How to open port 8443 in Puppy's default firewall? SOLVED

[Owl]

Hi,

I have a problem that I can't seem to solve, already spent hours and hours on it. It should be rather simple but . . .Here it is:

I have reserved space for a website on a commercial server (hosting2go.nl). They ask you to login a webbased panel called Plek in order to start configuring the site. They ask you to open port 8443 in the firewall.

My firewall (on Puppy 1.0.7) is configured to have 2 other computers be able to login my Puppy machine. So, in /etc/rc.d/firewall I have added the following line:
PERMIT="192.168.1.34/16:5900-5903 192.168.1.35/16:5900-5903"

This works fine, through TinyVNC I am able to work from one computer on the other.

Now in my understanding I must add port 8443 to this line, so I have created:
PERMIT="8443 192.168.1.34/16:5900-5903 192.168.1.35/16:5900-5903"

However, it doesn't work and there are some error messages flashing by when booting (but to fast so I can't read them).

I have tried all sorts of combinations, including removing the other machines, using the firewall wizard, I even open a port on the router (not sure if this is necessary though), but I never get to contact my website provider.

Does anybody have an idea how to solve this ?

Second question: do I need to reboot my machine everytime after changing /etc/rc.d/firewall ? The wizard doesn't boot, but clicking, double clicking or right clicking the executable file, or running from a console doesn't seem to do anything ??

Thanks much in advance,
regards,

Owl.

BTW: using Puppy 1.0.7 Live CD, ADSL.

[edr4d]

you can do this:

Code: Select all

# /etc/rc.d/rc.firewall restart

That will apply the changes you've made and is better than rebooting.

Your formating for PERMIT is correct but I've found with this firewall (http://projectfiles.org/firewall) that PERMIT does not really allow inbound connections, it only opens the port to allow outbound ones? I have messed with trying to get it to work too long, even adjusting the ALLOW_INBOUND and PORT_FORWARDS, but gave up. I don't know enough about IPTables to really see what is going on under the hood. . .

If you can't get it to work, I would suggest using the pupget manager to download the morizot firewall which is very similar to the one your using now but it, in my experience, is much easier to get working. Morizot was used in puppy versions 1.0.6. If you use the pupget manager to install it all it will do is create the file rc.firewall-morizot in your /etc/rc.d/ and add a menu selection for the wizard setup right below the entry for the current one. You really don't even need to use the wizard, just open the rc.firewall-morizot with text editor and change it as you've done with the current one -- then </etc/rc.d/rc.firewall-morizot restart> or </etc/rc.d/rc.firewall-morizot start> (if you didn't run the wizard) and it will work. Of course be sure to stop your current firewall </etc/rc.d/rc.firewall stop> before you start morizot or run the morizot wizard. Also, if you have an entry in /etc/rc.d/rc.local to start the current firewall at boot, remove it and and in its place:

Code: Select all

echo "Starting Morizot Firewall"
/etc/rc.d/rc.firewall-morizot start

Of course it would be nice to have someone reply and explain why you are having the problem with Linux Firewall and how to fix it, so follow my suggestion if nothing else turns up.. Morizot works for me! GRC Sheilds UP shows full stealth and I found it easy to configure . . YMMV!

[Owl]

Hi,

thanks for the answer. You helped me with 2 major points: one is to be able to edit the file and make it run from the command line, and even better: to be able to stop it from the command line. This way I have found out some more info.

1. I can stop the firewall script and then the login works (proving that I can actually login from puppy).
2. I happen to have morizot on the system, so I did what you suggested but then nothing works anymore (no e-mail, no webaccess). So that is a no-go for me
3. when I start the firewall script I can access mail, web and use VNC, but there is a fatal error in the output (this is the same error that flashed by so quickly I couldn't read it).

I have copied it below:

/etc/rc.d/rc.firewall start
-> Projectfiles.com Linux Firewall version 2.0rc9 running.
-> Performing sanity checks.cut: unrecognized option `--output-delimiter= '
BusyBox v1.01 (2005.12.05-21:34+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
-b LIST Output only bytes from LIST
-c LIST Output only characters from LIST
-d CHAR Use CHAR instead of tab as the field delimiter
-s Output only the lines containing delimiter
-f N Print only these fields
-n Ignored

cut: unrecognized option `--output-delimiter= '
BusyBox v1.01 (2005.12.05-21:34+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
-b LIST Output only bytes from LIST
-c LIST Output only characters from LIST
-d CHAR Use CHAR instead of tab as the field delimiter
-s Output only the lines containing delimiter
-f N Print only these fields
-n Ignored

[ FAILED ]
-> FATAL: Network addresses must be in dotted decimal format in PERMIT.
-> Firewall configuration ** ABORTED **.


Does anyone have an idea what is going wrong here ?

thanks much in advance,
Owl.

[edr4d]

The error about PERMIT being in dotted decimal format doesn't make sense. I received the same error and couldn't resolve it. The firewall documentation is incorrect? Have you searched the forums at http://projectfiles.org/firewall? There are two similar posts about this but neither seemed applicable.

Regarding Morizot: Interesting (and unfortunate) that morizot didn't seem to work at all for you. Did you make sure to stop rc.firewall before starting rc.firewall-morizot? Did you try the morizot wizard? Did you edit the TCP and/or UDP ports correctly according to morizot's documention?

Unless someone comes along into this thread with better knowledge of either firewall and/or IPtables, you may find answers by making this inquiry on the respective firewalls' forums?

I remember going in circles for days trying to do simple task of opening a port for a bittorrent client and allowing inbound connections to it using rc.firewall. The PERMIT option did allow me to use bittorrent by making outbound connections on the port but did not allow other clients to connect to my computer. A port probe showed the port in question was in stealth mode despite it being listed in PERMIT and usable for outgoing connections. I then stopped rc.firewall and tried two other firewalls (firestarter and morizot) and both worked without problem. But then I've also know of a member of puppy community that reports using a bittorrent client and rc.firewall with ease and success.

GL

[GuestToo]

I happen to have morizot on the system, so I did what you suggested but then nothing works anymore

at the top of the morizot firewall script, is the network interface setup? ... there should be a line something like

pupNET_INTERFACE="ppp0"

or:

pupNET_INTERFACE="eth0"

it should not look like this:

pupNET_INTERFACE="PUPNETIF"

by the way, QuickTables (available as a dotpup package) can make a firewall for people who need something more complicated than the firewall included with Puppy

[jmarsden]

I suspect you guys are running older versions of Puppy? The rc.firewall script needs the real cut program, not the limited version from BusyBox. This is almost certainly the cause of your issues. I believe there was a thread about this in January sometime.

I have compiled so many things here I can't be sure whether or not this was fixed in 1.0.7 or 1.0.8 or when exactly. But even in an earlier Puppy, obtaining a working cut binary should fix your issues.

Jonathan

[Owl]

pupNET_INTERFACE="eth0"

it should not look like this:

pupNET_INTERFACE="PUPNETIF"

This is it ! I changed the PUPNETIF to eth0, started the scrip and there it was -- my plesk login works like a charm.

Thanks very much for this tip, one that I didn't find on any of my other searches !

Owl.

[Owl]

I suspect you guys are running older versions of Puppy? The rc.firewall script needs the real cut program, not the limited version from BusyBox. This is almost certainly the cause of your issues. I believe there was a thread about this in January sometime.

I have compiled so many things here I can't be sure whether or not this was fixed in 1.0.7 or 1.0.8 or when exactly. But even in an earlier Puppy, obtaining a working cut binary should fix your issues.

Jonathan

Hi,

I mentionted this in my first mail, but just to be complete: I run 1.0.7. Can you perhaps point me how to find out if my BusyBox is sufficient ?

Thanks in advance,
Owl.

[jmarsden]

Can you perhaps point me how to find out if my BusyBox is sufficient?

Sure. In a console window, type

Code: Select all

echo Your copy of cut is `cut --help 2>&1 |grep -sq output-delim || echo not` OK for Linux Firewall

And see what it says This checks whether the cut --help output includes the string output-delim -- if it does, you are good to go.

Looks like 1.0.7 does not include the real cut, but 1.0.8 does. Barry's News page for Feb 22 lists 1.0.8 changes and says in part

Full versions of cut, chmod and touch to replace Busybox versions.

Towards the end of http://www.murga.org/~puppy/viewtopic.php?t=5947 is a post with a working copy of cut which you can download if you need one, from MU.

Jonathan

[Owl]

And see what it says

Your copy of cut is not OK for Linux Firewall


Thanks for the answer ! Seems that 1.0.7 is not sufficient.
Since the morizot solution works fine I am still soooooo happy with Puppy !

thanks again and see you later on the forums,
Owl.