Re: ports close & open
From: atse (dunggaze_at_yahoo.com)
Date: 09/13/03
- Next message: Scott Brooks: ""Desktop switching tool""
- Previous message: Durk van Veen: "Re: ports close & open"
- In reply to: Durk van Veen: "Re: ports close & open"
- Next in thread: Durk van Veen: "Re: ports close & open"
- Reply: Durk van Veen: "Re: ports close & open"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 13 Sep 2003 01:35:22 GMT
Yes, you are right. I am running email and samba servers. Of course, samba
is for LAN, but I think email server has to serve both LAN and WAN. How can
I set these services more secure? eth0 is to the Internet, eth1 to local.
How can I specify which service listens to which eth. Below is my iptable,
but I don't know how to configure it. Any idea?
Thanks.
Atse
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport
67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport
67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT
"Durk van Veen" <nntp.durk@cox.net> wrote in message
news:z8u8b.53120$cj1.13478@fed1read06...
> > I don't know what these ports are used for except 110 for pop3:
> >
> > 110/tcp open pop-3
> > 111/tcp open sunrpc
> > 137/tcp filtered netbios-ns
> > 138/tcp filtered netbios-dgm
> > 139/tcp filtered netbios-ssn
> > 143/tcp open imap2
> > 995/tcp open pop3s
> > 32768/tcp open unknown
> >
> > How can I close these ports for security purpose. Thanks,
> >
> > Atse
>
> Looks like you're running an email server (110, 143, 995) and Samba (137,
> 138, 139) on this box. Unless you really know what you're doing neither of
> these two services should be exposed to the outside world, so if this
> machine is hooked up directly to the internet, make sure that you tell the
> services that listen to these ports, to not listen on the interface that
> hooks up your internet connection. Better yet, look into iptables to set
up
> a firewall in addition to making those configuration changes.
>
> If this is the nmap profile of a machine on your internal network, and
this
> network is for home use, I wouldn't worry about it. The only thing I'm not
> sure about is that last port 32768. Redhat uses this for outgoing
> connections but I'm not sure why something would be listening to that port
> (for incoming connections).
>
>
- Next message: Scott Brooks: ""Desktop switching tool""
- Previous message: Durk van Veen: "Re: ports close & open"
- In reply to: Durk van Veen: "Re: ports close & open"
- Next in thread: Durk van Veen: "Re: ports close & open"
- Reply: Durk van Veen: "Re: ports close & open"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
