2,569
edits
Changes
Jump to navigation
Jump to search
Line 148:
Line 148: − − ===Firewall/Port Forwarding,Opening,Blocking=== − − *How do I configure the firewall? − The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc. If you wish to make changes beyond those provided for by the server manager, you can do so by providing custom templates − − *How do I allow public access to a service I've added to SME Server 7? − The procedure has changed and is now much simpler in SME Server 7. For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be opened. Watch your capitalization with the command below: − − config set manta service access public status enabled TCPPort nnn − − For UDP services, use UDPPort instead of TCPPort. − Note that you can also set restrictions with AllowHosts and DenyHosts: − − config setprop manta AllowHosts 1.2.3.4,10.11.12.0/24 − config setprop manta DenyHosts 16.17.18.18 − − Then, to activate, do: − − signal-event remoteaccess-update − − − *I want to block traffic from some ip-addresses to my server on some port. − config setprop httpd-e-smith DenyHosts a.b.c.d,w.x.y.z − signal-event post-upgrade − signal-event reboot − − − *I want to block All traffic from some ip-addresses to my server. − Create a custom template and list the IP's − mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/ − pico -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff − /sbin/iptables -A INPUT -s 69.212.12.76/32 -j DROP − /sbin/iptables -A INPUT -s 88.28.215.11/32 -j DROP − − expand and restart − /sbin/e-smith/expand-template /etc/rc.d/init.d/masq − /etc/init.d/masq restart − − − − *I want to block outgoing traffic from my server. − These commands are based on − http://bugs.contribs.org/show_bug.cgi?id=2977 − − Please check for the latest attachments (custom template fragments) to this bug. − − At present, traffic is only blocked if it originates on the primary local − network. − No processing is performed on traffic addressed to the LAN IP, WAN IP or − loopback address of the SME. − − − Download custom templates and configure ports with db command − − mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq − cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq − wget -O 91adjustPortBlocks http://bugs.contribs.org/attachment.cgi?id=1395 − wget -O 42SetupPortBlocks http://bugs.contribs.org/attachment.cgi?id=1389 − − Create desired db entries to suit the ports & protocols you want to block − config setprop masq TCPBlocks address:port − config setprop masq UDPBlocks address:port − − eg to block all outbound traffic except that passed by the smtp & httpd proxies − config setprop masq TCPBlocks 0.0.0.0/0:1-65535 − config setprop masq UDPBlocks 0.0.0.0/0:1-65535 − − eg to leave open some ports ie 222 & 2000-2010, block in ranges − config setprop masq TCPBlocks 0.0.0.0/0:1-221,0.0.0.0/0:223-1999,0.0.0.0/0:2011-65535 − − Update the config changes and restart masq − signal-event remoteaccess-update − /etc/init.d/masq restart − − − − *I want to have two WAN addresses; one for the SMESERVER and another that needs to be treated like a "Local Network". I can't set any address from the WAN subnet as a "Local Network". − − This is intended behaviour as SMESERVER is secure by design. If you need to do something like this, you should know what you are doing and understand what to poke under the covers. Line 508:
Line 428: + + + + + + − + − + − +
SME Server:Documentation:FAQ (view source)
Revision as of 02:11, 21 October 2007
, 02:11, 21 October 2007split firewall
The netlogon directory is located on the SMESERVER at: /home/e-smith/files/samba/netlogon
The netlogon directory is located on the SMESERVER at: /home/e-smith/files/samba/netlogon
It can also be found by a client computer at: \\servername\netlogon
It can also be found by a client computer at: \\servername\netlogon
===Web Applications===
===Web Applications===
{{Note box|Please refer to the [[:Email]] Page }}
{{Note box|Please refer to the [[:Email]] Page }}
==Firewall==
{{Note box|The server manager is the GUI front end for the firewall. <br>
The firewall is modified automatically in response to changes you make in the configuration.<br>
Please refer to the [[:Firewall]] page}}
==Known Problems==
==Known Problems==
{{Note box|Please refer to the [[:KnownProblems]] page <br>
{{Note box|This section is to be used to document problems that cannot or will not <br>
This section is to be used to document problems that cannot or will not
be fixed through development of SME7. <br>
be fixed through development of SME7.}}
Please refer to the [[:KnownProblems]] page}}