Solved

firewall rules for syncing with pocketpc via synce

Posted on 2004-04-18
7
401 Views
Last Modified: 2012-05-04
Hi,

I have a firewall on my machine (with fedora) with a custom firewall.
how can i open up my firewall so I can connect with my pda?
The messages I get are
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0

so i need to open up port 5679 en 5678 (i have found that in the help of synce) But how can I do that?
0
Comment
Question by:tjikkun
  • 3
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10856648
Assuming that 192.168.131.102 is your pda it would be 1047/TCP that your firewall needs to allow as an inbound connection. That can be done by a executing a rule like:

iptables -a INPUT -d 0/0 -p tcp --dport 1047 -j ACCEPT

Once that rule is in place you can save it for the next boot with 'service iptables save'
0
 

Author Comment

by:tjikkun
ID: 10857206
Sorry, I fogot to tell. I was allready trying stuff, so I had something opened up. When I have everything closed, I get:

IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=0 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=256 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=512 DF PROTO=TCP SPT=1025 DPT=5679 WINDOW=32768 RES=0x00 SYN URGP=0

So I had opened up something for this,
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
(is this the correct way to do this? ($PDAIF = ppp0, $UNIVERSE = 0.0.0.0/0)

After this the messages in my first post showed. So this is a reply, and I guess i need an ESTABLISHED,RELATED rule of some kind. But I know very little of this so I hope you can help me with that rule.

Thanks for your reply,

Sander
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10857571
You mean this rule:
$IPT -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

But this doesnt help you im afraid.

>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
This means that you have opened everyport of your internet interface.
This is not good. Remove this rule and input the rule instead:
iptables -a INPUT -p tcp --dport 5679 -j ACCEPT


>IN= OUT=ppp0 SRC=192.168.131.102 DST=192.168.131.201 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF >PROTO=TCP SPT=5679 DPT=1047 WINDOW=5840 RES=0x00 ACK SYN URGP=0
This is a out going packet, to open up a port in the output chain use this rule:
iptables -a OUTPUT -p ALL -i ppp0 -j ACCEPT

I asume the ip ppp0 is the interface you are trying to conenct to, other wise change this tio the correct one.

I dont know what ports the pocketpc uses so just give me the ports and i will give you all the rules you need to connect.

Try it first if it doesnt work just fallback with "service iptables restart" when it works OK then save with "service iptables save"

/Rob



0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:tjikkun
ID: 10857733
>>$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
>This means that you have opened everyport of your internet interface.
>This is not good. Remove this rule and input the rule instead:
>iptables -a INPUT -p tcp --dport 5679 -j ACCEPT

well i have -i ppp0 so I thought that would only allow everything from the PDA interface. Is there a security issue with this? With your rule the port is accessible from the internet, with mine it is not as far as I understand. of course I think I could do:
$IPTABLES -A INPUT -i $PDAIF --dport 5679 -p tcp -j ACCEPT
but now my question:
What is the correct rule to let responses to this through?
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 125 total points
ID: 10858259
Sry, didnt se that ppp0 was the PDAIF.
then the
$IPTABLES -A INPUT -i $PDAIF -d $UNIVERSE -j ACCEPT
will work perfect for you.
But you have to add the following rule to make sure the output goes trough as you want.
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT

do a iptables -L and post the output here an i will examine it.

/Rob

0
 

Author Comment

by:tjikkun
ID: 10858534
Rob,

thank you very much.
You had one error in your rule:
$IPTABLES -A OUTPUT -p ALL -i $PDAIF -j ACCEPT
i made that
$IPTABLES -A OUTPUT -p ALL -o $PDAIF -j ACCEPT
and now it seems to work

Sander
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10859267
Sry thats correct.

/Rob
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now