Re: My customer's are going back to NT if I can't get this fixed!!!

From: David (
Date: 08/08/02

From: David <>
Date: Wed, 07 Aug 2002 22:41:13 GMT

What if he's using ipchains instead of iptables? By default, RH 7.3 still
uses ipchains... Root command prompt: 'lokkit' choose the customise option
and manually type in 4000:tcp, 4000:udp

Luke Ross wrote:

> Hi,
> Stacey Sharp wrote:
>> I've been in this group and others for a while trying to figure this
>> problem
>> out. My customer is telling me to make it work or they want their NT
>> Server back!
>> I have a SQUID proxy/qmail Email/Samba PDC Server running on RHL 7.3.
>> Everything works fine except for a connection to port 4000 which worked
>> on
>> their NT box. There is a specific website that loads a PowerTerm applet
>> for
>> the users to login to a HP-UX system. The PowerTerm program needs to
>> send
>> its authentication information over port 4000. When this is attempted it
>> claims the host ( cannot be found. I've been on
>> the phone with this site's TS and they say that port 4000 has to be open
>> for TCP
>> communication. Port 4000 is in the Safe_ports ACL list in squid.conf. I
>> don't see any references to this port in my tcpdump logs, or squid logs.
>> I am attempting this connection without a firewall (iptables) script
>> running. I have read everything I can find on tcpserver, xinetd, and
>> Linux
>> Administration. Everything I'm reading tells me that this communication
>> should be allowed and should work, but it doesn't. Running "nmap
>> localhost"
>> shows me that only ports 22, 25, 110, and 3128 are open. How do I get
>> communication to travel through this port? Does port 4000 have to be
>> always
>> open like 22, 25, 110, and 3128? If so, what server program needs to
>> monitor it? What am I NOT doing right?
>> I've been given one week to figure this out or I will have to revert back
>> to
>> (gulp) their NT box for proxy. Please help me figure out what needs to
>> be
>> done. Let me know what additional info you need.
> Give us a clue, is this a NAT set up or do all the clients have real
> external IP addresses? Perhaps...
> iptables -I FORWARD 1 -t filter --destination-port 4000 -j FORWARD
> - or -
> iptables -I POSTROUTING 1 -t nat --destination-port 4000 -j MASQUERADE
> may help you, the former is a straighforward iptables-style forward, the
> latter does the same but using IP masquerade (I hope!)
> Luke

Relevant Pages

  • RE: redhat-list Digest, Vol 4, Issue 38
    ... Re: Iptables: port 22 open only for my IP ... Windows Services for Unix 3.5 ... It does absolutely nothing if you have a rampant application on your Windows box that opens a port to the outside world. ...
  • Firewall Rules Summary
    ... Subject: Firewall Rules Summary ... This script is provided "as is" with no implied warranty. ... this came from various howtos and articles on iptables that existed around ... #specific port denies>1024 tcp ...
  • Re: Linux IPTables tutorial pdfs and plain text available.
    ... What you are referring to here are CHAINS. ... create as a user-defined chain in my iptables scripts to reject traffic ... need to allow port 20/tcp only if you're using active FTP. ... This is actually not a bash script, ...
  • Re: Help Needed: My RHEL5 box suddenly stopped accepting e-mails
    ... Here is the output of the 'iptables status' ... try telnetting to port 25 from off-host again. ... If you get the sendmail herald, ... until you get a "Connection refused" response. ...