LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-09-2009, 01:58 PM   #1
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Rep: Reputation: 50
SME Server port 113


I already read up on this. I am using the SME server as a gateway and private server only. I then have it connected to a workgroup switch.

I have all ports stealthed except for port 113, which is closed. I want it stealthed not closed. But I am having a hard time finding specific information on how to do this. So can anyone tell me how to do this with an SME server. I am using putty on a Vista machine to access the SME server, shell, etc.
 
Old 05-09-2009, 03:46 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Amdx2_x64 View Post
I already read up on this. I am using the SME server as a gateway and private server only. I then have it connected to a workgroup switch.

I have all ports stealthed except for port 113, which is closed. I want it stealthed not closed. But I am having a hard time finding specific information on how to do this. So can anyone tell me how to do this with an SME server. I am using putty on a Vista machine to access the SME server, shell, etc.
What's the output of:
Code:
iptables -nvL INPUT
 
Old 05-09-2009, 05:41 PM   #3
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by win32sux View Post
What's the output of:
Code:
iptables -nvL INPUT

Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination                                                                                                  
63946   17M state_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
36924 3032K local_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
35385 2920K PPPconn    all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 denylog    all  --  *      *       224.0.0.0/4          0.0.0.0/0                                                                                                    
    0     0 denylog    all  --  *      *       0.0.0.0/0            224.0.0.0/4                                                                                                  
 4267 1422K ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                            udp dpts:67:68
  281  8972 InboundICMP  icmp --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                  
    0     0 denylog    icmp --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
30652 1452K InboundTCP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                            tcp flags:0x16/0x02
    0     0 denylog    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                            tcp flags:0x16/0x02
  153 23699 InboundUDP  udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                   
    0     0 denylog    udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0                                                                                                            udp spts:67:68
    0     0 gre-in     47   --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 denylog    47   --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
   32 13419 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Old 05-09-2009, 05:58 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Amdx2_x64 View Post
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination                                                                                                  
63946   17M state_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
36924 3032K local_chk  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
35385 2920K PPPconn    all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 denylog    all  --  *      *       224.0.0.0/4          0.0.0.0/0                                                                                                    
    0     0 denylog    all  --  *      *       0.0.0.0/0            224.0.0.0/4                                                                                                  
 4267 1422K ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                            udp dpts:67:68
  281  8972 InboundICMP  icmp --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                  
    0     0 denylog    icmp --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
30652 1452K InboundTCP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                            tcp flags:0x16/0x02
    0     0 denylog    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                            tcp flags:0x16/0x02
  153 23699 InboundUDP  udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                   
    0     0 denylog    udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0                                                                                                            udp spts:67:68
    0     0 gre-in     47   --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
    0     0 denylog    47   --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    
   32 13419 denylog    all  --  *      *       0.0.0.0/0            0.0.0.0/0
Yikes! You've got quite a few user-built chains in there where port 113 packets could be getting sent to ACCEPT in. I can't really pinpoint the offending rule without going through those chains (state_chk, local_chk, PPPconn, and InboundTCP). My guess is the offending rule will be in InboundTCP, but no way to know for sure without seeing the contents.
 
Old 05-09-2009, 06:09 PM   #5
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by win32sux View Post
Yikes! You've got quite a few user-built chains in there where port 113 packets could be getting sent to ACCEPT in. I can't really pinpoint the offending rule without going through those chains (state_chk, local_chk, PPPconn, and InboundTCP). My guess is the offending rule will be in InboundTCP, but no way to know for sure without seeing the contents.

I am new to SME server. I don't believe I did anything, might have. I will check it out.

Is there a way to stealth that port?
 
Old 05-09-2009, 07:00 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Amdx2_x64 View Post
I am new to SME server. I don't believe I did anything, might have. I will check it out.

Is there a way to stealth that port?
Well, executing this command would stealth it:
Code:
iptables -I INPUT -p TCP --dport 113 -j DROP
But that's not a substitute for finding out why it's not stealthed currently.
 
Old 05-09-2009, 09:15 PM   #7
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by win32sux View Post
Well, executing this command would stealth it:
Code:
iptables -I INPUT -p TCP --dport 113 -j DROP
But that's not a substitute for finding out why it's not stealthed currently.

I gave that a try. It works until the server is rebooted. I am not sure why but I will look into this and see if it is something I did or if something else is going on. Thanks for the help.



Edit: Also. I just installed this all yesterday.

Last edited by Amdx2_x64; 05-09-2009 at 09:21 PM.
 
Old 05-09-2009, 11:17 PM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Amdx2_x64 View Post
I gave that a try. It works until the server is rebooted.
That's the correct behavior. The iptables configuration isn't supposed to be saved until you say so. I googled SME server and it seems to be based on CentOS, (which is a Red Hat clone), so the way to save your iptables configuration is probably:
Code:
service iptables save
Don't take my word for it, though. Check the documentation.

Last edited by win32sux; 05-09-2009 at 11:20 PM.
 
Old 05-10-2009, 09:26 AM   #9
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by win32sux View Post
That's the correct behavior. The iptables configuration isn't supposed to be saved until you say so. I googled SME server and it seems to be based on CentOS, (which is a Red Hat clone), so the way to save your iptables configuration is probably:
Code:
service iptables save
Don't take my word for it, though. Check the documentation.

I tried that but it didn't work. When I get home I will see if I can figure it out. If I can get an old 350MHz computer running I might add that specifically as a firewall, then the gateway/private server, workgroup switch, etc. From what I am reading it sounds like it may be a better idea to have the firewall and server on separate computers. Either way I will post the results, well if it works.


Below is something I had to do to make sure all the ports where stealthed before, I had about five or six showing up as opened or closed. It just didn't work with port 113.


Code:
 Open Ports in Private Server/Gateway Mode

    * I want to hide all ports, so I put my SMESERVER in PRIVATE SERVER/GATEWAY mode. I can still see some ports are open. 

Certain services are still open on the WAN interface in PRIVATE SERVER/GATEWAY mode. Those services can be set to absolute private from the command line by:

config setprop masq Stealth yes
config setprop ftp access private
config setprop smtpd access private
config setprop dnscache access private
config setprop httpd-e-smith access private
config setprop oidentd access private
config setprop modSSL access private
config setprop ssmtpd access private
config setprop sshd access private
config setprop imaps access private
config setprop ldap access private
config setprop pop3 access private
config setprop pop3s access private
config setprop nmbd access private
config setprop smbd access private
signal-event post-upgrade
signal-event reboot
 
  


Reply

Tags
closed, port, server, sme, stealth


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port 113 floppywhopper Linux - Security 7 02-07-2008 06:51 PM
Help! my new server is SENDING on port 113 ouimet Linux - Security 15 12-15-2004 09:10 AM
port 113 jthepro Linux - Networking 2 05-24-2004 12:52 PM
113 port spank Linux - Newbie 3 12-02-2003 03:54 PM
port 113 pangfai Linux - Security 7 06-06-2002 05:53 AM


All times are GMT -5. The time now is 11:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration