Installed firewall, now Blackberry won't retrieve email

We run a Novell Groupwise server that had been connected directly to the internet using one of its NICs. Last week we put a Linksys WRT54G router with DD-WRT firmware (v23 sp2) between the Novell server and the cable modem. We have two employees with Blackberry phones that pull their email from the Groupwise server (using pop3; we do not have BB Enterprise Server). Since putting in the Linksys, they are not receiving their emails on the Blackberry devices. Of course, I have POP and SMTP ports forwarded to the Groupwise server, but I think the Blackberry requests use additional ports, but I have not been able to determine which ones I need to open.

Help greatly appreciated.

Thank you,

jm

Reply to
JM
Loading thread data ...

You need to post to alt.internet.wireless to the professionals there.

Reply to
Mr. Arnold

Log all incoming traffic, look at the logfile, problem solved.

Wolfgang

Reply to
Wolfgang Kueter

No, as with any proper packet-filter he simply needs to log the incoming traffic and look at the logfile.

Wolfgang

Reply to
Wolfgang Kueter

I'll agree, but I think he got the answers over there in the wireless NG. I am watching it unfold.

Reply to
Mr. Arnold

I appreciate your suggestion, but this seems like a ridiculous way to accomplish this. Why not do the same to discover required ports for FTP, RDP, SIP, Telnet, etc? Instead of sharing information, we could all just examine log files for hours. And what about the services or requests that do not reveal themselves readily, because of a feature not used, etc? At the very least I've got to capture the logs, sift through hundreds of entries, and then do a WhoIs for identification.

This is all academic, because I've already done exactly that. But isn't it massively more efficient to ask someone which ports need to be opened?

thank you,

jm

Reply to
JM

But you claimed that you already DID open the ports for POP3 and SMTP. For RFC-compliant mail systems that should be enough - so either you'll have to wade through the Groupwise documentation (because Novell sometimes has a "novell" approach to RFCs), or you check the firewall logs to see what gets blocked.

Maybe Blackberry tries to do IDENT and runs into a timeout (not really common anymore, but...), but that's hard to say from a distance - the logfile will tell you.

Juergen Nieveler

Reply to
Juergen Nieveler

Okay, I did not understand.

I thought there were BB-specific services, requiring certain ports to be opened, that might be commonly-known to others who have worked with BBs in the past.

Sorry for the tone of my reply.

jm

Reply to
JM

Only when you use a BES, AFAIK.

The problem with most company email systems is that they're designed to be used only by the appropriate interal client app (Groupwise with the Novell client, Exchange with Outlook...) - there frequently are problems when you try to use a normal email client that complies with OFFICIAL standards instead of the vendor-specific ones. I remember that at least for some time, if you tried downloading mail via POP3 from a Notes server, Notes would strip out any attached images...

Juergen Nieveler

Reply to
Juergen Nieveler

Indeed, there is.

there is one port.

I have done it on some customer systems. Of course I could have easily looked the port up in one of those systems. But I thought pointing you to the general solution of such problems more helpful.

The general solution is:

Always build a ruleset according to the following example:

from to service/port protocol action

------------------------------------------------------ lan any http 80 tcp allow lan any dns 53 udb allow any mails. smtp 25 tcp allow [some more according to your requirements] allow any any any any log + deny This method ensures, that any communication that was not allowed is denied and logged and looking at the logfile will tell you what to do to solve the problem.

Please notice that pointing you into the right direction takes more than typing 3101/tcp.

Wolfgang

Reply to
Wolfgang Kueter

I appreciate this. I really do. I was a college teacher before I was an IT person, and I'm a huge believer in "give a person a fish - feed him for a day; teach a person to fish - feed him for a lifetime." I've sent many a student away looking for answers I could easily have provided.

However, in this case, I was in no such mood ; ) This BB component is one small part of a much, much, much more massive headache that I'm experiencing with this server/firewall/internet configuration for a customer who will not listen to reason.

So, yes, I was looking for the easy way out.

thank you for your time and patience. it is appreciated.

jm

Reply to
JM

Mr. Arnold, you seem to interject much about redirection, but you rarely divulge a solution....

Why is that?

Just out of curious, are you german?

RedForeman

Reply to
RedForeman

^^^^^^^^^^^^^^^^^^^^^^^^^

He's using Groupwise, so that's not really surprising ;-)

Juergen Nieveler

Reply to
Juergen Nieveler

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.