1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Opening a port in a firewall script

Discussion in 'Networking' started by plucnik, Sep 27, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. plucnik

    plucnik Thread Starter

    Joined:
    Aug 19, 2003
    Messages:
    132
    To start off with....everyone at this forum has been great! It's nice to know that there's a friendly and knowledgeable place that you can go to get some help with tech problem.

    Anyway.....

    I'm using Tight VNC to connect some home PC's to the work network (less features but seems to work much better than PC Anywhere...besides it's a freebie). I can connect as long as the firewall is down (never a good idea). What I need to know, is what revision to this firewall script (below) needs to be done to allow port 5900? Tight VNC defaults to port 5900 (I assume TCP but....) and to 5800 HTTP to allow access.
    Thanks!
    Peter

    remote ipfilter flush input internet
    # remote ipfilter flush output internet
    # remote ipfilter flush transmit internet
    # remote ipfilter flush receive internet
    # eth ip filter flush input 0
    # eth ip filter flush output 0
    # eth ip filter flush transmit 0
    # eth ip filter flush receive 0
    # remote ipfilter append input drop -p tcp -tcp syn internet
    # remote ipfilter append input accept -p tcp internet
    # remote ipfilter append output accept -p tcp internet
    # remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
    # remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
    # remote ipfilter append input accept -p udp -sp 123 internet
    # remote ipfilter append output accept -p udp -dp 123 internet
    # eth ip filter append output drop -p udp -sp 123 0
    # eth ip filter append output drop -p udp -dp 123 0
    # remote ipfilter append input accept -p udp -sp 53 internet
    # remote ipfilter append output accept -p udp -dp 53 internet
    # remote ipfilter append input accept -p udp -sp 1701 internet
    # remote ipfilter append output accept -p udp -dp 1701 internet
    # remote ipfilter append input accept -p udp -sp 67 internet
    # remote ipfilter append output accept -p udp -dp 67 internet
    # remote ipfilter append input accept -p icmp -sp 0 internet
    # remote ipfilter append input accept -p icmp -sp 3 internet
    # remote ipfilter append input accept -p icmp -sp 8 internet
    # remote ipfilter append input accept -p icmp -sp 11 internet
    # remote ipfilter append output accept -p icmp -sp 0 internet
    # remote ipfilter append output accept -p icmp -sp 8 internet
    # remote ipfilter append output accept -p udp -dp 33434:33500 -sp 1024:65535 internet
    # remote ipfilter append input accept -p udp -sp 500 -dp 500 internet
    # remote ipfilter append input accept -p 50 internet
    # remote ipfilter append input accept -p 51 internet
    # remote ipfilter append output accept -p udp -sp 500 -dp 500 internet
    # remote ipfilter append output accept -p 50 internet
    # remote ipfilter append output accept -p 51 internet
    # remote ipfilter append input drop internet
    # remote ipfilter append output drop internet
    # remote ipfilter watch on internet
    # save
    #
     
  2. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    This is a total SWAG, but I'd try:

    # remote ipfilter append input accept -p tcp -sp 5900 -dp 5900 internet

    and

    # remote ipfilter append input accept -p udp -sp 5900 -dp 5900 internet

    This will allow the VNC client, do the same thing for 5800 for the HTTP access.

    Please note that I'm just trying to scope out what the script is doing, I've never seen this script, and I don't even know what firewall it's running, you're getting my best guess. :D
     
  3. plucnik

    plucnik Thread Starter

    Joined:
    Aug 19, 2003
    Messages:
    132
    Thanks johnwill, something like that was my guess. The firewall is (built in) from a Speedstream 5871 router. The information that I could find referred to setting up a VPN only. However, IPsec and L2TP activation on the router are an "add on" at some unknown additional cost. So I'm trying to go with another method.
    Thanks Peter
     
  4. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Let us know if it works. :D
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167816

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice