5,576
edits
Changes
From SME Server
Jump to navigationJump to search→Open Ports in Private Server/Gateway Mode
<noinclude>
<noinclude>
===Additional information on customizing iptables===
Create a custom-named service definition in the configuration database. you can see the [[DB_Variables_Configuration#Additional_information_on_customizing_iptables|DB configuration]]
db configuration set <servicename> service
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> TCPPorts <portnumbers>
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
Effectuate the changes you have made
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/rc.d/init.d/masq
!Variable
!Target
!Default
|-
|TCPPort
| --proto tcp --dport <Ports>
|Pre-configured for default services; no default for custom services
|-
|TCPPorts
| --proto tcp --dports <Ports>
|No default for custom services; Ranges of ports are defined with a : not a -
|-
|UDPPort
| --proto udp --dport <Ports>
|Pre-configured for default services; no default for custom services
|-
|UDPPorts
| --proto udp --dports <Ports>
|No default for custom services; Ranges of ports are defined with a : not a -
|-
|status
|enabled | disabled
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
|-
|access
|public | private
|AllowHosts is set to "" (an empty string) unless access is 'public'
|-
|AllowHosts
| --src ..... --jump ACCEPT
|Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
|-
|DenyHosts
| --src ..... --jump denylog
|Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
|}
----
----
[[Category:Howto]]
[[Category:Howto]]
[[Category:Administration]]</noinclude>
[[Category:Administration]]</noinclude>
