LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page What is this Firewall telling??
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-01-2007, 03:56 PM   #1
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Rep: Reputation: 30
Question What is this Firewall telling??

Code:
Your firewall chain policies are:


Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    2    80 ACCEPT     all  --  any    any     anywhere             anywhere           state RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  eth0   any     anywhere             anywhere           state NEW udp dpt:domain
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere           state NEW multiport dports http,https,ftp,ssh
    0     0 ACCEPT     icmp --  eth0   any     anywhere             anywhere           state NEW icmp echo-request
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 DROP       all  --  eth0   any     10.0.0.0/8           anywhere
    0     0 DROP       all  --  eth0   any     172.16.0.0/12        anywhere
    0     0 DROP       all  --  eth0   any     192.168.0.0/16       anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4  1116 ACCEPT     all  --  any    any     anywhere             anywhere           state RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  any    eth0    anywhere             anywhere           state NEW udp dpt:domain
    0     0 ACCEPT     tcp  --  any    eth0    anywhere             anywhere           state NEW multiport dports smtp,http,https,ssh
    0     0 ACCEPT     icmp --  any    eth0    anywhere             anywhere           state NEW icmp echo-request
    0     0 ACCEPT     all  --  any    lo      anywhere             anywhere
This is the iptables -L -v in my server. Now after the doing an nmap, i am getting...
Code:
[root@server root]# nmap www.mydomain.com

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-09-02 02:49 BDT
Interesting ports on server.mydomain.com (A.B.C.D):
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
3306/tcp open  mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.170 seconds
[root@server root]#
Where www.mydomain.com is hosted in the machine server.mydomain.com (the machine with the firewall and i am doing nmap to itself)
Now, i have opened ftp, ssh, dns, http and https. because it is serving these services and responding to them. It also allows to ping. The mysql is running locally and it should allowed to only for localhost and to specific IPs those i'll tell. I have no idea about rcpbind and i think i dont need it and it should be stopped too... suggestion plz...
 
Old 09-01-2007, 04:40 PM   #2
kotnik
Member
 
Registered: Nov 2004
Location: Novi Sad, Serbia
Distribution: Debian, Slackware, Gentoo, openSuSE
Posts: 254

Rep: Reputation: 31
Judging from your description, I'd close mysql's port, turn off domain and nfs.
 
Old 09-01-2007, 05:36 PM   #3
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
If you ran the nmap scan on the machine itself then it may not be accurate as to what is seen. If it is coonected directly to the internet goto this site and do some port scanning. http://www.hackerwatch.org/probe/

Brian
 
Old 11-15-2007, 06:31 PM   #4
robsoles
LQ Newbie
 
Registered: Oct 2007
Posts: 1

Rep: Reputation: 0
Brian's got the news there, if you run nmap from the local machine on the local machine's public IP address then nmap enquiries *should* turn up as being from localhost or 127.0.0.1 which apparently you want for instance mysql to remain open to.

Running nmap from a mate's machine, or even an alternate node on your own LAN is as good or better than using third party sites to determine your current publicly open ports.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Just telling everyone who I am Thedrew87 LinuxQuestions.org Member Intro 1 10-01-2006 04:26 PM
Telling FC 5 what TV Tuner I have fstab Linux - Hardware 2 08-01-2006 05:31 PM
need help in telling Debian about second nic kennmurrah Linux - Networking 3 10-18-2005 03:45 PM
telling kernel not to use apic Propatria Slackware 3 08-01-2004 07:48 PM
what is this error telling me? cadkins Linux - Newbie 1 03-18-2004 11:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:34 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration