Shorewall users - Oct 2003 - Allowing HylaFax-Client on a Firewalled Box

Hi All,

Just wanna ask if how can you allow the HylaFax client connect to a
firewalled box ... I''m using WHFC btw.

I have opened port 4559 (default port of faxd) as well as port 21 on the
box, still I can''t connect to HylaFax ... Upon further reading, I have
followed Tom''s suggestion
(http://lists.shorewall.net/pipermail/shorewall-users/2003-September/008703.html)
and it worked flawlessly.

I just have a thought that issuing the "loc <---> fw ACCEPT" on
the policy
file will allow your box to be fully opened on you local networks by which
is the trick that makes it work. I''m not quite a paranoid to my local
networks, but how can I allow HylaFax clients to connect to my box but the
box also filters my local network.

I have found some papers that says HylaFax do a passive FTP on the box. I
found it when I do a netstat command ... HylaFax Server does open a
connection for several random ports starting from 1033 and above.

I''m not sure how to allow a passive connection configuration ... please
advise ... c",)


--[inserpt from netstat output]---
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
tcp        0      0 mail.sbgfc.org.ph:1040  192.168.0.2:2823
tcp        0      0 mail.sbgfc.org.ph:1039  192.168.0.2:2822
tcp        0      0 mail.sbgfc.org.ph:1038  192.168.0.2:2820
tcp        0      0 mail.sbgfc.org.ph:1047  192.168.0.2:2835
tcp        0      0 mail.sbgfc.org.ph:1046  192.168.0.2:2834
tcp        0      0 mail.sbgfc.org.ph:1037  192.168.0.2:2817
tcp        0      0 mail.sbgfc.org.ph:ssh   192.168.0.2:2805
tcp        0      0 mail.sbgfc.org.ph:1036  192.168.0.2:2816
tcp        0      0 mail.sbgfc.org.ph:1045  192.168.0.2:2832
tcp        0      0 mail.sbgfc.org.ph:1044  192.168.0.2:2831
tcp        0      0 mail.sbgfc.org.ph:1035  192.168.0.2:2814
tcp        0      0 mail.sbgfc.org.ph:1043  192.168.0.2:2829
tcp        0      0 mail.sbgfc.org.ph:1034  192.168.0.2:2813
tcp        0      0 mail.sbgfc.org.ph:1033  192.168.0.2:2811
tcp        0      0 mail.sbgfc.org.ph:1042  192.168.0.2:2826
tcp        0      0 mail.sbgfc.org.ph:1041  192.168.0.2:2825
----------------------------------


Warm Regards,
Stephen

Hi All,

Just wanna ask if how can you allow the HylaFax client connect to a
firewalled box ... I''m using WHFC btw.

I have opened port 4559 (default port of faxd) as well as port 21 on the
box, still I can''t connect to HylaFax ... Upon further reading, I have
followed Tom''s suggestion
(http://lists.shorewall.net/pipermail/shorewall-users/2003-September/008703.html)
and it worked flawlessly.

I just have a thought that issuing the "loc <---> fw ACCEPT" on
the policy
file will allow your box to be fully opened on you local networks by which
is the trick that makes it work. I''m not quite a paranoid to my local
networks, but how can I allow HylaFax clients to connect to my box but the
box also filters my local network.

I have found some papers that says HylaFax do a passive FTP on the box. I
found it when I do a netstat command ... HylaFax Server does open a
connection for several random ports starting from 1033 and above.

I''m not sure how to allow a passive connection configuration ... please
advise ... c",)


--[inserpt from netstat output]---
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
tcp        0      0 mail.sbgfc.org.ph:1040  192.168.0.2:2823
tcp        0      0 mail.sbgfc.org.ph:1039  192.168.0.2:2822
tcp        0      0 mail.sbgfc.org.ph:1038  192.168.0.2:2820
tcp        0      0 mail.sbgfc.org.ph:1047  192.168.0.2:2835
tcp        0      0 mail.sbgfc.org.ph:1046  192.168.0.2:2834
tcp        0      0 mail.sbgfc.org.ph:1037  192.168.0.2:2817
tcp        0      0 mail.sbgfc.org.ph:ssh   192.168.0.2:2805
tcp        0      0 mail.sbgfc.org.ph:1036  192.168.0.2:2816
tcp        0      0 mail.sbgfc.org.ph:1045  192.168.0.2:2832
tcp        0      0 mail.sbgfc.org.ph:1044  192.168.0.2:2831
tcp        0      0 mail.sbgfc.org.ph:1035  192.168.0.2:2814
tcp        0      0 mail.sbgfc.org.ph:1043  192.168.0.2:2829
tcp        0      0 mail.sbgfc.org.ph:1034  192.168.0.2:2813
tcp        0      0 mail.sbgfc.org.ph:1033  192.168.0.2:2811
tcp        0      0 mail.sbgfc.org.ph:1042  192.168.0.2:2826
tcp        0      0 mail.sbgfc.org.ph:1041  192.168.0.2:2825
----------------------------------


Warm Regards,
Stephen

Hello Stephen,

Please see this FAQ and let me know if this helps. I''m pretty sure this
is what you need to look
at first. And then I think things will become alittle more clearer. 

http://www.shorewall.net/FTP.html

JBanks


--- stephen.dormido@sbgfc.org.ph wrote:
> Hi All,
> 
> Just wanna ask if how can you allow the HylaFax client connect to a
> firewalled box ... I''m using WHFC btw.
> 
> I have opened port 4559 (default port of faxd) as well as port 21 on the
> box, still I can''t connect to HylaFax ... Upon further reading, I
have
> followed Tom''s suggestion
>
(http://lists.shorewall.net/pipermail/shorewall-users/2003-September/008703.html)
> and it worked flawlessly.
> 
> I just have a thought that issuing the "loc <---> fw
ACCEPT" on the policy
> file will allow your box to be fully opened on you local networks by which
> is the trick that makes it work. I''m not quite a paranoid to my
local
> networks, but how can I allow HylaFax clients to connect to my box but the
> box also filters my local network.
> 
> I have found some papers that says HylaFax do a passive FTP on the box. I
> found it when I do a netstat command ... HylaFax Server does open a
> connection for several random ports starting from 1033 and above.
> 
> I''m not sure how to allow a passive connection configuration ...
please
> advise ... c",)
> 
> 
> --[inserpt from netstat output]---
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> tcp        0      0 mail.sbgfc.org.ph:1040  192.168.0.2:2823
> tcp        0      0 mail.sbgfc.org.ph:1039  192.168.0.2:2822
> tcp        0      0 mail.sbgfc.org.ph:1038  192.168.0.2:2820
> tcp        0      0 mail.sbgfc.org.ph:1047  192.168.0.2:2835
> tcp        0      0 mail.sbgfc.org.ph:1046  192.168.0.2:2834
> tcp        0      0 mail.sbgfc.org.ph:1037  192.168.0.2:2817
> tcp        0      0 mail.sbgfc.org.ph:ssh   192.168.0.2:2805
> tcp        0      0 mail.sbgfc.org.ph:1036  192.168.0.2:2816
> tcp        0      0 mail.sbgfc.org.ph:1045  192.168.0.2:2832
> tcp        0      0 mail.sbgfc.org.ph:1044  192.168.0.2:2831
> tcp        0      0 mail.sbgfc.org.ph:1035  192.168.0.2:2814
> tcp        0      0 mail.sbgfc.org.ph:1043  192.168.0.2:2829
> tcp        0      0 mail.sbgfc.org.ph:1034  192.168.0.2:2813
> tcp        0      0 mail.sbgfc.org.ph:1033  192.168.0.2:2811
> tcp        0      0 mail.sbgfc.org.ph:1042  192.168.0.2:2826
> tcp        0      0 mail.sbgfc.org.ph:1041  192.168.0.2:2825
> ----------------------------------
> 
> 
> Warm Regards,
> Stephen
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com