Openning ports - 587
I am running a Virtual Server, and I needed to have port 587 open and accepting SMTP connections, because my new ISP will block port 25.
I wasn't sure how to go about this, so I edited /etc/services. My port 465 was accepting mail connections, so in this list, I simply changed that number from 465 to 587. 587 was on the list already of course, but wasn't accepting connections from the outside. So I now have three port 587s in the list. I wanted to know if this is kosher - are there any problems that could arise from me having done this? I wasn't sure how else to go about getting port 587 working. Any info is greatly apprecaited!! Thanks!! |
if you get this problem fixed please pm me on how you open it up i have a similar problem i want to open a port on my server 12220
|
Changing /etc/services doesn't open or close a port. You should change it back the way it was.
To open a port, you must start a service that listens on that port. You can check to see what's listening on what port by executing Code:
# netstat --proto=inet -pnl (1) In FC4, the relevant file is /etc/sysconfig/iptables. If you want to make port 587 available to the planet, add the following line to that file. Code:
-A INPUT -p tcp --dport 587 -j ACCEPT Code:
# service iptables restart (2) Use the security level gui tool under Desktop->System Tools. (I think that's the submenu name. I'm not sitting in front of my FC4 machine at the moment.) You can add individual ports in the bottom window of the Firewall tab. |
Hi, thanks for the info! Why is it not a good idea to just modify the etc/services, it worked? I also see the port open. When I change services back, the port is no longer there.
As for the iptables, all I see is iptables-config, and that's it. What I did do first was to change the port I changed from 465 to 587 back to 465. Then I did: cd /etc/xinetd.d cp smtp_psa smtp_additional vim smtp_additional and changed the first line to "service submission" and then restarted xinetd After, I did netstat --proto=inet -pnl and lo and behond, the port is open and seems to be accepting connections (of course I can't fully check to see if it the emails go out, since my server passes everything through the SBL & XBL, and my dynamic IP address that's currently assigned to me by my ISP is listed in there, so my server won't accept my email!) Thanks a lot for your tips and info on the IP tables and Netstat command, I really appreciate it!! |
The services file is the canonical mapping between services and their IANA-assigned port numbers and protocol types. It's not advisable to modify it, especially ports below 1024, unless you absolutely have to, because it may cause certain services to fail that rely upon the IANA mapping. The 'services' manpage provides details. If it works for you though, then hey, it's okay, but it's a somewhat unorthodox way to go about it and it may (emphasis on "may") cause you problems in the future if you run a service that needs the port you've assigned to something else.
I'm not sure what distribution you're running, but if all you see in /etc/sysconfig is iptables-config, your firewall may not be active. But again, my familiarity lies with Redhat and Fedora, not other distros, and those other distros may squirrel the iptables rules file somewhere else. Irrespective of the distro, to examine the current iptables configuration, run Code:
# /sbin/iptables -L Code:
Chain FORWARD (policy ACCEPT) |
Hi, thanks for responding to my posts. Eek, I realized that maybe I don't have the IP tables setup, I thought it came fully operating when I got my server.
Since this is a BASH login to my server, can you recommend any easy-to-use text-based programs that I can use to configure IP Tables? Thanks a ton! |
First, run the following command and post the results here.
uname -a |
Linux localhost.localdomain 2.4.20-021stab022.1.777 #1 Sat Jun 26 17:05:57 MSD 2004 i686 i686 i386 GNU/Linux
|
I can't tell from your uname string what distribution you're running. Do you know?
Is there an "iptables" script in /etc/rc.d/init.d? Is this machine being used as NAT router? Execute Code:
# cat /proc/sys/net/ipv4/ip_forward If your machine isn't forwarding packets, here's a simple iptables firewall script from http://electron.mit.edu/~gsteele/firewall/ . Save it to a file and modify or add to the "dport" options below to unblock the ports you want access to. Code:
#!/bin/bash |
hello,
i have a similar problem with port 623 which is assign to asf-rmcp. my OS is RH AS 4. i'm sending ASF pings to it but it only returns ICMP code 10 (Destination unreachable ). the port is listed in the /etc/services file and i already configured iptables to accept all packets going to port 623. i havent tried nmap and nstat yet to check if there is a service listening. i'm assuming that the port is closed since its returning an ICMP (Destination unreachable) packet so how can i open the port? is there a specific command for it or should i reconfigure a file? tnx in advance. |
Run the following command to see what services are listening for inet connections.
Code:
netstat --proto=inet -pnl |
All times are GMT -5. The time now is 05:26 AM. |