HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] Hylafax / WHFC vs firewall (SOLVED)



Hi Kimble,

 

Thank you for the link.

 

I don’t use a modular kernel... so I had to tweak kernel code to accomplish the ftp connection tracking and nat on port 4559.

Then recompile the a new monolithic kernel and install it.

 

Now everything works just fine with Enable Passive ftp set to false and iptables firewall on.

 

Kind regards,

 

 

Bob van der Waard

Stout & Storm

 


Van: hylafax-users-bounce@xxxxxxxxxxx [mailto:hylafax-users-bounce@xxxxxxxxxxx] Namens Kimble Young
Verzonden: maandag 20 juni 2005 1:33
CC: 'Pedro'; hylafax-users@xxxxxxxxxxx
Onderwerp: Re: [hylafax-users] Hylafax / WHFC vs firewall

 

Pedro,

Check out this earlier conversation about connection tracking on the firewall. Specifically the post I've linked to.

http://www.hylafax.org/archive/2004-11/msg00349.php

Regards,

Kimble Young

Bob van der Waard wrote:

Pedro,
 
In Fax/System Preferences you can set Enable Passive FTP true/false. 
 
But this doesn't change the behavior... Destination still varies from
connection to connection.
 
BTW I'm using iptables on a Linux system.
 
Kind regards,
 
 
Bob van der Waard
Stout & Storm
 
 
-----Oorspronkelijk bericht-----
Van: hylafax-users-bounce@xxxxxxxxxxx
[mailto:hylafax-users-bounce@xxxxxxxxxxx] Namens Pedro
Verzonden: zondag 19 juni 2005 16:44
Aan: Bob van der Waard
CC: hylafax-users@xxxxxxxxxxx
Onderwerp: Re: [hylafax-users] Hylafax / WHFC vs firewall
 
I think WHFC has a check box called "passive mode" or
"passive conection" or something close to that. 
You don't say which firewall are you using but I
recall threads about hylafax and firewalling. Hope
this helps.
 
Pedro
--- Bob van der Waard <bob@xxxxxxxxxxxxxxx> wrote:
 
  
Hi list,
 
 
 
I've yet another question...
 
 
 
I'm using WHFC to send fax message to my Hylafax
gateway. But when I enable
the firewall on the Hylafax server, WHFC can't setup
a session with the
Hylafax server.
 
 
 
Don't get me wrong here...
 
 
 
It can connect to the Hylafax server at port 4559
but WHFC can't setup a
session when authenticated to the Hylafax server.
 
 
 
I noticed in de logging that WHFC tries to connect
between a range of
destination ports on the Hylafax server.
 
 
 
See example:
 
 
 
Jun 12 07:40:32 samba kernel:
giptables-drop-src-norule: IN=eth0 OUT=
MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00
SRC="">
DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128
ID=36760 DF PROTO=TCP
SPT=1904 DPT=34011 WINDOW=16384 RES=0x00 SYN URGP=0
 
Jun 19 14:00:13 samba kernel:
giptables-drop-src-norule: IN=eth0 OUT=
MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00
SRC="">
DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128
ID=29356 DF PROTO=TCP
SPT=1367 DPT=37709 WINDOW=16384 RES=0x00 SYN URGP=0
 
Jun 19 14:03:02 samba kernel:
giptables-drop-src-norule: IN=eth0 OUT=
MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00
SRC="">
DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128
ID=30251 DF PROTO=TCP
SPT=1372 DPT=37711 WINDOW=16384 RES=0x00 SYN URGP=0
 
Jun 19 14:05:20 samba kernel:
giptables-drop-src-norule: IN=eth0 OUT=
MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00
SRC="">
DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128
ID=31134 DF PROTO=TCP
SPT=1377 DPT=37713 WINDOW=16384 RES=0x00 SYN URGP=0
 
 
 
As you can see the Source port varies and the
Destination port increased
after successful or unsuccessful connection.
 
 
 
I can disable firewalling... but that's not my
policy.
 
 
 
I like to know between what Destination ports WHFC
tries to connect?
34000:40000. Please advice.
 
 
 
Kind regards
 
 
 
 
 
Bob van der Waard
 
Stout & Storm
 
 
 
 
 
 
 
 
    
 
 
 
               
____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com
 
 
____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
 
 
 
  

 

GIF image




Project hosted by iFAX Solutions