[nycbug-talk] RE: Close port with no direction to open. Help!!!

Matthew Lam chun_lam
Tue Feb 17 19:23:51 EST 2004


Yes Scott. That does help.  At least you are telling me that I am doing
something wrong and that my guess of 5.0 having close port 110 by
default is wrong.  It also proved that I really need help ;-)

As to Kevin's question, I am using qmail.  I did install the
daemontools, but when I did within the firewall a telnet session to
localhost 110.  This is where I discovered that it was closed. Is there
anyway to open the port back up?

Matthew

-----Original Message-----
From: talk-bounces at lists.nycbug.org
[mailto:talk-bounces at lists.nycbug.org] On Behalf Of
talk-request at lists.nycbug.org
Sent: Tuesday, February 17, 2004 11:04 AM
To: talk at lists.nycbug.org
Subject: talk Digest, Vol 3, Issue 14

Send talk mailing list submissions to
	talk at lists.nycbug.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.nycbug.org/mailman/listinfo/talk
or, via email, send a message with subject or body 'help' to
	talk-request at lists.nycbug.org

You can reach the person managing the list at
	talk-owner at lists.nycbug.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of talk digest..."


Today's Topics:

   1. Re: RE: Close port with no direction to open.  Help!!!
      (Jan Schaumann)
   2. Re: RE: Close port with no direction to open.  Help!!!
      (Kevin Reiter)
   3. RE: RE: Close port with no direction to open.  Help!!!
      (Rodrick R. Brown)
   4. BSD WiFi (michael)
   5. Re: BSD WiFi (Marc Spitzer)
   6. Re: BSD WiFi (Dan Langille)
   7. Re: BSD WiFi (michael)
   8. Re: BSD WiFi (Dan Langille)
   9. Re: BSD WiFi (Marc Spitzer)
  10. RE: BSD WiFi (G. Rosamond)
  11. RE: RE: Close port with no direction to open. (Matthew Lam)
  12. Re: RE: Close port with no direction to open. (Scott Robbins)


----------------------------------------------------------------------

Message: 1
Date: Mon, 16 Feb 2004 11:20:05 -0500
From: Jan Schaumann <jschauma at netmeister.org>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
	Help!!!
To: talk at lists.nycbug.org
Message-ID: <20040216162005.GB26269 at netmeister.org>
Content-Type: text/plain; charset="us-ascii"

"Rodrick R. Brown" <rbrown at rodrickbrown.com> wrote:
  
> Try the following 
>  
> perl -p -i.bak -e 's/^#pop3/pop3/' /etc/services 
>  
> restart inetd 

I'm not sure I understand your advise correctly, but making a change to
/etc/services and then restarting inetd... that would assume that the OP
has already uncommented the service in /etc/inetd.conf and the only
reason it's not working is due to inetd not being able to resolve the
port number from the service name.

To the OP: install the pop3 daemon of your choice, then read its
documentation.  I don't know FreeBSD, does it come with a pop3 daemon as
part of the base install?

Often pop3 is run from inetd, so adding the proper line to
/etc/inetd.conf (and then making sure the correct port<->name mapping is
not uncommented in /etc/services (though I don't know why pop3 would be
commented in there)) and restarting inetd should get you into business.

pop3 stream tcp nowait root /usr/pkg/libexec/popa3d popa3d

might be an appropriate example line for /etc/inetd.conf.

As I said, consult the documentation of your pop3 daemon for details.

-Jan

-- 
Information wants to be free.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url :
http://lists.nycbug.org/pipermail/talk/attachments/20040216/3c29c4d7/att
achment-0001.bin

------------------------------

Message: 2
Date: Mon, 16 Feb 2004 11:41:51 -0500
From: "Kevin Reiter" <bsd at njcs-online.net>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
	Help!!!
To: <talk at lists.nycbug.org>
Message-ID: <012001c3f4ab$c749e6c0$0500a8c0 at zeus>
Content-Type: text/plain;	charset="iso-8859-1"

If you're using qmail (since I don't know which MTA you plan on/are
using,)
it's recommended to also install daemontools
(/usr/potrs/mail/daemontools-xxx) which will handle starting/stopping
qmail-smtpd and qmail-pop3d.  If you do, you shouldn't need to modify
/etc/services or /etc/inetd.conf at all.  If you're using that host as a
firewall as well, you'll need to allow all traffic on 25 and 110 on the
external interface through.  If this is a standalone box behind a
firewall,
you'll ned to route all traffic on ports 25 and 110 to the host running
the
MTA using natd on the firewall/router (if it's FreeBSD/*nix.)

I don't know how the install of FreeBSD was done, therefore I can't tell
you
where the problem lies, as there's a choice during install time to use
inetd
or not.

Please provide more information on the machine as well as which MTA you
plan
on/are using, and if it's behind a firewall or not.

Kevin



------------------------------

Message: 3
Date: Mon, 16 Feb 2004 13:24:53 -0500
From: "Rodrick R. Brown" <rbrown at rodrickbrown.com>
Subject: RE: [nycbug-talk] RE: Close port with no direction to open.
	Help!!!
To: "'Jan Schaumann'" <jschauma at netmeister.org>,
	<talk at lists.nycbug.org>
Message-ID: <200402161823.i1GINXjO024899 at kremlin.stereodreams.org>
Content-Type: text/plain;	charset="us-ascii"

Pftt duh I ment /etc/inetd.conf not services 

-----Original Message-----
From: talk-bounces at lists.nycbug.org
[mailto:talk-bounces at lists.nycbug.org]
On Behalf Of Jan Schaumann
Sent: Monday, February 16, 2004 11:20 AM
To: talk at lists.nycbug.org
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
Help!!!

"Rodrick R. Brown" <rbrown at rodrickbrown.com> wrote:
  
> Try the following 
>  
> perl -p -i.bak -e 's/^#pop3/pop3/' /etc/services 
>  
> restart inetd 

I'm not sure I understand your advise correctly, but making a change to
/etc/services and then restarting inetd... that would assume that the OP
has already uncommented the service in /etc/inetd.conf and the only
reason it's not working is due to inetd not being able to resolve the
port number from the service name.

To the OP: install the pop3 daemon of your choice, then read its
documentation.  I don't know FreeBSD, does it come with a pop3 daemon as
part of the base install?

Often pop3 is run from inetd, so adding the proper line to
/etc/inetd.conf (and then making sure the correct port<->name mapping is
not uncommented in /etc/services (though I don't know why pop3 would be
commented in there)) and restarting inetd should get you into business.

pop3 stream tcp nowait root /usr/pkg/libexec/popa3d popa3d

might be an appropriate example line for /etc/inetd.conf.

As I said, consult the documentation of your pop3 daemon for details.

-Jan

-- 
Information wants to be free.


------------------------------

Message: 4
Date: Tue, 17 Feb 2004 08:02:29 -0500
From: michael <lists at genoverly.net>
Subject: [nycbug-talk] BSD WiFi
To: <talk at lists.nycbug.org>
Message-ID: <20040217080229.69158965.lists at genoverly.net>
Content-Type: text/plain; charset=US-ASCII

If you haven't seen this yet, here's an article about securing a wifi
segment of
a home LAN, choosing IPsec over WEP.

http://ezine.daemonnews.org/200401/wifi-ipsec.html

FreeBSD Wi-Fi IPsec easy-setup guide
Abstract

An IPsec tunneling connection was set up between a MS-Windows host with
wireless
Ethernet and a FreeBSD NAT gateway. This setup allowed the mobile host
to have a
secure and encrypted connection over an inherently insecure wifi radio
network.
Introduction

-- 
---

------------------------------

Message: 5
Date: Tue, 17 Feb 2004 08:11:03 -0500
From: Marc Spitzer <mspitze1 at optonline.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: talk at lists.nycbug.org
Message-ID: <20040217081103.756f92f8.mspitze1 at optonline.net>
Content-Type: text/plain; charset=US-ASCII

On Tue, 17 Feb 2004 08:02:29 -0500
michael <lists at genoverly.net> wrote:

> If you haven't seen this yet, here's an article about securing a wifi
> segment of a home LAN, choosing IPsec over WEP.

Secure and wep don't go together.  Wep is 1/2 step removed from plain
text

> 
> http://ezine.daemonnews.org/200401/wifi-ipsec.html
> 
> FreeBSD Wi-Fi IPsec easy-setup guide
> Abstract

And thanks for the link, its a good article.

marc

------------------------------

Message: 6
Date: Tue, 17 Feb 2004 08:20:11 -0500 (EST)
From: Dan Langille <dan at langille.org>
Subject: Re: [nycbug-talk] BSD WiFi
To: Marc Spitzer <mspitze1 at optonline.net>
Cc: talk at lists.nycbug.org
Message-ID: <20040217081928.P36264 at xeon.unixathome.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Tue, 17 Feb 2004, Marc Spitzer wrote:

> On Tue, 17 Feb 2004 08:02:29 -0500
> michael <lists at genoverly.net> wrote:
>
> > If you haven't seen this yet, here's an article about securing a
wifi
> > segment of a home LAN, choosing IPsec over WEP.
>
> Secure and wep don't go together.  Wep is 1/2 step removed from plain
> text

Does Micheal mean "choosing IPsec instead of WEP"?


------------------------------

Message: 7
Date: Tue, 17 Feb 2004 08:50:21 -0500
From: michael <lists at genoverly.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: Dan Langille <dan at langille.org>
Cc: talk at lists.nycbug.org
Message-ID: <20040217085021.4a861d56.lists at genoverly.net>
Content-Type: text/plain; charset=US-ASCII

On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
Dan Langille <dan at langille.org> wrote:

> 
> Does Micheal mean "choosing IPsec instead of WEP"?
> 

I'll admit, it may have been ambiguous, but, I actually chose the
author's own
words. I guess it lost something in the translation to Canadian. <big
grin>

To answer your question:Yes
 - as in [choosing protocol A over protocol B]
 - not [choosing to run protocol A on top of protocol B]

Please use "instead of" instead of "over".

There... clearer? <grin>
Michael


-- 
---

------------------------------

Message: 8
Date: Tue, 17 Feb 2004 08:56:04 -0500 (EST)
From: Dan Langille <dan at langille.org>
Subject: Re: [nycbug-talk] BSD WiFi
To: michael <lists at genoverly.net>
Cc: talk at lists.nycbug.org
Message-ID: <20040217085521.A38759 at xeon.unixathome.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Tue, 17 Feb 2004, michael wrote:

> On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
> Dan Langille <dan at langille.org> wrote:
>
> >
> > Does Micheal mean "choosing IPsec instead of WEP"?
> >
>
> I'll admit, it may have been ambiguous, but, I actually chose the
author's own
> words. I guess it lost something in the translation to Canadian. <big
grin>
>
> To answer your question:Yes
>  - as in [choosing protocol A over protocol B]
>  - not [choosing to run protocol A on top of protocol B]
>
> Please use "instead of" instead of "over".
>
> There... clearer? <grin>
> Michael

Hmm, even if is is possible to run IPsec over WEP, it'll still be
secure.

-- 
Dan Langille - BSDCan: http://www.bsdcan.org/


------------------------------

Message: 9
Date: Tue, 17 Feb 2004 09:16:42 -0500
From: Marc Spitzer <mspitze1 at optonline.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: talk at lists.nycbug.org
Message-ID: <20040217091642.4e35e8b4.mspitze1 at optonline.net>
Content-Type: text/plain; charset=US-ASCII

On Tue, 17 Feb 2004 08:56:04 -0500 (EST)
Dan Langille <dan at langille.org> wrote:

> On Tue, 17 Feb 2004, michael wrote:
> 
> > On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
> > Dan Langille <dan at langille.org> wrote:
> >
> > >
> > > Does Micheal mean "choosing IPsec instead of WEP"?
> > >
> >
> > I'll admit, it may have been ambiguous, but, I actually chose the
> > author's own words. I guess it lost something in the translation to
> > Canadian. <big grin>
> >

That what you get for having too much alcohol in your beer.

> > To answer your question:Yes
> >  - as in [choosing protocol A over protocol B]
> >  - not [choosing to run protocol A on top of protocol B]
> >
> > Please use "instead of" instead of "over".
> >
> > There... clearer? <grin>
> > Michael
> 
> Hmm, even if is is possible to run IPsec over WEP, it'll still be
> secure.

It is, wep is layer 2 and ipsec is layer 3.  

marc


------------------------------

Message: 10
Date: Tue, 17 Feb 2004 10:15:15 -0500
From: "G. Rosamond" <george at sddi.net>
Subject: RE: [nycbug-talk] BSD WiFi
To: "'Marc Spitzer'" <mspitze1 at optonline.net>,	<talk at lists.nycbug.org>
Message-ID:
	
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAPGTn3jE8jEyddWJf/oR4JcKA
AAAQAAAA/tpInKbGTk6Pd+dV6jdLUAEAAAAA at sddi.net>
	
Content-Type: text/plain;	charset="US-ASCII"

i know at least one person on this list is/was involved in using a bsd
for a wlan in new york city.

there may be a useful how-to document in this. . .something that goes
from a to z on setting up a public wlan on bsd.

g


------------------------------

Message: 11
Date: Tue, 17 Feb 2004 10:38:03 -0500
From: "Matthew Lam" <chun_lam at hotmail.com>
Subject: RE: [nycbug-talk] RE: Close port with no direction to open.
To: <talk at lists.nycbug.org>
Message-ID: <00c201c3f56c$08287c90$0400000a at java2>
Content-Type: text/plain; charset="us-ascii"

Thank you all,

 

My OS is FreeBSD 5.0, which is pretty new.  I think that might be the
problem.  It might have port 110 close by default for some reason (maybe
for security reason).  I will try 4.9 version and see.

 

Also Thanks for the help Rodrick, there is no admin here.  We all do
everything here. ;-)  Program, admin, etc.  It is a small place with
only a few people (mostly friends).

 

Matthew

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.nycbug.org/pipermail/talk/attachments/20040217/993d1f9d/att
achment-0001.htm

------------------------------

Message: 12
Date: Tue, 17 Feb 2004 11:04:15 -0500
From: Scott Robbins <scottro at nyc.rr.com>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
To: talk at lists.nycbug.org
Message-ID: <20040217160415.GA7283 at nyserve1.starlofashions.com>
Content-Type: text/plain; charset="us-ascii"

On Tue, Feb 17, 2004 at 10:38:03AM -0500, Matthew Lam wrote:
> Thank you all,
> 
>  
> 
> My OS is FreeBSD 5.0, which is pretty new.  I think that might be the
> problem.  It might have port 110 close by default for some reason
(maybe
> for security reason).  I will try 4.9 version and see.

Hrm, I ran a mail-server briefly on 5.2 without any issues of 25 and 110
being closed by default.  Heh, that's a lot of help, isn't it?




-- 

Scott

GPG KeyID EB3467D6
( 1B848 077D 66F6 9DB0 FDC2  A409 FA54 D575 EB34 67D6)
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Joyce: You belong in a good old fashioned college with keg 
parties and boys. Not here with Hellmouths and vampires. 
Buffy: Not really seeing the distinction. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.nycbug.org/pipermail/talk/attachments/20040217/abba610d/att
achment.bin

------------------------------

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk


End of talk Digest, Vol 3, Issue 14
***********************************




More information about the talk mailing list