Installed firewall, now Blackberry won"t retrieve email

We run a Novell Groupwise server that had been connected directly to the
internet using one of its NICs. Last week we put a Linksys WRT54G router
with DD-WRT firmware (v23 sp2) between the Novell server and the cable
modem. We have two employees with Blackberry phones that pull their email
from the Groupwise server (using pop3; we do not have BB Enterprise Server).
Since putting in the Linksys, they are not receiving their emails on the
Blackberry devices. Of course, I have POP and SMTP ports forwarded to the
Groupwise server, but I think the Blackberry requests use additional ports,
but I have not been able to determine which ones I need to open.

Help greatly appreciated.

Thank you,

jm

Re: Installed firewall, now Blackberry won"t retrieve email

"JM" wrote in message
news:T-Cdnck1paaYk93bnZ2dnUVZ_jmdnZ2d@comcast.com...
> We run a Novell Groupwise server that had been connected directly to the
> internet using one of its NICs. Last week we put a Linksys WRT54G router
> with DD-WRT firmware (v23 sp2) between the Novell server and the cable
> modem. We have two employees with Blackberry phones that pull their email
> from the Groupwise server (using pop3; we do not have BB Enterprise
> Server). Since putting in the Linksys, they are not receiving their emails
> on the Blackberry devices. Of course, I have POP and SMTP ports forwarded
> to the Groupwise server, but I think the Blackberry requests use
> additional ports, but I have not been able to determine which ones I need
> to open.
>
> Help greatly appreciated.
>
You need to post to alt.internet.wireless to the professionals there.

Re: Installed firewall, now Blackberry won"t retrieve email

JM wrote:

> We run a Novell Groupwise server that had been connected directly to the
> internet using one of its NICs. Last week we put a Linksys WRT54G router
> with DD-WRT firmware (v23 sp2) between the Novell server and the cable
> modem. We have two employees with Blackberry phones that pull their email
> from the Groupwise server (using pop3; we do not have BB Enterprise
> Server). Since putting in the Linksys, they are not receiving their emails
> on the
> Blackberry devices. Of course, I have POP and SMTP ports forwarded to the
> Groupwise server, but I think the Blackberry requests use additional
> ports, but I have not been able to determine which ones I need to open.

Log all incoming traffic, look at the logfile, problem solved.

Wolfgang

Re: Installed firewall, now Blackberry won"t retrieve email

Mr. Arnold wrote:

> You need to post to alt.internet.wireless to the professionals there.

No, as with any proper packet-filter he simply needs to log the incoming
traffic and look at the logfile.

Wolfgang

Re: Installed firewall, now Blackberry won"t retrieve email

"Wolfgang Kueter" wrote in message
news:f1qru1$v1j$1@news.shlink.de...
> Mr. Arnold wrote:
>
>> You need to post to alt.internet.wireless to the professionals there.
>
> No, as with any proper packet-filter he simply needs to log the incoming
> traffic and look at the logfile.
>

I'll agree, but I think he got the answers over there in the wireless NG. I
am watching it unfold.

Re: Installed firewall, now Blackberry won"t retrieve email

"Wolfgang Kueter" wrote in message
news:f1qrqm$uva$2@news.shlink.de...
> JM wrote:
>
>> We run a Novell Groupwise server that had been connected directly to the
>> internet using one of its NICs. Last week we put a Linksys WRT54G router
>> with DD-WRT firmware (v23 sp2) between the Novell server and the cable
>> modem. We have two employees with Blackberry phones that pull their
>> email
>> from the Groupwise server (using pop3; we do not have BB Enterprise
>> Server). Since putting in the Linksys, they are not receiving their
>> emails
>> on the
>> Blackberry devices. Of course, I have POP and SMTP ports forwarded to
>> the
>> Groupwise server, but I think the Blackberry requests use additional
>> ports, but I have not been able to determine which ones I need to open.
>
> Log all incoming traffic, look at the logfile, problem solved.
>
> Wolfgang

I appreciate your suggestion, but this seems like a ridiculous way to
accomplish this. Why not do the same to discover required ports for FTP,
RDP, SIP, Telnet, etc? Instead of sharing information, we could all just
examine log files for hours. And what about the services or requests that
do not reveal themselves readily, because of a feature not used, etc? At
the very least I've got to capture the logs, sift through hundreds of
entries, and then do a WhoIs for identification.

This is all academic, because I've already done exactly that. But isn't it
massively more efficient to ask someone which ports need to be opened?

thank you,

jm

Re: Installed firewall, now Blackberry won"t retrieve email

Post removed (X-No-Archive: yes)

Re: Installed firewall, now Blackberry won"t retrieve email

"Juergen Nieveler" wrote in message
news:Xns992B6688F7BD8juergennieveler@nieveler.org...
> "JM" wrote:
>
>> I appreciate your suggestion, but this seems like a ridiculous way to
>> accomplish this. Why not do the same to discover required ports for
>> FTP, RDP, SIP, Telnet, etc?
>
> But you claimed that you already DID open the ports for POP3 and SMTP.
> For RFC-compliant mail systems that should be enough - so either you'll
> have to wade through the Groupwise documentation (because Novell
> sometimes has a "novell" approach to RFCs), or you check the firewall
> logs to see what gets blocked.
>
> Maybe Blackberry tries to do IDENT and runs into a timeout (not really
> common anymore, but...), but that's hard to say from a distance - the
> logfile will tell you.
>

Okay, I did not understand.

I thought there were BB-specific services, requiring certain ports to be
opened, that might be commonly-known to others who have worked with BBs in
the past.

Sorry for the tone of my reply.

jm

Re: Installed firewall, now Blackberry won"t retrieve email

Post removed (X-No-Archive: yes)

Re: Installed firewall, now Blackberry won"t retrieve email

JM wrote:


> I thought there were BB-specific services,

Indeed, there is.

> requiring certain ports to be
> opened,

there is one port.

> that might be commonly-known to others who have worked with BBs in
> the past.

I have done it on some customer systems. Of course I could have easily
looked the port up in one of those systems. But I thought pointing you to
the general solution of such problems more helpful.

The general solution is:

Always build a ruleset according to the following example:

from to service/port protocol action
------------------------------------------------------
lan any http 80 tcp allow
lan any dns 53 udb allow
any mails. smtp 25 tcp allow
[some more according to your requirements] allow
any any any any log + deny

This method ensures, that any communication that was not allowed is denied
and logged and looking at the logfile will tell you what to do to solve the
problem.

Please notice that pointing you into the right direction takes more than
typing 3101/tcp.

Wolfgang

Re: Installed firewall, now Blackberry won"t retrieve email

"Wolfgang Kueter" wrote in message
news:f1takd$dro$1@news.shlink.de...
> JM wrote:
>
>
>> I thought there were BB-specific services,
>
> Indeed, there is.
>
>> requiring certain ports to be
>> opened,
>
> there is one port.
>
>> that might be commonly-known to others who have worked with BBs in
>> the past.
>
> I have done it on some customer systems. Of course I could have easily
> looked the port up in one of those systems. But I thought pointing you to
> the general solution of such problems more helpful.
>
> The general solution is:
>
> Always build a ruleset according to the following example:
>
> from to service/port protocol action
> ------------------------------------------------------
> lan any http 80 tcp allow
> lan any dns 53 udb allow
> any mails. smtp 25 tcp allow
> [some more according to your requirements] allow
> any any any any log + deny
>
> This method ensures, that any communication that was not allowed is denied
> and logged and looking at the logfile will tell you what to do to solve
> the
> problem.
>
> Please notice that pointing you into the right direction takes more than
> typing 3101/tcp.
>
> Wolfgang
>

I appreciate this. I really do. I was a college teacher before I was an IT
person, and I'm a huge believer in "give a person a fish - feed him for a
day; teach a person to fish - feed him for a lifetime." I've sent many a
student away looking for answers I could easily have provided.

However, in this case, I was in no such mood ; ) This BB component is one
small part of a much, much, much more massive headache that I'm experiencing
with this server/firewall/internet configuration for a customer who will not
listen to reason.

So, yes, I was looking for the easy way out.

thank you for your time and patience. it is appreciated.

jm

Re: Installed firewall, now Blackberry won"t retrieve email

On May 8, 6:42 pm, "Mr. Arnold" wrote:
> "Wolfgang Kueter" wrote in message
>
> news:f1qru1$v1j$1@news.shlink.de...
>
> > Mr. Arnold wrote:
>
> >> You need to post to alt.internet.wireless to the professionals there.
>
> > No, as with any proper packet-filter he simply needs to log the incoming
> > traffic and look at the logfile.
>
> I'll agree, but I think he got the answers over there in the wireless NG. I
> am watching it unfold.

Mr. Arnold, you seem to interject much about redirection, but you
rarely divulge a solution....

Why is that?

Just out of curious, are you german?

RedForeman

Re: Installed firewall, now Blackberry won"t retrieve email

Post removed (X-No-Archive: yes)