "iptables" script in /etc/rc.d/init.d?

Is this machine being used as NAT router? Execute

Code:
# cat /proc/sys/net/ipv4/ip_forward
If it returns 0, it's not forwarding packets. If it returns 1, it is, and you can't use the simple firewall rules below.

If your machine isn't forwarding packets, here's a simple iptables firewall script from http://electron.mit.edu/~gsteele/firewall/ . Save it to a file and modify or add to the "dport" options below to unblock the ports you want access to.

Code:
#!/bin/bash

set -x

# Load needed kernel modules

modprobe ip_conntrack
modprobe ip_conntrack_ftp

# Clear any existing firewall stuff before we start

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

# As the default policies, drop all incoming traffic but allow all
# outgoing traffic.  This will allow us to make outgoing connections
# from any port, but will only allow incoming connections on the ports
# specified below.

iptables --policy INPUT DROP
iptables --policy OUTPUT ACCEPT

# Allow all incoming traffic if it is coming from the local loopback device

iptables -A INPUT -i lo -j ACCEPT

# Related and established connections: see
#  http://www.sns.ias.edu/~jns/security...conntrack.html
#
# Accept all incoming traffic associated with an established
# connection, or a "related" connection
#
# This will automatically handle incoming UDP traffic associated with
# DNS queries, as well as PASSIVE mode FTP (provided the
# ip_conntrack_ftp module is loaded)

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow connections on selected ports to the firewalled computer:
#   22 ssh
#   80 web
#   25 smtp (mail)

iptables -A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 25 -m state --state NEW -j ACCEPT

# Allow icmp input so that people can ping us

iptables -A INPUT -p icmp -j ACCEPT

# Logging: first, eliminate any packets that are going to broadcast
# addresses, since they will overwhelm the log files if there are any
# windows computers on our network. Also, don't log pesky multicast
# packets that we block.

iptables -A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
iptables -A INPUT -d 224.0.0.1 -j DROP

# Log all other blocked packets, and change DROP to REJECT to be
# polite and allow people connecting to a blocked port to receive a
# "connection refused" message instead of timing out after 30 seconds.

iptables -A INPUT -j LOG
iptables -A INPUT -j REJECT
Let me know the answers to the questions above before going much further.
 
Old 08-16-2005, 08:56 PM   #10
red_colt
LQ Newbie
 
Registered: Jun 2005
Distribution: Red Hat
Posts: 5

Rep: Reputation: 0
hello,

i have a similar problem with port 623 which is assign to asf-rmcp. my OS is RH AS 4. i'm sending ASF pings to it but it only returns ICMP code 10 (Destination unreachable ). the port is listed in the /etc/services file and i already configured iptables to accept all packets going to port 623. i havent tried nmap and nstat yet to check if there is a service listening. i'm assuming that the port is closed since its returning an ICMP (Destination unreachable) packet so how can i open the port? is there a specific command for it or should i reconfigure a file? tnx in advance.
 
Old 08-17-2005, 08:14 AM   #11
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Run the following command to see what services are listening for inet connections.

Code:
netstat --proto=inet -pnl
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openning a port...doesn't work?! vous Linux - Networking 10 04-09-2005 11:29 PM
openning ports zaicheke Slackware 4 01-16-2005 08:36 PM
Problem openning browser Wolvastur Linux - Newbie 1 01-07-2005 08:57 AM
Openning Port need Help jadid Linux - Networking 4 11-30-2004 11:42 PM
Switch SMTP port from 25 to 587 hardwired Linux - Networking 7 05-31-2004 08:48 AM


All times are GMT -5. The time now is 07:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration