Hylafax Mailing List Archives |
Pedro, Check out this earlier conversation about connection tracking on the firewall. Specifically the post I've linked to. http://www.hylafax.org/archive/2004-11/msg00349.html Regards, Kimble Young Bob van der Waard wrote: Pedro, In Fax/System Preferences you can set Enable Passive FTP true/false. But this doesn't change the behavior... Destination still varies from connection to connection. BTW I'm using iptables on a Linux system. Kind regards, Bob van der Waard Stout & Storm -----Oorspronkelijk bericht----- Van: hylafax-users-bounce@xxxxxxxxxxx [mailto:hylafax-users-bounce@xxxxxxxxxxx] Namens Pedro Verzonden: zondag 19 juni 2005 16:44 Aan: Bob van der Waard CC: hylafax-users@xxxxxxxxxxx Onderwerp: Re: [hylafax-users] Hylafax / WHFC vs firewall I think WHFC has a check box called "passive mode" or "passive conection" or something close to that. You don't say which firewall are you using but I recall threads about hylafax and firewalling. Hope this helps. Pedro --- Bob van der Waard <bob@xxxxxxxxxxxxxxx> wrote:Hi list, I've yet another question... I'm using WHFC to send fax message to my Hylafax gateway. But when I enable the firewall on the Hylafax server, WHFC can't setup a session with the Hylafax server. Don't get me wrong here... It can connect to the Hylafax server at port 4559 but WHFC can't setup a session when authenticated to the Hylafax server. I noticed in de logging that WHFC tries to connect between a range of destination ports on the Hylafax server. See example: Jun 12 07:40:32 samba kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00 SRC="" DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=36760 DF PROTO=TCP SPT=1904 DPT=34011 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 19 14:00:13 samba kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00 SRC="" DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=29356 DF PROTO=TCP SPT=1367 DPT=37709 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 19 14:03:02 samba kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00 SRC="" DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30251 DF PROTO=TCP SPT=1372 DPT=37711 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 19 14:05:20 samba kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:11:09:8f:aa:3c:00:04:e2:aa:26:cd:08:00 SRC="" DST=192.168.1.252 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=31134 DF PROTO=TCP SPT=1377 DPT=37713 WINDOW=16384 RES=0x00 SYN URGP=0 As you can see the Source port varies and the Destination port increased after successful or unsuccessful connection. I can disable firewalling... but that's not my policy. I like to know between what Destination ports WHFC tries to connect? 34000:40000. Please advice. Kind regards Bob van der Waard Stout & Storm____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com ____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx* |
|