Looking for assistance opening POP3 (TCP Port 110) access on CMM 6.3. On previous releases, this was enabled under IMAP/SMTP "General Options" in the CMM and was just a matter of changing from no to yes. I have searched for this setting with zero luck on the 6.3 release. Any help/suggestions would be greatly appreciated. Thanks!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
CMM 6.3 POP3 (TCP Port 110)
- Thread starter avguytim
- Start date
montyzummer
IS-IT--Management
See below
use the Firewall SMI page to view the current IPv4 and IPv6 firewall rules. Altering these rules is advanced usage that can only be performed with the 'firewall' command from the command line.
Base on this, try to login to shell window (also can go shell from SAT window) and run shell command “firewall”. Please refer to the following information for detail.
dadmin@cm62> firewall
You must specify -4 or -6 on the command line.
Usage: firewall [-h|--help] [[-4|-6] [-d | -c | -m "" ]
where:
-4 : edit the IPv4 firewall
-6 : edit the IPv6 firewall
-c|--commit : commit the rules currently running in
the kernel to be permanent
-d|--default : reset firewall to the "default" settings.
-h|--help : this help
-m|--modify : add a new rule to the running firewall
using iptables command syntax. Put the new
rule in double quotes for proper operation.
: the new iptables rule to add to the firewall.
DEFAULT: Only -4 or only -6 prints the current firewall settings for the respective firewall.
For example:
firewall -4 -m "-A INPUT -s 135.27.205.247 -p tcp -j DROP"
Then you will join a new rule to INPUT chain. “28 DROP tcp -- 135.27.205.247 0.0.0.0/0 ”
Another example for opening a specific port on the firewall:
firewall -4 -m "-I INPUT -p udp --destination-port 162 -j ACCEPT"
firewall -4 -m "-I OUTPUT -p udp --destination-port 162 -j ACCEPT"
You can also run “firewall -4” to check the current rules.
For the “iptables” syntax, please refer to the command "iptables -h or man iptables"
[root@TSCM6DupSrv1 ecs]# iptables -h
iptables v1.3.5
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
APSS (SME)
ACSS (SME)
ACIS (UC)
use the Firewall SMI page to view the current IPv4 and IPv6 firewall rules. Altering these rules is advanced usage that can only be performed with the 'firewall' command from the command line.
Base on this, try to login to shell window (also can go shell from SAT window) and run shell command “firewall”. Please refer to the following information for detail.
dadmin@cm62> firewall
You must specify -4 or -6 on the command line.
Usage: firewall [-h|--help] [[-4|-6] [-d | -c | -m "" ]
where:
-4 : edit the IPv4 firewall
-6 : edit the IPv6 firewall
-c|--commit : commit the rules currently running in
the kernel to be permanent
-d|--default : reset firewall to the "default" settings.
-h|--help : this help
-m|--modify : add a new rule to the running firewall
using iptables command syntax. Put the new
rule in double quotes for proper operation.
: the new iptables rule to add to the firewall.
DEFAULT: Only -4 or only -6 prints the current firewall settings for the respective firewall.
For example:
firewall -4 -m "-A INPUT -s 135.27.205.247 -p tcp -j DROP"
Then you will join a new rule to INPUT chain. “28 DROP tcp -- 135.27.205.247 0.0.0.0/0 ”
Another example for opening a specific port on the firewall:
firewall -4 -m "-I INPUT -p udp --destination-port 162 -j ACCEPT"
firewall -4 -m "-I OUTPUT -p udp --destination-port 162 -j ACCEPT"
You can also run “firewall -4” to check the current rules.
For the “iptables” syntax, please refer to the command "iptables -h or man iptables"
[root@TSCM6DupSrv1 ecs]# iptables -h
iptables v1.3.5
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
APSS (SME)
ACSS (SME)
ACIS (UC)
- Thread starter
- #3
Monty,
Thanks for the quick reply and great information! I followed the example in your post and have added port 110 to the firewall rules as follows
firewall -4 -m "-I INPUT -p tcp --destination-port 110 -j ACCEPT"
firewall -4 -m "-I OUTPUT -p tcp --destination-port 110 -j ACCEPT"
These do now in fact show up in the rules but I still cannot successfully test the POP3 as the connection is still refused. Any ideas?
Thanks for the quick reply and great information! I followed the example in your post and have added port 110 to the firewall rules as follows
firewall -4 -m "-I INPUT -p tcp --destination-port 110 -j ACCEPT"
firewall -4 -m "-I OUTPUT -p tcp --destination-port 110 -j ACCEPT"
These do now in fact show up in the rules but I still cannot successfully test the POP3 as the connection is still refused. Any ideas?
- Status
Similar threads