Drop firewall on 1 port in Slack

linuxhippy · 03-13-2006, 11:41 AM

How would I drop the firewall on 1 port in Slack 10.1 or 10.2? I don't have KDE installed and would like to do this without a GUI. The port I want to open is 8888 that I am using as the port to my serving pc so others can stream mp3s from me. I am also behind a router firewall-that's another problem.

Alien_Hominid · 03-13-2006, 11:55 AM

What firewall are you using?

quip · 03-13-2006, 12:04 PM

You either write an iptables rule (there are many tutorials on this subject) or you use a higher level configuration tool. My favorite has always been shorewall.

Why do you want to drop requests on port 1? Also, what is your network setup? Is it your router you want to forward through? What brand and model is it?

Alien_Hominid · 03-13-2006, 12:09 PM

1 means one port.

Or I am wrong?

quip · 03-13-2006, 12:21 PM

I apologize. When you said drop one port, I thought you meant you wanted packets to be dropped (aka silently rejected) on port #1, not open up 1 port (in this case, #8888).

If you have not already configured iptables, or installed a higher level configuration tool (like shorewall or firestarter) then I don't believe you should have any ports blocked; you should be able to connect right away.

linuxhippy · 03-13-2006, 01:16 PM

I have firestarter on another pc and like it-I think it needs KDE for an install and that I tried it on my Slack pc that doesn't have KDE and it wouldn't work. Don't have shorewall either. Just default Slack-probably iptables...but never configured.

So the only firwall that is blocking port 8888 would be my router's firewall?

The router is a Westell.

quip · 03-13-2006, 01:36 PM

Quote:

Originally Posted by linuxhippy

So the only firwall that is blocking port 8888 would be my router's firewall?

The router is a Westell.

Most likely, but usually this is only a problem if you are trying to connect from outside your lan (are you?).

IPTables is a configuration tool to set up the actual firewall, which is built in your kernel and called netfilter. Tools like shorewall and firestarter actually configure the configurator (IPTables).

If you haven't used any of these tools, slack will not block anything by default. For instance, on my laptop I have not done any netfilter (firewall) configuration, so any network-aware process will show up in a scan.

Let's go back a couple of steps. Exactly what program are you trying to get going? Are you trying to let your friends from the internet access it? Can you already access it from your lan?

Alien_Hominid · 03-13-2006, 02:49 PM

Check that your firewall is not executable. If it is, chmod -x /etc/rc.d/rc.firewall temporarily (while you get streaming working).

linuxhippy · 03-13-2006, 05:38 PM

I'm trying to set up my old 200 MHz tower to be able to stream mp3s to people on the internet using Slack 10.1 (still has kernel 2.4.29). I now have a "static" IP address with www.no-ip.com and just set up gnump3d-Apache is installed but not configured...I found that gnump3d doesn't need Apache to work. My pc is 1 of 3 pcs networked by a router and DSL.

I disabled my router's firewall (temporarily), didn't see a firewall process running on my pc, and turned off the other pcs....I don't know how to enable port forwarding and I was hoping if 1 pc was connected to the router that port forwarding wouldn't matter. I am not able to stream from my Slack pc from another pc on my neighbor's network and I see no generated errors.

gnump3d and noip2 processes are running without error and configured to use port 8888.

Something is blocking my streams-I'm thinking the culprit is my router. Any ideas?

Oh, /etc/rc.d/rc.firewall doesn't exist on my pc (Slack 10.1).

quip · 03-13-2006, 09:02 PM

A couple of ideas:

1. I'm assuming that noip2 is a process that runs on your computer that informs no-ip.com of your ip address, so that when it changes, dns servers are updated, and people can still connect via your hostname. You say that gnump3d is also running on port 8888; having two processes running on the same port is not a good idea.

2. Apache is not needed for gnump3d.

3. The other pcs being on are of no consequence.

4. If people outside your home cannot connect, then yes, your culprit is probably your router (assuming that you have given enough time for your hostname to propagate to the dns servers your friends use; if not, then they could still reference you via your ip address). I have not used your brand of router before (maybe someone else here has) but you should be able to find some documentation on how to enable port forwarding on it.

Hope that helps.

Wayne

Alien_Hominid · 03-14-2006, 01:21 AM

What configuration tools does your router provide? Is it configurable through the web?

linuxhippy · 03-14-2006, 05:01 AM

quip's assumptions are right on about no-ip and what they do. The software that is installed for gnump3 is configured to use port 8888...I don't think no-ip cares about the port (I'll check). So port 8888 is only used by 1 process.

The router is configured through a web page at http://192.168.1.1

I just found a pdf manual for my router that should have came with it a year ago from Verizon (they sold it to me but can offer no tech support for it):

http://westell.com/content/sales/327W.pdf

My pcs typically attach to 192.168.1.45-47

Alien_Hominid · 03-14-2006, 05:24 AM

So connect to your router and see what you can do.

linuxhippy · 03-14-2006, 08:49 AM

I think I need to enable static NAT in my router. That pdf manual is helpful me thinks! Anyway, when I get home I'll try static NAT.

quip · 03-14-2006, 10:53 AM

You can configure gnump3d to use any port you choose--check out /etc/gnump3d/gnump3d.conf.

You probably will want to reserve a certain private ip addy (192.168.1.x) for your server, and then enable nat for that machine on whatever port you wish to use (currently 8888).

Sounds like you've got it from here...