Installed firewall, now Blackberry won't retrieve email - Firewalls

This is a discussion on Installed firewall, now Blackberry won't retrieve email - Firewalls ; We run a Novell Groupwise server that had been connected directly to the internet using one of its NICs. Last week we put a Linksys WRT54G router with DD-WRT firmware (v23 sp2) between the Novell server and the cable modem. ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: Installed firewall, now Blackberry won't retrieve email

  1. Installed firewall, now Blackberry won't retrieve email

    We run a Novell Groupwise server that had been connected directly to the
    internet using one of its NICs. Last week we put a Linksys WRT54G router
    with DD-WRT firmware (v23 sp2) between the Novell server and the cable
    modem. We have two employees with Blackberry phones that pull their email
    from the Groupwise server (using pop3; we do not have BB Enterprise Server).
    Since putting in the Linksys, they are not receiving their emails on the
    Blackberry devices. Of course, I have POP and SMTP ports forwarded to the
    Groupwise server, but I think the Blackberry requests use additional ports,
    but I have not been able to determine which ones I need to open.

    Help greatly appreciated.

    Thank you,

    jm







  2. Re: Installed firewall, now Blackberry won't retrieve email


    "JM" wrote in message
    news:T-Cdnck1paaYk93bnZ2dnUVZ_jmdnZ2d@comcast.com...
    > We run a Novell Groupwise server that had been connected directly to the
    > internet using one of its NICs. Last week we put a Linksys WRT54G router
    > with DD-WRT firmware (v23 sp2) between the Novell server and the cable
    > modem. We have two employees with Blackberry phones that pull their email
    > from the Groupwise server (using pop3; we do not have BB Enterprise
    > Server). Since putting in the Linksys, they are not receiving their emails
    > on the Blackberry devices. Of course, I have POP and SMTP ports forwarded
    > to the Groupwise server, but I think the Blackberry requests use
    > additional ports, but I have not been able to determine which ones I need
    > to open.
    >
    > Help greatly appreciated.
    >

    You need to post to alt.internet.wireless to the professionals there.


  3. Re: Installed firewall, now Blackberry won't retrieve email

    JM wrote:

    > We run a Novell Groupwise server that had been connected directly to the
    > internet using one of its NICs. Last week we put a Linksys WRT54G router
    > with DD-WRT firmware (v23 sp2) between the Novell server and the cable
    > modem. We have two employees with Blackberry phones that pull their email
    > from the Groupwise server (using pop3; we do not have BB Enterprise
    > Server). Since putting in the Linksys, they are not receiving their emails
    > on the
    > Blackberry devices. Of course, I have POP and SMTP ports forwarded to the
    > Groupwise server, but I think the Blackberry requests use additional
    > ports, but I have not been able to determine which ones I need to open.


    Log all incoming traffic, look at the logfile, problem solved.

    Wolfgang

  4. Re: Installed firewall, now Blackberry won't retrieve email

    Mr. Arnold wrote:

    > You need to post to alt.internet.wireless to the professionals there.


    No, as with any proper packet-filter he simply needs to log the incoming
    traffic and look at the logfile.

    Wolfgang

  5. Re: Installed firewall, now Blackberry won't retrieve email


    "Wolfgang Kueter" wrote in message
    news:f1qru1$v1j$1@news.shlink.de...
    > Mr. Arnold wrote:
    >
    >> You need to post to alt.internet.wireless to the professionals there.

    >
    > No, as with any proper packet-filter he simply needs to log the incoming
    > traffic and look at the logfile.
    >


    I'll agree, but I think he got the answers over there in the wireless NG. I
    am watching it unfold.



  6. Re: Installed firewall, now Blackberry won't retrieve email


    "Wolfgang Kueter" wrote in message
    news:f1qrqm$uva$2@news.shlink.de...
    > JM wrote:
    >
    >> We run a Novell Groupwise server that had been connected directly to the
    >> internet using one of its NICs. Last week we put a Linksys WRT54G router
    >> with DD-WRT firmware (v23 sp2) between the Novell server and the cable
    >> modem. We have two employees with Blackberry phones that pull their
    >> email
    >> from the Groupwise server (using pop3; we do not have BB Enterprise
    >> Server). Since putting in the Linksys, they are not receiving their
    >> emails
    >> on the
    >> Blackberry devices. Of course, I have POP and SMTP ports forwarded to
    >> the
    >> Groupwise server, but I think the Blackberry requests use additional
    >> ports, but I have not been able to determine which ones I need to open.

    >
    > Log all incoming traffic, look at the logfile, problem solved.
    >
    > Wolfgang


    I appreciate your suggestion, but this seems like a ridiculous way to
    accomplish this. Why not do the same to discover required ports for FTP,
    RDP, SIP, Telnet, etc? Instead of sharing information, we could all just
    examine log files for hours. And what about the services or requests that
    do not reveal themselves readily, because of a feature not used, etc? At
    the very least I've got to capture the logs, sift through hundreds of
    entries, and then do a WhoIs for identification.

    This is all academic, because I've already done exactly that. But isn't it
    massively more efficient to ask someone which ports need to be opened?

    thank you,

    jm







  7. Re: Installed firewall, now Blackberry won't retrieve email

    "JM" wrote:

    > I appreciate your suggestion, but this seems like a ridiculous way to
    > accomplish this. Why not do the same to discover required ports for
    > FTP, RDP, SIP, Telnet, etc?


    But you claimed that you already DID open the ports for POP3 and SMTP.
    For RFC-compliant mail systems that should be enough - so either you'll
    have to wade through the Groupwise documentation (because Novell
    sometimes has a "novell" approach to RFCs), or you check the firewall
    logs to see what gets blocked.

    Maybe Blackberry tries to do IDENT and runs into a timeout (not really
    common anymore, but...), but that's hard to say from a distance - the
    logfile will tell you.


    Juergen Nieveler
    --
    Press to Adopt Me! I need a better home.

  8. Re: Installed firewall, now Blackberry won't retrieve email


    "Juergen Nieveler" wrote in message
    news:Xns992B6688F7BD8juergennieveler@nieveler.org. ..
    > "JM" wrote:
    >
    >> I appreciate your suggestion, but this seems like a ridiculous way to
    >> accomplish this. Why not do the same to discover required ports for
    >> FTP, RDP, SIP, Telnet, etc?

    >
    > But you claimed that you already DID open the ports for POP3 and SMTP.
    > For RFC-compliant mail systems that should be enough - so either you'll
    > have to wade through the Groupwise documentation (because Novell
    > sometimes has a "novell" approach to RFCs), or you check the firewall
    > logs to see what gets blocked.
    >
    > Maybe Blackberry tries to do IDENT and runs into a timeout (not really
    > common anymore, but...), but that's hard to say from a distance - the
    > logfile will tell you.
    >


    Okay, I did not understand.

    I thought there were BB-specific services, requiring certain ports to be
    opened, that might be commonly-known to others who have worked with BBs in
    the past.

    Sorry for the tone of my reply.

    jm









  9. Re: Installed firewall, now Blackberry won't retrieve email

    "JM" wrote:

    > I thought there were BB-specific services, requiring certain ports to
    > be opened, that might be commonly-known to others who have worked with
    > BBs in the past.


    Only when you use a BES, AFAIK.

    The problem with most company email systems is that they're designed to
    be used only by the appropriate interal client app (Groupwise with the
    Novell client, Exchange with Outlook...) - there frequently are
    problems when you try to use a normal email client that complies with
    OFFICIAL standards instead of the vendor-specific ones. I remember that
    at least for some time, if you tried downloading mail via POP3 from a
    Notes server, Notes would strip out any attached images...


    Juergen Nieveler
    --
    Confucius say - 'He who stands on toilet is high on pot'

  10. Re: Installed firewall, now Blackberry won't retrieve email

    JM wrote:


    > I thought there were BB-specific services,


    Indeed, there is.

    > requiring certain ports to be
    > opened,


    there is one port.

    > that might be commonly-known to others who have worked with BBs in
    > the past.


    I have done it on some customer systems. Of course I could have easily
    looked the port up in one of those systems. But I thought pointing you to
    the general solution of such problems more helpful.

    The general solution is:

    Always build a ruleset according to the following example:

    from to service/port protocol action
    ------------------------------------------------------
    lan any http 80 tcp allow
    lan any dns 53 udb allow
    any mails. smtp 25 tcp allow
    [some more according to your requirements] allow
    any any any any log + deny

    This method ensures, that any communication that was not allowed is denied
    and logged and looking at the logfile will tell you what to do to solve the
    problem.

    Please notice that pointing you into the right direction takes more than
    typing 3101/tcp.

    Wolfgang



  11. Re: Installed firewall, now Blackberry won't retrieve email


    "Wolfgang Kueter" wrote in message
    news:f1takd$dro$1@news.shlink.de...
    > JM wrote:
    >
    >
    >> I thought there were BB-specific services,

    >
    > Indeed, there is.
    >
    >> requiring certain ports to be
    >> opened,

    >
    > there is one port.
    >
    >> that might be commonly-known to others who have worked with BBs in
    >> the past.

    >
    > I have done it on some customer systems. Of course I could have easily
    > looked the port up in one of those systems. But I thought pointing you to
    > the general solution of such problems more helpful.
    >
    > The general solution is:
    >
    > Always build a ruleset according to the following example:
    >
    > from to service/port protocol action
    > ------------------------------------------------------
    > lan any http 80 tcp allow
    > lan any dns 53 udb allow
    > any mails. smtp 25 tcp allow
    > [some more according to your requirements] allow
    > any any any any log + deny
    >
    > This method ensures, that any communication that was not allowed is denied
    > and logged and looking at the logfile will tell you what to do to solve
    > the
    > problem.
    >
    > Please notice that pointing you into the right direction takes more than
    > typing 3101/tcp.
    >
    > Wolfgang
    >


    I appreciate this. I really do. I was a college teacher before I was an IT
    person, and I'm a huge believer in "give a person a fish - feed him for a
    day; teach a person to fish - feed him for a lifetime." I've sent many a
    student away looking for answers I could easily have provided.

    However, in this case, I was in no such mood ; ) This BB component is one
    small part of a much, much, much more massive headache that I'm experiencing
    with this server/firewall/internet configuration for a customer who will not
    listen to reason.

    So, yes, I was looking for the easy way out.

    thank you for your time and patience. it is appreciated.

    jm







  12. Re: Installed firewall, now Blackberry won't retrieve email

    On May 8, 6:42 pm, "Mr. Arnold" wrote:
    > "Wolfgang Kueter" wrote in message
    >
    > news:f1qru1$v1j$1@news.shlink.de...
    >
    > > Mr. Arnold wrote:

    >
    > >> You need to post to alt.internet.wireless to the professionals there.

    >
    > > No, as with any proper packet-filter he simply needs to log the incoming
    > > traffic and look at the logfile.

    >
    > I'll agree, but I think he got the answers over there in the wireless NG. I
    > am watching it unfold.


    Mr. Arnold, you seem to interject much about redirection, but you
    rarely divulge a solution....

    Why is that?

    Just out of curious, are you german?

    RedForeman


  13. Re: Installed firewall, now Blackberry won't retrieve email

    "JM" wrote:

    > However, in this case, I was in no such mood ; ) This BB component is
    > one small part of a much, much, much more massive headache that I'm
    > experiencing with this server/firewall/internet configuration for a
    > customer who will not listen to reason.

    ^^^^^^^^^^^^^^^^^^^^^^^^^

    He's using Groupwise, so that's not really surprising ;-)

    Juergen Nieveler
    --
    Nothing anybody tells you about marriage helps

+ Reply to Thread