1. Forum
  2. FidoNet
  3. LINUX

  • pfsense port forwarding...

    From Martin Kazmaier@1:340/1101 to All on Wed Dec 25 21:35:00 2024
    I can't see any specific differences in my port forwarding rules. Some work, some don't. Forwarding to port 940 (for my smtp port, relayed from another server), 110 for pop3 and port 119 (nntp) don't forward. If I try to telnet
    to the local IPs and ports, it works, but not using the domain. I'm behind a VPN, so it's not hairpinning. All of the rest of my port forwarding rules
    work fine (I've got about 20 of them), except for these 3 and maybe one or 2 others. I can't see anything consistently wrong with them or the rules.
    Does anyone have any ideas?

    --
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs')


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (1:340/1101)
  • From Karel Kral@2:423/39 to Martin Kazmaier on Thu Dec 26 07:59:42 2024
    Hello Martin!

    25 Dec 24 21:35, you wrote to All:

    not using the domain. I'm behind a VPN, so it's not hairpinning. All
    of the rest of my port forwarding rules work fine (I've got about 20
    of them), except for these 3 and maybe one or 2 others. I can't see anything consistently wrong with them or the rules. Does anyone have
    any ideas?

    I most probably do not have answer for you. Just ideas, as you asked:

    1) is it DNS translation issue? (as you wrote direct IP is working, host name not?)
    2) is it wrong port combination? (as obviously some of them are "protected")
    3) is it networking problem behind Internet connection provider?
    4) is it OS related issue (selinux or similar)
    5) is it HW related issue (like you wrote about low memory)

    I would go:
    a) try it without firewall for the short moment
    b) to change port numbers - to free/higher numbers (these sources for forwarding)
    c) check how DNS translation is working on each step (is it somehow 127.0.0.1/localhost used?)
    d) check dmesg for any specific (low) memory errors (buy memory or at least extend swap setup)

    Karel

    --- GoldED+/LNX 1.1.5-b20240209
    * Origin: Plast DATA (2:423/39)
  • From Alan Ianson@1:153/757 to Martin Kazmaier on Wed Dec 25 23:45:48 2024
    I can't see any specific differences in my port forwarding rules. Some work, some don't. Forwarding to port 940 (for my smtp port, relayed from another server), 110 for pop3 and port 119 (nntp) don't forward. If I try to telnet to the local IPs and ports, it works, but not using the domain. I'm behind a VPN, so it's not hairpinning. All of the rest of my port forwarding rules work fine (I've got about 20 of them), except for these 3 and maybe one or 2 others. I can't see anything consistently wrong with them or the rules.
    Does anyone have any ideas?

    I don't use pfsense so I don't know if this applies to your situation..

    On linux ports <=1024 can only be opened by root. I use port 80 and 21 for my BBS so I use setcap to give my application (bbbsd in this case) the
    capability to open and use these ports, like so..

    sudo /sbin/setcap 'cap_net_bind_service=+ep' bbbsd

    The above command will need to be run whenever your application is updated or reinstalled.

    The Synchronet wiki talks about this and the authbind method to acheive this.

    http://wiki.synchro.net/howto:linux_non-root

    --- BBBS/Li6 v4.10 Toy-7
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Martin Kazmaier@1:340/1101 to Alan Ianson on Thu Dec 26 02:07:00 2024

    I can't see any specific differences in my port forwarding rules. Some
    work,
    some don't. Forwarding to port 940 (for my smtp port, relayed from
    another
    server), 110 for pop3 and port 119 (nntp) don't forward. If I try to
    telnet
    to the local IPs and ports, it works, but not using the domain. I'm
    behind a
    VPN, so it's not hairpinning. All of the rest of my port forwarding
    rules
    work fine (I've got about 20 of them), except for these 3 and maybe one
    or 2
    others. I can't see anything consistently wrong with them or the rules.
    Does anyone have any ideas?

    I don't use pfsense so I don't know if this applies to your situation..

    On linux ports <=1024 can only be opened by root. I use port 80 and 21 for my BBS so I use setcap to give my application (bbbsd in this case) the capability to open and use these ports, like so..

    sudo /sbin/setcap 'cap_net_bind_service=+ep' bbbsd

    The above command will need to be run whenever your application is updated or reinstalled.

    The Synchronet wiki talks about this and the authbind method to acheive this.

    http://wiki.synchro.net/howto:linux_non-root


    Ack, partially user error. I never set up a software firewall rule for my email server... Now that that's done, port 940 and port 110 are open on my domain. Port 119 was just weird. I removed and re-added the rule and then
    it suddenly started working. Everything is groovy now. Thanks for all of
    the suggestions!

    --
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs')


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (1:340/1101)