Server running on a different port

Next: Local redirecting firewall local Up: Sample configurations Previous: Server not running, called Contents

Server running on a different port

The previous scheme had a serious limiting factor: Many server programs will insist on listening to a network port. However, they will almost always allow for relocation. In this scheme, the server's socket will be moved to a different port, and ProtoWrap will listen for communication on the server's original port. The author strongly reccomends adding local firewalling rules to avoid any direct external communication to the actual server's port.

$\resizebox* {0.6\textwidth}{!}{\includegraphics{include/server-on-different-port.eps}}$

With this setup, we have:

$\begin{labeling}{00.00.0000} \item [Advantages]~ \end{labeling}$

Does not require any usually awkward firewalling rules to be set
Very easy to troubleshoot, very easy to set up back to normal, unprotected operation if needed

$\begin{labeling}{00.00.0000} \item [Disadvantages]~ \end{labeling}$

The real server remains exposed to attacks unless a local firewalling rule is added
Must modify the configuration for each server manually
Wrappers' executables and configuration are stored in each of the servers; this makes upgrading or adding rules a task requiring more effort than having them all in a single place

To get this configuration, we would have:

Server's /etc/rc.local includes:

/sbin/ipchains -A input -d 192.168.0.1/32 --proto tcp --destination-port 10025 -j REJECT
/usr/local/bin/smtpwrap &

Server's /etc/sendmail.cf includes:

# SMTP daemon options
O DaemonPortOptions=Port=10025

Server's /usr/local/bin/smtpwrap:

#!/usr/bin/perl 

use ProtoWrap::SMTP;
use strict;

my ($wrap);

$wrap = ProtoWrap::SMTP->new('standalone' => 1,
                             'listenPort' => 25,
                             'destType' => 'ip',
			     'destAddr' => '127.0.0.1',
			     'destPort' => 10025,
                             'logLevel' => 3,
                             'maxMsgSize' => 3000000,
                             'relayDomainList' => ['mydomain.com'],
                             'maxRcpt' => 10,
                             'setUidTo' => 32767
                             );
die 'Can\'t start SMTP wrapper' if (not defined $wrap);
$wrap->startServer() or warn 'Can\'t start wrapper for '.$wrap->getProp();

Next: Local redirecting firewall local Up: Sample configurations Previous: Server not running, called Contents

Gunnar Wolf
2001-03-12