[nycbug-talk] RE: Close port with no direction to open. Help!!!
Matthew Lam
chun_lam
Tue Feb 17 19:23:51 EST 2004
Yes Scott. That does help. At least you are telling me that I am doing
something wrong and that my guess of 5.0 having close port 110 by
default is wrong. It also proved that I really need help ;-)
As to Kevin's question, I am using qmail. I did install the
daemontools, but when I did within the firewall a telnet session to
localhost 110. This is where I discovered that it was closed. Is there
anyway to open the port back up?
Matthew
-----Original Message-----
From: talk-bounces at lists.nycbug.org
[mailto:talk-bounces at lists.nycbug.org] On Behalf Of
talk-request at lists.nycbug.org
Sent: Tuesday, February 17, 2004 11:04 AM
To: talk at lists.nycbug.org
Subject: talk Digest, Vol 3, Issue 14
Send talk mailing list submissions to
talk at lists.nycbug.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.nycbug.org/mailman/listinfo/talk
or, via email, send a message with subject or body 'help' to
talk-request at lists.nycbug.org
You can reach the person managing the list at
talk-owner at lists.nycbug.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of talk digest..."
Today's Topics:
1. Re: RE: Close port with no direction to open. Help!!!
(Jan Schaumann)
2. Re: RE: Close port with no direction to open. Help!!!
(Kevin Reiter)
3. RE: RE: Close port with no direction to open. Help!!!
(Rodrick R. Brown)
4. BSD WiFi (michael)
5. Re: BSD WiFi (Marc Spitzer)
6. Re: BSD WiFi (Dan Langille)
7. Re: BSD WiFi (michael)
8. Re: BSD WiFi (Dan Langille)
9. Re: BSD WiFi (Marc Spitzer)
10. RE: BSD WiFi (G. Rosamond)
11. RE: RE: Close port with no direction to open. (Matthew Lam)
12. Re: RE: Close port with no direction to open. (Scott Robbins)
----------------------------------------------------------------------
Message: 1
Date: Mon, 16 Feb 2004 11:20:05 -0500
From: Jan Schaumann <jschauma at netmeister.org>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
Help!!!
To: talk at lists.nycbug.org
Message-ID: <20040216162005.GB26269 at netmeister.org>
Content-Type: text/plain; charset="us-ascii"
"Rodrick R. Brown" <rbrown at rodrickbrown.com> wrote:
> Try the following
>
> perl -p -i.bak -e 's/^#pop3/pop3/' /etc/services
>
> restart inetd
I'm not sure I understand your advise correctly, but making a change to
/etc/services and then restarting inetd... that would assume that the OP
has already uncommented the service in /etc/inetd.conf and the only
reason it's not working is due to inetd not being able to resolve the
port number from the service name.
To the OP: install the pop3 daemon of your choice, then read its
documentation. I don't know FreeBSD, does it come with a pop3 daemon as
part of the base install?
Often pop3 is run from inetd, so adding the proper line to
/etc/inetd.conf (and then making sure the correct port<->name mapping is
not uncommented in /etc/services (though I don't know why pop3 would be
commented in there)) and restarting inetd should get you into business.
pop3 stream tcp nowait root /usr/pkg/libexec/popa3d popa3d
might be an appropriate example line for /etc/inetd.conf.
As I said, consult the documentation of your pop3 daemon for details.
-Jan
--
Information wants to be free.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url :
http://lists.nycbug.org/pipermail/talk/attachments/20040216/3c29c4d7/att
achment-0001.bin
------------------------------
Message: 2
Date: Mon, 16 Feb 2004 11:41:51 -0500
From: "Kevin Reiter" <bsd at njcs-online.net>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
Help!!!
To: <talk at lists.nycbug.org>
Message-ID: <012001c3f4ab$c749e6c0$0500a8c0 at zeus>
Content-Type: text/plain; charset="iso-8859-1"
If you're using qmail (since I don't know which MTA you plan on/are
using,)
it's recommended to also install daemontools
(/usr/potrs/mail/daemontools-xxx) which will handle starting/stopping
qmail-smtpd and qmail-pop3d. If you do, you shouldn't need to modify
/etc/services or /etc/inetd.conf at all. If you're using that host as a
firewall as well, you'll need to allow all traffic on 25 and 110 on the
external interface through. If this is a standalone box behind a
firewall,
you'll ned to route all traffic on ports 25 and 110 to the host running
the
MTA using natd on the firewall/router (if it's FreeBSD/*nix.)
I don't know how the install of FreeBSD was done, therefore I can't tell
you
where the problem lies, as there's a choice during install time to use
inetd
or not.
Please provide more information on the machine as well as which MTA you
plan
on/are using, and if it's behind a firewall or not.
Kevin
------------------------------
Message: 3
Date: Mon, 16 Feb 2004 13:24:53 -0500
From: "Rodrick R. Brown" <rbrown at rodrickbrown.com>
Subject: RE: [nycbug-talk] RE: Close port with no direction to open.
Help!!!
To: "'Jan Schaumann'" <jschauma at netmeister.org>,
<talk at lists.nycbug.org>
Message-ID: <200402161823.i1GINXjO024899 at kremlin.stereodreams.org>
Content-Type: text/plain; charset="us-ascii"
Pftt duh I ment /etc/inetd.conf not services
-----Original Message-----
From: talk-bounces at lists.nycbug.org
[mailto:talk-bounces at lists.nycbug.org]
On Behalf Of Jan Schaumann
Sent: Monday, February 16, 2004 11:20 AM
To: talk at lists.nycbug.org
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
Help!!!
"Rodrick R. Brown" <rbrown at rodrickbrown.com> wrote:
> Try the following
>
> perl -p -i.bak -e 's/^#pop3/pop3/' /etc/services
>
> restart inetd
I'm not sure I understand your advise correctly, but making a change to
/etc/services and then restarting inetd... that would assume that the OP
has already uncommented the service in /etc/inetd.conf and the only
reason it's not working is due to inetd not being able to resolve the
port number from the service name.
To the OP: install the pop3 daemon of your choice, then read its
documentation. I don't know FreeBSD, does it come with a pop3 daemon as
part of the base install?
Often pop3 is run from inetd, so adding the proper line to
/etc/inetd.conf (and then making sure the correct port<->name mapping is
not uncommented in /etc/services (though I don't know why pop3 would be
commented in there)) and restarting inetd should get you into business.
pop3 stream tcp nowait root /usr/pkg/libexec/popa3d popa3d
might be an appropriate example line for /etc/inetd.conf.
As I said, consult the documentation of your pop3 daemon for details.
-Jan
--
Information wants to be free.
------------------------------
Message: 4
Date: Tue, 17 Feb 2004 08:02:29 -0500
From: michael <lists at genoverly.net>
Subject: [nycbug-talk] BSD WiFi
To: <talk at lists.nycbug.org>
Message-ID: <20040217080229.69158965.lists at genoverly.net>
Content-Type: text/plain; charset=US-ASCII
If you haven't seen this yet, here's an article about securing a wifi
segment of
a home LAN, choosing IPsec over WEP.
http://ezine.daemonnews.org/200401/wifi-ipsec.html
FreeBSD Wi-Fi IPsec easy-setup guide
Abstract
An IPsec tunneling connection was set up between a MS-Windows host with
wireless
Ethernet and a FreeBSD NAT gateway. This setup allowed the mobile host
to have a
secure and encrypted connection over an inherently insecure wifi radio
network.
Introduction
--
---
------------------------------
Message: 5
Date: Tue, 17 Feb 2004 08:11:03 -0500
From: Marc Spitzer <mspitze1 at optonline.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: talk at lists.nycbug.org
Message-ID: <20040217081103.756f92f8.mspitze1 at optonline.net>
Content-Type: text/plain; charset=US-ASCII
On Tue, 17 Feb 2004 08:02:29 -0500
michael <lists at genoverly.net> wrote:
> If you haven't seen this yet, here's an article about securing a wifi
> segment of a home LAN, choosing IPsec over WEP.
Secure and wep don't go together. Wep is 1/2 step removed from plain
text
>
> http://ezine.daemonnews.org/200401/wifi-ipsec.html
>
> FreeBSD Wi-Fi IPsec easy-setup guide
> Abstract
And thanks for the link, its a good article.
marc
------------------------------
Message: 6
Date: Tue, 17 Feb 2004 08:20:11 -0500 (EST)
From: Dan Langille <dan at langille.org>
Subject: Re: [nycbug-talk] BSD WiFi
To: Marc Spitzer <mspitze1 at optonline.net>
Cc: talk at lists.nycbug.org
Message-ID: <20040217081928.P36264 at xeon.unixathome.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 17 Feb 2004, Marc Spitzer wrote:
> On Tue, 17 Feb 2004 08:02:29 -0500
> michael <lists at genoverly.net> wrote:
>
> > If you haven't seen this yet, here's an article about securing a
wifi
> > segment of a home LAN, choosing IPsec over WEP.
>
> Secure and wep don't go together. Wep is 1/2 step removed from plain
> text
Does Micheal mean "choosing IPsec instead of WEP"?
------------------------------
Message: 7
Date: Tue, 17 Feb 2004 08:50:21 -0500
From: michael <lists at genoverly.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: Dan Langille <dan at langille.org>
Cc: talk at lists.nycbug.org
Message-ID: <20040217085021.4a861d56.lists at genoverly.net>
Content-Type: text/plain; charset=US-ASCII
On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
Dan Langille <dan at langille.org> wrote:
>
> Does Micheal mean "choosing IPsec instead of WEP"?
>
I'll admit, it may have been ambiguous, but, I actually chose the
author's own
words. I guess it lost something in the translation to Canadian. <big
grin>
To answer your question:Yes
- as in [choosing protocol A over protocol B]
- not [choosing to run protocol A on top of protocol B]
Please use "instead of" instead of "over".
There... clearer? <grin>
Michael
--
---
------------------------------
Message: 8
Date: Tue, 17 Feb 2004 08:56:04 -0500 (EST)
From: Dan Langille <dan at langille.org>
Subject: Re: [nycbug-talk] BSD WiFi
To: michael <lists at genoverly.net>
Cc: talk at lists.nycbug.org
Message-ID: <20040217085521.A38759 at xeon.unixathome.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 17 Feb 2004, michael wrote:
> On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
> Dan Langille <dan at langille.org> wrote:
>
> >
> > Does Micheal mean "choosing IPsec instead of WEP"?
> >
>
> I'll admit, it may have been ambiguous, but, I actually chose the
author's own
> words. I guess it lost something in the translation to Canadian. <big
grin>
>
> To answer your question:Yes
> - as in [choosing protocol A over protocol B]
> - not [choosing to run protocol A on top of protocol B]
>
> Please use "instead of" instead of "over".
>
> There... clearer? <grin>
> Michael
Hmm, even if is is possible to run IPsec over WEP, it'll still be
secure.
--
Dan Langille - BSDCan: http://www.bsdcan.org/
------------------------------
Message: 9
Date: Tue, 17 Feb 2004 09:16:42 -0500
From: Marc Spitzer <mspitze1 at optonline.net>
Subject: Re: [nycbug-talk] BSD WiFi
To: talk at lists.nycbug.org
Message-ID: <20040217091642.4e35e8b4.mspitze1 at optonline.net>
Content-Type: text/plain; charset=US-ASCII
On Tue, 17 Feb 2004 08:56:04 -0500 (EST)
Dan Langille <dan at langille.org> wrote:
> On Tue, 17 Feb 2004, michael wrote:
>
> > On Tue, 17 Feb 2004 08:20:11 -0500 (EST)
> > Dan Langille <dan at langille.org> wrote:
> >
> > >
> > > Does Micheal mean "choosing IPsec instead of WEP"?
> > >
> >
> > I'll admit, it may have been ambiguous, but, I actually chose the
> > author's own words. I guess it lost something in the translation to
> > Canadian. <big grin>
> >
That what you get for having too much alcohol in your beer.
> > To answer your question:Yes
> > - as in [choosing protocol A over protocol B]
> > - not [choosing to run protocol A on top of protocol B]
> >
> > Please use "instead of" instead of "over".
> >
> > There... clearer? <grin>
> > Michael
>
> Hmm, even if is is possible to run IPsec over WEP, it'll still be
> secure.
It is, wep is layer 2 and ipsec is layer 3.
marc
------------------------------
Message: 10
Date: Tue, 17 Feb 2004 10:15:15 -0500
From: "G. Rosamond" <george at sddi.net>
Subject: RE: [nycbug-talk] BSD WiFi
To: "'Marc Spitzer'" <mspitze1 at optonline.net>, <talk at lists.nycbug.org>
Message-ID:
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAPGTn3jE8jEyddWJf/oR4JcKA
AAAQAAAA/tpInKbGTk6Pd+dV6jdLUAEAAAAA at sddi.net>
Content-Type: text/plain; charset="US-ASCII"
i know at least one person on this list is/was involved in using a bsd
for a wlan in new york city.
there may be a useful how-to document in this. . .something that goes
from a to z on setting up a public wlan on bsd.
g
------------------------------
Message: 11
Date: Tue, 17 Feb 2004 10:38:03 -0500
From: "Matthew Lam" <chun_lam at hotmail.com>
Subject: RE: [nycbug-talk] RE: Close port with no direction to open.
To: <talk at lists.nycbug.org>
Message-ID: <00c201c3f56c$08287c90$0400000a at java2>
Content-Type: text/plain; charset="us-ascii"
Thank you all,
My OS is FreeBSD 5.0, which is pretty new. I think that might be the
problem. It might have port 110 close by default for some reason (maybe
for security reason). I will try 4.9 version and see.
Also Thanks for the help Rodrick, there is no admin here. We all do
everything here. ;-) Program, admin, etc. It is a small place with
only a few people (mostly friends).
Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.nycbug.org/pipermail/talk/attachments/20040217/993d1f9d/att
achment-0001.htm
------------------------------
Message: 12
Date: Tue, 17 Feb 2004 11:04:15 -0500
From: Scott Robbins <scottro at nyc.rr.com>
Subject: Re: [nycbug-talk] RE: Close port with no direction to open.
To: talk at lists.nycbug.org
Message-ID: <20040217160415.GA7283 at nyserve1.starlofashions.com>
Content-Type: text/plain; charset="us-ascii"
On Tue, Feb 17, 2004 at 10:38:03AM -0500, Matthew Lam wrote:
> Thank you all,
>
>
>
> My OS is FreeBSD 5.0, which is pretty new. I think that might be the
> problem. It might have port 110 close by default for some reason
(maybe
> for security reason). I will try 4.9 version and see.
Hrm, I ran a mail-server briefly on 5.2 without any issues of 25 and 110
being closed by default. Heh, that's a lot of help, isn't it?
--
Scott
GPG KeyID EB3467D6
( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6)
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Joyce: You belong in a good old fashioned college with keg
parties and boys. Not here with Hellmouths and vampires.
Buffy: Not really seeing the distinction.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.nycbug.org/pipermail/talk/attachments/20040217/abba610d/att
achment.bin
------------------------------
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
End of talk Digest, Vol 3, Issue 14
***********************************
More information about the talk
mailing list