LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-22-2006, 12:58 PM   #1
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
CentOS 4.3 Outside of Firewall


I've always kept my servers behind my lan's firewall and just enabled port forwarding for whatever services I wanted to make public (ie: 80, 443, 25, 110, etc).

My new employer keeps all of their servers outside of the firewall, which makes me a little nervous but maybe I'm just being too paranoid.

So i setup a CentOS 4.3 server to run apache, dns, and postfix. In CentOS' firewall settings I checked the box to allow HTTP access (port 80 and 443), then I manually specified tcp port 53 for DNS.

Postfix is running, but it's only configured for localhost sending, so in the security window I unchecked the SMTP mail server option.

The problem is when I run a port scan on the server the port scan shows 6 open ports. 21, 25, 53 80, 110, and 443 are all "open" according to the port scanner. Is this a security threat or should I be ok? I don't have an FTP service running, so I have no idea why 21 is open. Postfix is enabled but the firewall isn't configured to allow mail connections, so I can't explain 25 and 110 (Dovecot is also disabled). 53, 80, and 443 all make sense because they are for the services I want to make public.

I guess my real question is should I try to manually configure the iptables rules or just use the default CentOS security options? I mean it is an "Enterprise" linux distro so I figured they should do things with stability and security in mind. I'd rather not go modifying things by hand.

Please let me know what you all think about my situation. Thanks!
 
Old 08-22-2006, 07:58 PM   #2
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
if you scan from your own computer it will definitely show port 25 open, its postfix. try scanning from other computers and check for the true results.

try telnetting to ports from localhost and check whats running on 21 an 110.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
router billion 5102 has firewall and software firewall tests aus9 Linux - Security 6 12-31-2006 10:09 PM
Whats the differnce between Centos and CentOS? duffmckagan cAos 1 06-12-2005 12:23 PM
update centos 4 rc1 to centos 4 trou yum? maxut cAos 2 03-04-2005 02:36 AM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 09:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM


All times are GMT -5. The time now is 08:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration