I am have a problem with some ports not opening when I set them in the rules
file.
When I open port 10000 tcp for webmin using the macro the outside can tell that
10000 is open when I try 5060 through 5090 udp the outside does not get any
responce.
I have used http://www.canyouseeme.org/ to check witch ports are open.
this can tell that port 10000(from macro.Webmin) is open but not port 5060:5090
(from macro.Phone). When I remove the macro.Webmin the 10000 port does not
respond.
For TCP ports
nmap -sS (my outside ip) 2>&1
Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-09 11:35 CST
Nmap scan report for (my outside ip).dhcp.mdsn.wi.charter.com (my outside ip)
Host is up (0.0000080s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3128/tcp open squid-http
10000/tcp open snet-sensor-mgmt
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
For UPD ports
nmap -sU (my outside ip) 2>&1
Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-09 11:37 CST
Nmap scan report for (my outside ip).dhcp.mdsn.wi.charter.com (my outside ip)
Host is up (0.000010s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
53/udp open domain
67/udp open|filtered dhcps
68/udp open|filtered dhcpc
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
500/udp open|filtered isakmp
3130/udp open|filtered squid-ipc
4500/udp open|filtered nat-t-ike
10000/udp open unknown
Nmap done: 1 IP address (1 host up) scanned in 1.32 second
Also, email and web pages work!!
I have asked Charter if they can test ports on my ip and they say that they can
not, so I am not shure if it is them or me. I have shut down apparmor to make
shure that it is not causing any problems.
My System:
Shorewall version 4.5.0.2
Operating system Ubuntu Linux 11.10
Time on system Thu Mar 11 08:46:24 2012
Kernel and CPU Linux 3.0.0-16-server on x86_64
Processor information AMD Sempron(tm) 140 Processor, 1 cores
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 70:71:bc:22:d9:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.253/24 brd 192.168.1.255 scope global eth1
inet6 fe80::7271:bcff:fe22:d90a/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 576 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 6c:fd:b9:49:61:e5 brd ff:ff:ff:ff:ff:ff
inet 71.82.221.223/23 brd 255.255.255.255 scope global eth0
# ip route show
default via 71.82.220.1 dev eth0 metric 100
71.82.220.0/23 dev eth0 proto kernel scope link src 71.82.221.223
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.253
/usr/share/shorewall/macro.Phone file below:
#
# Shorewall version 4 – Phone Macro
#
# /usr/share/shorewall/macro.Phone
#
# This macro handles ports for Telephone Service
#
# By Eric Teeter
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
PARAM - - udp 5060:5090 #SIP Ports
PARAM - - udp 4569 #IAX
PARAM - - udp 5036 #IAX v2
PARAM - - udp 10000:20000 #RTP - the media stream
PARAM - - udp 2721 #MGCP
If you would like you can add the above macro to your next upgrade.
If you need anything else, just ask.
--
Eric Teeter
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2