Hi all,
I want to add a port range for Jitsi Jigasi: 20000..20050.
If I try to add the new network service in Cockpit:
At the command line:
# config set fw_jitsi-jigasi service status enabled UDPPort 20000..20050 access green,red
#
# signal-event firewall-adjust
#
# config show fw_jitsi-jigasi
fw_jitsi-jigasi=service
UDPPort=20000..20050
access=green,red
status=enabled
#
# cat /etc/shorewall/rules | egrep 20000
ACCEPT loc $FW udp 20000..20050
ACCEPT net $FW udp 20000..20050
#
In Cockpit, I see the result:
If I edit:
Is that a bug in Cockpit ?
Michel-André
dnutan
May 17, 2021, 6:56pm
2
Have you tried with a different syntax, like “:” as separator?
Hi Marc,
man shorewall-rules defines ip-range with -, so i tried 20000-20050 for ports and 20000:20050 with no success.
Then I tried with fw_jitsi-toto and 20000:20050 as fw_jitsi-jigasi was already there from the command line:
echo '{"action":"service-create","serviceName":"fw_jitsi-toto","access":["green","red"],"tcpPorts":[],"udpPorts":["20000:20050"]}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/create | jq
Michel-André
P.S. Strangely enough, fw_jitsi-toto appears in Cockpit
P.P.S. More strange, I cannot delete it.
echo '{"action":"service-delete","serviceName":"fw_jitsi-toto"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/delete | jq
Hi all,
# config show jw_jitsi-toto
#
Recreate it with CLI,
# config set fw_jitsi-toto service status enabled UDPPort 20000..20050 access green,red
#
Now it shows
# config show fw_jitsi-toto
fw_jitsi-toto=service
UDPPort=20000..20050
access=green,red
status=enabled
#
I do not signal with: # signal-event firewall-adjust
I delete it in Cockpit
echo '{"action":"service-delete","serviceName":"fw_jitsi-toto"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/delete | jq
At the CLI
# config show fw_jitsi-toto
#
Refresh Cockpit page and fw_jitsi-toto is not there anymore.
I recreate it at the CLI, signal-event, it shows in cokpit, delete it in Cockpit and it dispappears in Cockpit and at the CLI.
Michel-André
dnutan
May 17, 2021, 7:58pm
5
When using the command line some (or most) validation checks are not present.
ERROR: Invalid/Unknown udp port/service (20000…20050) /etc/shorewall/rules (line 138)
I’ve tried the same command (but without having any real service linked to the ports).
Hi Marc,
Thank you for the follow up.
What happen if at the command line you try:
# config set fw_jitsi-jigasi service status enabled UDPPort 20000..20050 access green,red
#
# signal-event firewall-adjust
#
# config show fw_jitsi-jigasi
fw_jitsi-jigasi=service
UDPPort=20000..20050
access=green,red
status=enabled
#
You should see it in Cockpit; you won’t be able to edit it, but it will be possible to delete it.
The question is:
Michel-André
stephdl
May 17, 2021, 8:27pm
7
stephdl
May 17, 2021, 8:32pm
8
Check the info button (i) you can just use a list of ports comma separated
Salut Stéphane,
Thank you for joining in.
It is not for ports fowarding but ports opening so you can access them from the Internet.
For my part, since I am running Jitsi Meet on a LOCAL VM, maybe I will also have to forward those port, but I am not sure if I have to.
For a case where Jitsi Meet is running on a NS server directly attached to the Internet, for sure those ports have to be opened and not necessarily forwarded ?
Info button: Will I have to include 50 ports separated by comma ?
Michel-André
stephdl
May 17, 2021, 8:44pm
11
You are right you can use : associated with a ,
Hi Marc,
Great find.
in 7.7.1908/testing :
Member
Test case
gsanchietti closed this on 18 Feb 2020
# rpm -qa | grep nethserver-cockpit
nethserver-cockpit-lib-1.9.5-1.ns7.noarch
nethserver-cockpit-1.9.5-1.ns7.noarch
#
@gsanchietti I am sorry, but the bug is reproducible
Michel-André
dnutan
May 17, 2021, 8:58pm
13
Service is created on cockpit.
ERROR: Invalid/Unknown udp port/service (20000…20050) /etc/shorewall/rules (line 138)
Port range not opened.
Hi Marc,
What format are you using ?
Michel-André
dnutan
May 17, 2021, 9:02pm
16
Initially the wrong one (seeing it from the cockpit side of things) as asked ..:first test I did I didn’t try to edit or delete the fw_jitsi-jigasi service, but trying to create any other service resulted in a cockpit (jq) error.
1 Like
stephdl
May 17, 2021, 9:07pm
17
2000:2500,234,567,678,1000:1500
After that show us the relevant line in /etc/shorewall/rules
Salut Stéphane,
It took some time to execute but finally it finished.
# cat /etc/shorewall/rules | grep stephdl
# Service: fw_stephdl Access: green,red
?COMMENT fw_stephdl
?COMMENT fw_stephdl
?COMMENT fw_stephdl
?COMMENT fw_stephdl
?COMMENT fw_stephdl
#
# config show fw_stephdl
fw_stephdl=service
UDPPorts=2000:2500,234,567,678,1000:1500
access=green,red
status=enabled
#
Test case
@gsanchietti Thousand excuses
I am extremely sorry for wasting your precious time.
Problem my mistake resolved
Michel-André
stephdl
May 17, 2021, 9:29pm
19
We miss a lot of things, please show us the complete lines in shorewall
Use a gist file if needed
