LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (http://www.linuxquestions.org/questions/mandriva-30/)
-   -   rules.drakx in /etc/shorewall (http://www.linuxquestions.org/questions/mandriva-30/rules-drakx-in-etc-shorewall-563287/)

ferrel 06-20-2007 05:05 PM

rules.drakx in /etc/shorewall
 
rules.drakx in /etc/shorewall

Does anyone know why these three ports (11,6000,631) are open?
Is this normal, or at least okay? Is there anything strange here?
I configured the firewall to HIGH setting, and did not check any
boxes to allow ANY outside services to connect.
Ferrel
ps: Sorry if my query is overly generalized.
Mandriva 2007.0 on x86_64

The file /etc/shorewall/rules.drakx is a product of the
Mandriva 2007.0 installation process, and states:
ACCEPT net fw tcp 111,6000,631 -

----------------------------------------------------------------------------
I ran the following scan on my computer (output following):
$ nmap 24.238.220.89

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:33 CDT
Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89):
Not shown: 1677 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11

----------------------------------------------------------------------------
I ran this scan:
$ nmap -A -v 24.238.220.89

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:45 CDT
DNS resolution of 1 IPs took 0.04s.
Initiating Connect() Scan against user-0cetn2p.cable.mindspring.com (24.238.220.
89) [1680 ports] at 15:45
Discovered open port 6000/tcp on 24.238.220.89
Discovered open port 631/tcp on 24.238.220.89
Discovered open port 111/tcp on 24.238.220.89
The Connect() Scan took 0.04s to scan 1680 total ports.
Initiating service scan against 3 services on user-0cetn2p.cable.mindspring.com
(24.238.220.89) at 15:45
The service scan took 6.11s to scan 3 services on 1 host.
Initiating RPCGrind Scan against user-0cetn2p.cable.mindspring.com (24.238.220.8
9) at 15:46
The RPCGrind Scan took 0.00s to scan 1 ports on user-0cetn2p.cable.mindspring.co
m (24.238.220.89).
Host user-0cetn2p.cable.mindspring.com (24.238.220.89) appears to be up ... good
.
Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89):
Not shown: 1677 closed ports
PORT STATE SERVICE VERSION
111/tcp open rpc
631/tcp open ipp CUPS 1.2
6000/tcp open X11 (access denied)
Service Info: OS: Unix

Nmap finished: 1 IP address (1 host up) scanned in 6.372 seconds

----------------------------------------------------------------------------
The /etc/shorewall/policy file states:
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
loc fw ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
----------------------------------------------------------------------------
This file ends here.
--------------------------------------------------------------------------

ernie 06-21-2007 12:00 AM

Quote:

PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11
I think this tells the whole story ...
Port 111 is used by rpcbind. A Google search returns this Unix Manual Page. I have no reason to permit remote log in here (this is my personal desktop system), so I disable or remove such services. If you are not providing services to other computers you probably do not need this running.

Port 631 is used by the Cups print server. You can configure cups and manage print jobs from a WEB browser with the following URI:
Code:

localhost:631
I use my Linux printer from my wife's laptop over my home LAN, so I have print sharing set up which opens ports 139 and 445. As much as I dislike any open ports, if I am to use my computer on my home LAN, a few are unavoidable. My router doubles as a hardware firewall, and I have been carefull to block these ports there.


Port 6000 is used by the X11 server. If you need to log in to your computer from a remote machine (perhaps via ssh) this is the port to use. Again, I do not allow remote log in so this port is closed here.

HTH,


All times are GMT -5. The time now is 10:50 PM.