It has been a while since I wrote something. That does not mean that I did nothing. A part of this should already have been published in February.
Because I changed the phoneline from ISDN to PSTN I installed my old modem again. A good old Speedtouch. Everything seemed to function as before. 'Seemed' because after a while I noticed that I could not get phoned on my VoIP. Making a call was no problem. When I investigated the situation I found some possible holes in my firewall which I closed immediately. I also changed some passwords.
It took me quite a while to find the problem because I focused too much on my firewall. The problem was the modem. The SIP protocol was handled by the modem itself preventing it to reach my VoIP box. The solution was then simple. Just connect to the modem and type the following commands:
=>nat bindlist Application Proto Port FTP tcp 21 SIP udp 5060 =>nat unbind application=SIP port=5060 =>nat unbind application=FTP port=21 =>nat bindlist Application Proto Port =>config save =>system reboot
I wanted to be keep in touch with my server more closely. Now I had to connect every once in a while to the server and read my mails. I am still a long way from finishing the mail infrastructure. I came upon an explanation on how to send mails from your server through your ISP. In the past I tried but I did never succeed. Now it was different.
There are 2 files involved. The first one is main.cf. Add the following lines with the name of the mailserver of your ISP:
relayhost = [your.isp.mailhost] smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options =
Then create the file /etc/postfix/sasl_passwd with the following content:
[your.isp.mailhost] [your.isp.username]:[your.isp.password]
Make sure that this file is only read-write by root. You must now re-start postfix.
At this moment I have 2 related problems. The first one is that I can not activate the Samba server on my new server. The reason for me is unknown. I must plan a day to get into it. The second problem is that my old server disks become full. I tried to temporarily solve the problem by activating NFS. This way I can mount directories from my new server to my old server. I installed NFS and followed the guidelines of Securing NFS. Now NFS is active but my old server is not capable of mounting NFS exports so my 2 problems remain.
A few files need to be modified or created.
STATDOPTS="--port 32765 --outgoing-port 32766"
RPCMOUNTDOPTS="-p 32767"
RPCRQUOTADOPTS="-p 32769"
This file is only used to translate port numbers into 'readable' text. For example netstat -tl.
rpc.statd-bc 32765/tcp # RPC statd broadcast rpc.statd-bc 32765/udp # RPC statd broadcast rpc.statd 32766/tcp # RPC statd listen rpc.statd 32766/udp # RPC statd listen rpc.mountd 32767/tcp # RPC mountd rpc.mountd 32767/udp # RPC mountd rcp.lockd 32768/tcp # RPC lockd/nlockmgr rcp.lockd 32768/udp # RPC lockd/nlockmgr rpc.quotad 32769/tcp # RPC quotad rpc.quotad 32769/udp # RPC quotad
options lockd nlm_udpport=32768 nlm_tcpport=32768
In the firewall I added the following rules:
## NFS
iptables -A ${LAN}_FW -p tcp --dport 111 -j ACCEPT
iptables -A ${LAN}_FW -p udp --dport 111 -j ACCEPT
iptables -A ${LAN}_FW -p tcp --dport 2049 -j ACCEPT
iptables -A ${LAN}_FW -p udp --dport 2049 -j ACCEPT
iptables -A ${LAN}_FW -p tcp --dport 32765:32769 -j ACCEPT
iptables -A ${LAN}_FW -p udp --dport 32765:32769 -j ACCEPT