Hello Toofargone!
On 07 Apr 2023, Toofargone said the following...
New to QWK and Dove-Net. I'm just wondering what ports QWK uses? So far I' seen 21, 1024, 1026 and 2000. Is that all or am I missing some? I've opene these up on my firewall and all seems to be good so far.
I believe the usual way to exchange traffic for QWK networks is by sending/receiving QWK packets through passive FTP. Passive FTP is based on the assumption that you can connect to any service on the Internet, but not vice versa, i.e. you are firewalled and cannot accept incoming connections on an arbitrary port.
For passive FTP, all connections are initiated by you. The source port on/from your machine is usually an ephemeral TCP port (see
https://en.wikipedia.org/wiki/Ephemeral_port for more info on those), i.e. a random and rather high-numbered port. On a Linux box, you should be able to issue the command
cat /proc/sys/net/ipv4/ip_local_port_range
...to view the range for those ports.
The destination port (at the hub) is usually TCP port 21 for "commands" (unless the hub has specified something else), plus a range of ports (decided by the hub) for the actual file transfers, e.g. 3900--3999.
To know the port range for the file transfers you would have to ask the hub, or, to avoid that (port ranges can be changed by the hub at any time without notice!), your firewall has to allow for any outgoing TCP traffic initiated by you and the packets flowing back to you over that connection.
The latter can be achieved by either allowing all TCP traffic from the outside whose packets are not marked as "new" (i.e. not having the TCP SYN flag) -- as the network stack should discard anything inappropriate = new that is not part of an existing connection -- or by some connection tracking feature, allowing "established" traffic (essentially the same thing).
See e.g.
https://wiki.centos.org/HowTos/Network/IPTables#Writing_a_Simple_Rule_Set for tracking established/related connections, where "established" would be keeping track of the connections you initiate, and "related" would be extra "magic" needed if *you* were to host a service for a protocol like FTP (e.g. if you were the QWK hub).
Recent Linux distributions utilize different firewall packages (e.g. nftables), so the iptables example above might not be 100% applicable for your setup, but it gives a rough idea of the functionality needed.
Hope this helps!
Best regards
Zip
--- Mystic BBS v1.12 A49 2023/03/14 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden