Re: How to open a port in flowpoint 2200 router
From: Paul Gibson (pgibson@tscwo.com)Date: 04/08/02
- Next message: Greg Hennessy: "Re: IPSEC through load balancers?"
- Previous message: mysticron@netzero.net: "Sonicwall Pro: Logging all traffic from specific IP?"
- In reply to: Alvaro Melo: "How to open a port in flowpoint 2200 router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul Gibson" <pgibson@tscwo.com> Date: Mon, 8 Apr 2002 14:54:26 -0400
"Alvaro Melo" <alvaro_melo@yahoo.com> wrote in message
news:afc2bada.0204080956.79af82bd@posting.google.com...
> I'm trying to open the port 1214 on my flowpoint 2200 dsl router, But
> nothing seems to work.
I used to admin two of these devices in different offices, although it's
been a long time. You didn't say if you're trying to allow 1214 inbound or
outbound; your samples look like you're trying to get the port outbound and
inbound. When I setup mine for firewalling, I used the commands to clear out
any existing filters to make sure they wouldn't conflict. Outbound should be
remote ipfilter insert output accept -p tcp -dp 1214 internet
Inbound would be something like this
system addserver 192.168.0.2 tcp 1214
remote ipfilter insert input accept -p tcp -dp 1214 -da 10.11.12.13
Where 192.168.0.2 is the internal, private IP address and 10.11.12.13 is the
public IP address that people connect to. I never used it to setup an
internal server, so I'm not sure this is correct.
Also, try using these commands to see a real-time "log" of what's happening
on the firewall (the # means the line is a comment):
# system log start
remote ipfilter list internet
remote ipfilter watch on internet
remote ipfilter watch off internet
What I did was create scripts with all the rules in it. Anytime I wanted to
make a change, I'd change the script and send it to the router/firewall.
IIRC, these don't take effect until you save and reboot. Be aware that if
you use the "drop" commands YOU'LL LOSE ALL INTERNET CONNECTIVITY unless you
have other commands after it! Make sure you have a serial-port backup (I use
Windows HyperTerminal) in case you lock your Telnet session out. I think the
FlowPoint came with an administration program which let me dump the script
to the device, but I'm not sure. If you don't have an admin program, try
creating the script in Notepad, selecting the whole thing and copying it to
the clipboard. Then in Telnet or HyperTerminal connect to the router and
paste it in. It might work, but I don't know.
#flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush forward internet
eth ip filter flush input
eth ip filter flush output
eth ip filter flush forward
#drop all packets
remote ipfilter append input drop internet
remote ipfilter append output drop internet
# HTTP
remote ipfilter insert output accept -p tcp -dp 80 internet
# DNS
remote ipfilter insert output accept -p udp -dp 53 internet
# SMTP
remote ipfilter insert output accept -p tcp -dp 25 internet
# POP3
remote ipfilter insert output accept -p tcp -dp 110 internet
remote ipfilter insert output accept -p tcp -dp 109 internet
# telnet
remote ipfilter insert output accept -p tcp -dp 23 internet
save
reboot
I still have a user manual in PDF if you want me to e-mail it; 1.7MB.
- Next message: Greg Hennessy: "Re: IPSEC through load balancers?"
- Previous message: mysticron@netzero.net: "Sonicwall Pro: Logging all traffic from specific IP?"
- In reply to: Alvaro Melo: "How to open a port in flowpoint 2200 router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
