Re: uucp via tcp through firewall fails

From: Jeff Liebermann (jeffl_at_comix.santa-cruz.ca.us)
Date: 02/14/04

Next message: FyRE: "Re: SCO OpenServer 5.0.7 Supplements"
Previous message: Jeff Liebermann: "Re: Need help with ODT 2.0"
In reply to: Steve M. Fabac, Jr.: "uucp via tcp through firewall fails"
Next in thread: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Reply: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Reply: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 14 Feb 2004 11:29:42 -0800

On Thu, 12 Feb 2004 18:10:56 GMT, "Steve M. Fabac, Jr."
<smfabac@att.net> wrote:

>I reconfigured a new client's system to move the SCO 5.0.6 system behind the firewall
>(cayman 3546) and now uucp via tcp fails.
>
>Previously, the clients configuration put the UNIX box on the Internet naked, full access,
>very bad.

Bad idea. Firewalls are a good thing.

>I deleted the firewall setting that mapped the external WAN IP directly to the LAN IP of
>the
>UNIX system.

Also bad idea. That opens all ports to the Unix box which is almost
as bad as having it directly exposed to the internet.

>I have created pin-holes (Cayman's name for port mapping) allowing 22, 25, 113, 117, and
>540
>to reach the UNIX system.

Overkill. For UUCP over TCP, you only need a hole at port 540/TCP for
TCP. I'm currently getting my email via this method. However, I do
recall that I had to enable ident and open a port for it 113/TCP.

>Executing uutry -x9 hostname results in:
>> Device Type TCP wanted
>> ProtoStr = ee
>> Internal caller type TCP
>> tcpdial host host2, port 540
>> family: 2
>> port: 7170
>> addr: 4203fcd0
>> timed out
>> timeout tcpopen
>> ProtoStr = eee
>> Internal caller type TCP
>> tcpdial host host2, port 540
>> family: 2
>> port: 7170
>> addr: 4203fcd0
>> timed out
>> timeout tcpopen
>> getto ret -1
>> Call Failed: NO DEVICES AVAILABLE
>> lockname(/usr/spool/uucp/LCK..host2)
>> exit code 101
>> Conversation Complete: Status FAILED
>>
>> TM_cnt: 0

OK. An open to port 540 on the remote machine failed. Can you telnet
to port 540 on the remote machine (host2)? You should get a login:
prompt. Type some garbage <enter> and it should disconnect. If there
are other machines available behind your firewall, also try it from
there.

>After seeing the above, I created another pinhole for port 7170, rebooted the Cayman
>router
>and still get the same result.

No, no, no. The port 7190 is the *OUTGOING* port number on the LAN
side of your router, which is transparent. It will be a different
port number every time poll for mail. No need for any port
redirection.

>The pinholes I created are all TCP. Is uucp over tcp trying to make a udp connection?

Nope. TCP only.

>Any suggestions/comments welcome

Is there more than one router involved in this system? Duz the other
router work or is it also a new router?

The Cayman 3546 ADSL "gateway" has many features that drove me insane.
One was the ability to route multiple IP addresses through a single
connecting address to the ISP. This was quite useful and was one
reason why SBC supplied these routers with their 5 IP address service.
The other is that it make sharing a 5 IP roputed connection more
difficult than with a 5 IP bridged connection. I scribbled a short
description of how it works at:
http://www.LearnByDestroying.com/crud/5IP.txt
The problem is that it really makes a mess of doing IP port
redirection. More simply, you cannot do IP port redirection if you're
using the 5IP *routed* IP topology, but can with the 5IP *bridged*
topology. I ended up using additional cheap routers to solve the
problem as scribbled in the above document.

-- 
Jeff Liebermann  150 Felker St #D  Santa Cruz CA 95060
(831)421-6491 pgr  (831)336-2558 home
http://www.LearnByDestroying.com   AE6KS
jeffl@comix.santa-cruz.ca.us   jeffl@cruzio.com

Next message: FyRE: "Re: SCO OpenServer 5.0.7 Supplements"
Previous message: Jeff Liebermann: "Re: Need help with ODT 2.0"
In reply to: Steve M. Fabac, Jr.: "uucp via tcp through firewall fails"
Next in thread: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Reply: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Reply: Steve M. Fabac, Jr.: "Re: uucp via tcp through firewall fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Newbie DNS resolution question
... > up and running from the Internet. ... > third-party web hosting company, ... In your router, forward incoming requests on port 80 TCP 443 TCP for SSL, to ...
(microsoft.public.windows.server.dns)
RE: [Error number: 0x80072EFD] auto update wont work
... In Internet Access Control go onto Microsoft Generic Host Process for Win32 ... remote http ... remote https (port 443) ... NB re TCP and UDP - some sites say you only need TCP but I found you need ...
(microsoft.public.windowsupdate)
RE: Windows XP open port 389
... Internet Connection Sharing in WIN XP should use NAT (Network Address ... Windows XP open port 389 ... I believe the Internet Locator Service cannot be installed on Windows ... 389 Internet Locator Service TCP ...
(Focus-Microsoft)
Re: honeypot
... That allows me to see new malware port hunting. ... 66.120.0.0-66.127.255.255 # SBC Internet Services SBCIS-SIS80 ... 66.144.0.0-66.145.255.255 # State of Ohio Network Columbus OH ...
(comp.security.misc)
port timeout
... I have an issue where it appears after 12 hours the UNIX side of a TCP ... port which has been receiving "keepalive" messages from the PC side no ... This causes the port to be closed as ...
(comp.unix.aix)