Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 5th August 2005, 20:02
weedguy weedguy is offline
Junior Member
 
Join Date: Aug 2005
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Problem opening firewall port

I have ISPConfig installed on a Fedora Core 4 box. ISPConfig is working perfectly. However, I also want to use my computer as a samba file server. I need to open up a few firewall ports to do this. I used the ISPConfig control panel and tried to open port 137. I restarted the firewall using the control panel. Before and after I did this, I ran nmap and got the following output:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-05 13:54 EDT
Interesting ports on ddnsserver1.hopto.org (192.168.0.10):
(The 1644 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
734/tcp open unknown
761/tcp open kpasswd
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
3306/tcp open mysql
32770/tcp open sometimes-rpc3

Nmap finished: 1 IP address (1 host up) scanned in 0.253 seconds

As the listing shows, port 137 is not open. How can I open up port 137?
Reply With Quote
Sponsored Links
  #2  
Old 6th August 2005, 11:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
Originally Posted by weedguy
I have ISPConfig installed on a Fedora Core 4 box. ISPConfig is working perfectly. However, I also want to use my computer as a samba file server. I need to open up a few firewall ports to do this. I used the ISPConfig control panel and tried to open port 137. I restarted the firewall using the control panel. Before and after I did this, I ran nmap and got the following output:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-05 13:54 EDT
Interesting ports on ddnsserver1.hopto.org (192.168.0.10):
(The 1644 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
734/tcp open unknown
761/tcp open kpasswd
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
3306/tcp open mysql
32770/tcp open sometimes-rpc3

Nmap finished: 1 IP address (1 host up) scanned in 0.253 seconds

As the listing shows, port 137 is not open. How can I open up port 137?

Have you installed SAMBA and started it?
Reply With Quote
  #3  
Old 6th August 2005, 13:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Have you installed SAMBA and started it?
Yes, you have to start Samba. You can run

Code:
iptables -L
to see which ports are open in the firewall.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 7th August 2005, 00:41
weedguy weedguy is offline
Junior Member
 
Join Date: Aug 2005
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Samba is running

Samba is running and working correctly. Also, I am aware of the command iptables -L listing the ports but the installation instructions for ISPConfig instructed me to turn the firewall off. This is why I used the command nmap to show the ports that are actually open.
Reply With Quote
  #5  
Old 7th August 2005, 11:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
Originally Posted by weedguy
Samba is running and working correctly. Also, I am aware of the command iptables -L listing the ports but the installation instructions for ISPConfig instructed me to turn the firewall off. This is why I used the command nmap to show the ports that are actually open.
The ISPConfig firewall is a IPTables firewall.
Reply With Quote
  #6  
Old 7th August 2005, 14:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by till
The ISPConfig firewall is a IPTables firewall.
Yes, I was thinking that you were running the ISPConfig firewall...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 7th August 2005, 23:39
weedguy weedguy is offline
Junior Member
 
Join Date: Aug 2005
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Could this be an installation problem?

I was wondering if this could be an installation problem. I followed the installation instructions for Fedora Core 4. However, instead of selecting the indicated packages to install, I selected everything. Is it possible that selecting everything to install is adding something that is setting up the firewall?
Reply With Quote
  #8  
Old 8th August 2005, 00:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by weedguy
Is it possible that selecting everything to install is adding something that is setting up the firewall?
Maybe. Can you post the output of
Code:
iptables -L
here?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 8th August 2005, 15:02
weedguy weedguy is offline
Junior Member
 
Join Date: Aug 2005
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default iptables output

I executed /etc/init.d/iptables and got: Firewall is stopped.

The output for iptables -L is:

[root@ddnsserver1 servadmin]# /sbin/iptables -L
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain PAROLE (10 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
PAROLE tcp -- anywhere anywhere tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Reply With Quote
  #10  
Old 8th August 2005, 15:17
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

This looks like the ISPConfig firewall is running. You can control it from the web interface: Management -> Server -> Services.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.