LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-13-2003, 04:07 PM   #1
LionMaster
LQ Newbie
 
Registered: Apr 2003
Location: Leuven - Belgium
Distribution: Red Hat, Mandrake
Posts: 2

Rep: Reputation: 0
Open ports on firewall


I've installed RH 9 and the lastest shorewall firewall. Besides having a lot UDP ports open (it seems like that but it seems it isn't - I'm still figuring that one out) I have TCP ports 389 (LDAP) and 1720 (H323 open call) that stay open no matter what rule I put in.
Does anyone know why and how this can be solved?
 
Old 04-13-2003, 04:27 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,711
Blog Entries: 54

Rep: Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966
What's your firewall ruleset and what do you have running (netstat -an)?
 
Old 04-13-2003, 05:16 PM   #3
LionMaster
LQ Newbie
 
Registered: Apr 2003
Location: Leuven - Belgium
Distribution: Red Hat, Mandrake
Posts: 2

Original Poster
Rep: Reputation: 0
This is the ruleset:
ACCEPT net fw icmp 8
REJECT net fw tcp 1720
DROP net fw tcp 389

This is the (long) netstat -an:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 1 192.168.221.12:34856 192.168.10.25:9100 SYN_SENT
tcp 0 0 192.168.221.12:34764 212.180.125.175:80 ESTABLISHED
tcp 0 0 127.0.0.1:34869 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34868 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34865 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34864 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34867 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34866 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34861 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34860 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34863 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34862 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34859 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:34858 127.0.0.1:631 TIME_WAIT
udp 0 0 0.0.0.0:32768 0.0.0.0:*
udp 0 0 0.0.0.0:10000 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:970 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 192.168.221.12:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*

Last edited by unSpawn; 04-13-2003 at 06:30 PM.
 
Old 04-13-2003, 06:29 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,711
Blog Entries: 54

Rep: Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966Reputation: 2966
First of all you should review your firewall's default input chain policy and change it to DROP (/etc/shorewall/policy). Then make rules allowing only for established connections you make out back in and add rules to open up the ports necessary (/etc/shorewall/rules) for services you want the rest of the world (or some IP ranges, or some IP addresses) to have access to. Looking at your portlist I see you're running RPC services, unprotected X11, Webmin, sshd, printer services, smtp, httpd, and bootpc. Make sure for each of them you want to open them up to the internet.

DROP vs REJECT: http://logi.cc/linux/reject_or_deny.php3, Iptables Tutorial 1.1.17: http://iptables-tutorial.frozentux.n...-tutorial.html and of course the iptables part of the 1st thread in this forum.
Btw, I'll edit out your domain socket stuff, we needn't see that.

Last edited by unSpawn; 04-13-2003 at 06:31 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Protecting open ports on firewall RecoilUK Linux - Security 3 06-09-2005 12:29 AM
How to open ports on hardware firewall? ben_build#2.1.0 Linux - Security 3 03-13-2005 03:59 PM
Open ports behind a firewall? ni0wn Slackware 4 09-16-2004 08:48 AM
PLEASE !!! Can't open ports with rc.firewall peryserv Linux - Networking 2 08-26-2004 08:43 PM
Help with RedHat firewall open ports Linux6574 Red Hat 2 04-24-2004 09:20 AM


All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration