Solved

firewall rules for syncing with pocketpc via synce

Posted on 2004-04-18
7
430 Views
Last Modified: 2012-05-04
Hi,

I have a firewall on my machine (with fedora) with a custom firewall.
how can i open up my firewall so I can connect with my pda?
The messages I get are
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0

so i need to open up port 5679 en 5678 (i have found that in the help of synce) But how can I do that?
0
Comment
Question by:tjikkun
  • 3
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10856648
Assuming that 192.168.131.102 is your pda it would be 1047/TCP that your firewall needs to allow as an inbound connection. That can be done by a executing a rule like:

iptables -a INPUT -d 0/0 -p tcp --dport 1047 -j ACCEPT

Once that rule is in place you can save it for the next boot with 'service iptables save'
0
 

Author Comment

by:tjikkun
ID: 10857206
Sorry, I fogot to tell. I was allready trying stuff, so I had something opened up. When I have everything closed, I get:

IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=0 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=256 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=512 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0

So I had opened up something for this,
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
(is this the correct way to do this? ($PDAIF = ppp0, $UNIVERSE = 0.0.0.0/0)

After this the messages in my first post showed. So this is a reply, and I guess i need an ESTABLISHED,RELATED rule of some kind. But I know very little of this so I hope you can help me with that rule.

Thanks for your reply,

Sander
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10857571
You mean this rule:
$IPT -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

But this doesnt help you im afraid.

>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
This means that you have opened everyport of your internet interface.
This is not good. Remove this rule and input the rule instead:
iptables -a INPUT -p tcp --dport 5679 -j ACCEPT


>IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF >PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
This is a out going packet, to open up a port in the output chain use this rule:
iptables -a OUTPUT -p ALL -i ppp0 -j ACCEPT

I asume the ip ppp0 is the interface you are trying to conenct to, other wise change this tio the correct one.

I dont know what ports the pocketpc uses so just give me the ports and i will give you all the rules you need to connect.

Try it first if it doesnt work just fallback with "service iptables restart" when it works OK then save with "service iptables save"

/Rob



0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:tjikkun
ID: 10857733
>>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
>This means that you have opened everyport of your internet interface.
>This is not good. Remove this rule and input the rule instead:
>iptables -a INPUT -p tcp --dport 5679 -j ACCEPT

well i have -i ppp0 so I thought that would only allow everything from the PDA interface. Is there a security issue with this? With your rule the port is accessible from the internet, with mine it is not as far as I understand. of course I think I could do:
$IPTABLES -A INPUT -i $PDAIF --dport 5679 -p tcp -j ACCEPT
but now my question:
What is the correct rule to let responses to this through?
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 125 total points
ID: 10858259
Sry, didnt se that ppp0 was the PDAIF.
then the
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
will work perfect for you.
But you have to add the following rule to make sure the output goes trough as you want.
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT

do a iptables -L and post the output here an i will examine it.

/Rob

0
 

Author Comment

by:tjikkun
ID: 10858534
Rob,

thank you very much.
You had one error in your rule:
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT
i made that
$IPTABLES -A OUTPUT -p ALL -o $PDAIF -j ACCEPT
and now it seems to work

Sander
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10859267
Sry thats correct.

/Rob
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CentOS7 Xvnc gdm login 9 229
ovirt web management page 1 86
dns master and slave in linux 2 72
ifconfig 4 69
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question