[Gllug] Guarddog firewall question
Paul Cupis
paul at cupis.co.uk
Sun Jun 11 09:11:42 UTC 2006
Casper Gasper wrote:
> On 11/06/06, Paul Cupis <paul at cupis.co.uk> wrote:
>> Emon wrote:
>> > I am running the Guarddog firewall application which is a GUI front-end
>> > for iptables.
>> >
>> > My email provider (nerdshack.com) allows smtp on port 25 & 2525. My ISP
>> > has port 25 blocked but has 2525 open (after I requested them). I am
>> not
>> > all that tech savvy when it comes to network & stuffs. I have no clue
>> > how to configure iptables; but using the Guarddog GUI I enabled smtp
>> > outgoing, which by default opens port 25. So (using the GUI) I made a
>> > custom protocol (base on my instincts) which is as follows
>> >
>> > Name: SMPT2
>> > Type: TCP
>> > Port: 2525
>> >
>> > and voa-la!! Things are working fine, I am able to send mail fine.
>> > So before I rush off to my friends to boast & babble about my immense
>> > talent in configuring firewalls blindly, without having to know
>> anything
>> > about them :-)..... I would be very grateful if someone could kindly
>> > confirm if the procedure I followed is OK!! or have I opened some kind
>> > of a potential security hole??!!
>>
>> If you have set the custom protocol to TCP only and non-bidirectional,
>> and then enabled it in the protocols tab for "Protocol served from zone
>> 'Internet' to clients in zones...local" then you should be fine, with no
>> unnecessary ports open.
>
> Shouldn't this be in the other direction -- from clients in
> zones...local to zone internet? The connection is being initiated by
> the client.
Port 2525 is being served /from/ the internet (zone) - i.e. the SMTP
server is on the internet and you want to access it.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list