Board index Linux Networking

Port Forwarding -All ports shown as "Stealth"

Port Forwarding -All ports shown as "Stealth"

Post by Doug Laidla » Sat, 03 Feb 2007 14:06:55



I am unable to get ourtside services to see my computer.  I have an ADSL
modem/router configured as a "bridge" feeding into a wireless+4xethernet
router, with one ethernet port going to my computer, and the wireless port
going to my wife's laptop.  We have never had full networking, since her
intersts and mine don't overlap.

I have port forwarding for Ports 80 (Web server) 25 (Mail Server) P2P and
VOIP.  According to a scan at "Shields Up!", all the first 1056 ports come
up as stealth.  My servers are not visible.  EchoLink (a Ham program using
VOIP) can receive a station list, but can't connect to the test server (the
necessary ports have been forwarded.)

Any suggestions please?  I rather suspect that it is due to having the modem
in two stages.

Doug.
--
How wonderful it is that nobody need wait a single moment before starting to
improve the world.
   - Anne Frank.

 
 
 
Top

Port Forwarding -All ports shown as "Stealth"

Post by Doug Mitto » Sat, 03 Feb 2007 23:48:08



>I am unable to get ourtside services to see my computer.  I have an ADSL
>modem/router configured as a "bridge" feeding into a wireless+4xethernet
>router, with one ethernet port going to my computer, and the wireless port
>going to my wife's laptop.  We have never had full networking, since her
>intersts and mine don't overlap.

>I have port forwarding for Ports 80 (Web server) 25 (Mail Server) P2P and
>VOIP.  According to a scan at "Shields Up!", all the first 1056 ports come
>up as stealth.  My servers are not visible.  EchoLink (a Ham program using
>VOIP) can receive a station list, but can't connect to the test server (the
>necessary ports have been forwarded.)

>Any suggestions please?  I rather suspect that it is due to having the modem
>in two stages.

>Doug.

There is a work around for Echolink ... a public proxy:
http://www.echolink.org/proxy.htm

You didn't provide a lot of detail about your configuration BUT
consider:

- You set up port forwarding in your router but is the firewall on
your linux machine blocking the traffic?

- Does your Linux machine get a static IP address from the router, so
that it is always the correct destination of the router forwarding
rules?

- In your router forwarding rules did you forward TCP as well as UDP
traffic?

Good luck!
--
------------------------------------------------
         http://www3.sympatico.ca/dmitton
  SPAM Reduction: Remove "x." from my domain.
------------------------------------------------

--
Posted via a free Usenet account from http://www.teranews.com

 
 
 
Top

Port Forwarding -All ports shown as "Stealth"

Post by Doug Laidla » Sun, 04 Feb 2007 01:28:03



> On Fri, 02 Feb 2007 16:06:55 +1100, Doug Laidlaw rearranged some electrons
> to form:

>> I am unable to get ourtside services to see my computer.  I have an ADSL
>> modem/router configured as a "bridge" feeding into a wireless+4xethernet
>> router, with one ethernet port going to my computer, and the wireless
>> port
>> going to my wife's laptop.  We have never had full networking, since her
>> intersts and mine don't overlap.

>> I have port forwarding for Ports 80 (Web server) 25 (Mail Server) P2P and
>> VOIP.  According to a scan at "Shields Up!", all the first 1056 ports
>> come
>> up as stealth.  My servers are not visible.  EchoLink (a Ham program
>> using VOIP) can receive a station list, but can't connect to the test
>> server (the necessary ports have been forwarded.)

>> Any suggestions please?  I rather suspect that it is due to having the
>> modem in two stages.

>> Doug.

> Your ISP may be blocking them.

Thanks.  That may be so.  They used to work on this setup but only for a
while.

Doug.
--
Imagine all the people living for today.
   - John Lennon.

 
 
 
Top

Port Forwarding -All ports shown as "Stealth"

Post by Dan » Tue, 06 Feb 2007 13:25:20



> Any suggestions please?  I rather suspect that it is due to having the modem
> in two stages.

Can you see the web server from your wife's computer?  That's a good
starting point.  If you can't see it from your local network then you
won't be able to see it from outside.  What about from the host computer?
Make sure that things are actually running (netstat -tl).  You also need
to make sure that you don't have any firewall settings on the host
blocking ports.  Wireshark and tcpdump are good networking diagnostic
tool, also nmap.

Dan

 
 
 
Top

1. "stealth" and "closed" a shown on grc / port 5001

I use firestarter on a linux machine which hooks up
to the internet via pppd on an adsl link, and I have a win98
laptop as a samba / login client into this, which can
also surf the net using firestarters port forwarding / DNS, etc.

When I finally got the whole thing set up right the first time (a year ago
or so) and went
to www.grc.com to get a security "check-up", all the ports
grc scanned came up very nicely as "stealth". Now however,
I'm not sure what I did (maybe manually messed around with
some of the firestarters/IP-tables type rules at some stage),
but grc now shows all ports as "closed", except for the netbios (137 or
139 ? ... I forget) port that samba affects ... which it shows as "open" !
although no information is available through it. if however, smbd is killed,
137 shows up as "closed", along with everything else.

It may seem safe enough, but my question is: is there any way to get the
clean "stealth bill of health" back again on grc's "test your shields" ?
Perhaps flushing all iptables rules and restarting firestarter ? How do
you do that ?

<added fact which may or may not be of interest: i could achieve
total "stealth" when the rh-linux version was 7 (or 7.1 i can't remember),
whilst i am now on 7.2, wherein all ports show up as "closed">

Also, could anyone advise me on this: assuming I wish to continue
using firestarter on the linux router/gateway to the internet, how can
I open port 5001 on this machine in order to be able to use yahoo
messenger with a webcam on the client win98 machine ?

is this another case of combining iptables and firestarter in some
fashion ? because frankly, i don't see any way of opening port
5001 using firestarter ! Otherwise, I have no complaints:
Firestarter successfully forwards absolutely ALL packets
to the win98 client (icq, yahoo messenger, email, ftp, etc) - all
I need to be able to do now is use a webcam !

thanks for any tips.

Andrei

2. CA-Unicenter or Equivalent

3. "rm -rf /usr/ports" before "tar -xvzf ports.tar.gz"???

4. PPP or SLIP redial script?

5. ipchains: icmp "port" 8 to "port" 0

6. Solaris 2.5 Turbo GX driver wanted!

7. "netstat -nr" should show "default" or "0.0.0.0"?

8. 2.2.2 compile trouble

9. GETSERVBYNAME()????????????????????"""""""""""""

10. "list port failed "- with url to my show the actual error

11. IPCHAINS: Why Does Port 27374 Show up as "asp"?

12. Ports of BSD "scsi" and "sdremap" wanted

13. answer: ssh port forwarding error "administratively prohibited"


All times are UTC
Board index