Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running Debian Etch on my laptop, which connects to the internet through an ADSL router over wireless network. I have installed firehol but when I test my firewall at sites like Shields Up, the port 80 is reported as open.
As my knowledge of firewalls is absolutely the minimum, I would very much like you suggestions as to how to close this port.
No, it's not OK, unless you're running an http server. Go ahead and close it then try to connect eo the internet. I don't know how firehol is set up, but if the settings are "sane," you shouldn't have any problem.
Create the file /etc/rcS.d/S99network
Copy the contents between the lines below into it (substitute your ethernet address for <outgoing interface ip>.
The bottom two lines allow external ssh connections, omit them if not desired or install fail2ban to thwart uninvited login attempts.
This is assuming your interfaces is, of course , named eth0. If it is a wireless interface the 3rd line should reflect whatever name your system has given the interface ie., ath0,wlan0...whatever...
-------------------------------------------------------------------------
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
------------------------------------------------------------------------
then do... #chmod 700 /etc/rcS.d/S99network ..as root
then do... #/etc/rcS.d/S99network
instant firewall...
and ..coincidentally..if your communicating with an offsite website to check your firewall..of course it's going to report port 80 open..your using it to run the test..
Last edited by geden; 11-19-2007 at 09:30 PM.
Reason: clarification
If that seems too complicated for your skill level, you might want to simply remove firehol altogether, and install Firestarter (Gnome) or Guarddog (KDE) instead. Either of those will set up by default to block the service ports. (1-1024).
It's also possible, if you really don't know what you're doing, that you unwittingly installed an http server, and it's running which is the reason firehol left the port open. If that's the case, you may want to run a more beginner friendly distro that doesn't require as much post-installation configuration as Debian.
geden >>
Thanks for your valuable suggestion, I tried your suggestion. But when I run S99network, I get the following error message
FATAL: Module ipt_MASQUERADE not found.
iptables v1.3.6: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.6: Bad IP address `eth1'
Any suggestions?
rickh >>
Thanks for your suggestion. I have tried guarddog and firestarter without success. I am able to configure guarddog in my Ubuntu and Slackware 11 installs, without much problem. However I am unable to configure any firewall in Debian.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.