firewall rules for syncing with pocketpc via synce

Hi,

I have a firewall on my machine (with fedora) with a custom firewall.
how can i open up my firewall so I can connect with my pda?
The messages I get are
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0

so i need to open up port 5679 en 5678 (i have found that in the help of synce) But how can I do that?
tjikkunAsked:
Who is Participating?
 
da99rmdConnect With a Mentor Commented:
Sry, didnt se that ppp0 was the PDAIF.
then the
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
will work perfect for you.
But you have to add the following rule to make sure the output goes trough as you want.
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT

do a iptables -L and post the output here an i will examine it.

/Rob

0
 
jlevieCommented:
Assuming that 192.168.131.102 is your pda it would be 1047/TCP that your firewall needs to allow as an inbound connection. That can be done by a executing a rule like:

iptables -a INPUT -d 0/0 -p tcp --dport 1047 -j ACCEPT

Once that rule is in place you can save it for the next boot with 'service iptables save'
0
 
tjikkunAuthor Commented:
Sorry, I fogot to tell. I was allready trying stuff, so I had something opened up. When I have everything closed, I get:

IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=0 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=256 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=512 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0

So I had opened up something for this,
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
(is this the correct way to do this? ($PDAIF = ppp0, $UNIVERSE = 0.0.0.0/0)

After this the messages in my first post showed. So this is a reply, and I guess i need an ESTABLISHED,RELATED rule of some kind. But I know very little of this so I hope you can help me with that rule.

Thanks for your reply,

Sander
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
da99rmdCommented:
You mean this rule:
$IPT -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

But this doesnt help you im afraid.

>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
This means that you have opened everyport of your internet interface.
This is not good. Remove this rule and input the rule instead:
iptables -a INPUT -p tcp --dport 5679 -j ACCEPT


>IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF >PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
This is a out going packet, to open up a port in the output chain use this rule:
iptables -a OUTPUT -p ALL -i ppp0 -j ACCEPT

I asume the ip ppp0 is the interface you are trying to conenct to, other wise change this tio the correct one.

I dont know what ports the pocketpc uses so just give me the ports and i will give you all the rules you need to connect.

Try it first if it doesnt work just fallback with "service iptables restart" when it works OK then save with "service iptables save"

/Rob



0
 
tjikkunAuthor Commented:
>>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
>This means that you have opened everyport of your internet interface.
>This is not good. Remove this rule and input the rule instead:
>iptables -a INPUT -p tcp --dport 5679 -j ACCEPT

well i have -i ppp0 so I thought that would only allow everything from the PDA interface. Is there a security issue with this? With your rule the port is accessible from the internet, with mine it is not as far as I understand. of course I think I could do:
$IPTABLES -A INPUT -i $PDAIF --dport 5679 -p tcp -j ACCEPT
but now my question:
What is the correct rule to let responses to this through?
0
 
tjikkunAuthor Commented:
Rob,

thank you very much.
You had one error in your rule:
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT
i made that
$IPTABLES -A OUTPUT -p ALL -o $PDAIF -j ACCEPT
and now it seems to work

Sander
0
 
da99rmdCommented:
Sry thats correct.

/Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.