-   Mandriva (
-   -   rules.drakx in /etc/shorewall (

ferrel 06-20-2007 05:05 PM

rules.drakx in /etc/shorewall
rules.drakx in /etc/shorewall

Does anyone know why these three ports (11,6000,631) are open?
Is this normal, or at least okay? Is there anything strange here?
I configured the firewall to HIGH setting, and did not check any
boxes to allow ANY outside services to connect.
ps: Sorry if my query is overly generalized.
Mandriva 2007.0 on x86_64

The file /etc/shorewall/rules.drakx is a product of the
Mandriva 2007.0 installation process, and states:
ACCEPT net fw tcp 111,6000,631 -

I ran the following scan on my computer (output following):
$ nmap

Starting Nmap 4.11 ( ) at 2007-06-20 15:33 CDT
Interesting ports on (
Not shown: 1677 closed ports
111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11

I ran this scan:
$ nmap -A -v

Starting Nmap 4.11 ( ) at 2007-06-20 15:45 CDT
DNS resolution of 1 IPs took 0.04s.
Initiating Connect() Scan against (24.238.220.
89) [1680 ports] at 15:45
Discovered open port 6000/tcp on
Discovered open port 631/tcp on
Discovered open port 111/tcp on
The Connect() Scan took 0.04s to scan 1680 total ports.
Initiating service scan against 3 services on
( at 15:45
The service scan took 6.11s to scan 3 services on 1 host.
Initiating RPCGrind Scan against (
9) at 15:46
The RPCGrind Scan took 0.00s to scan 1 ports on
m (
Host ( appears to be up ... good
Interesting ports on (
Not shown: 1677 closed ports
111/tcp open rpc
631/tcp open ipp CUPS 1.2
6000/tcp open X11 (access denied)
Service Info: OS: Unix

Nmap finished: 1 IP address (1 host up) scanned in 6.372 seconds

The /etc/shorewall/policy file states:
loc net ACCEPT
loc fw ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
This file ends here.

ernie 06-21-2007 12:00 AM


111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11
I think this tells the whole story ...
Port 111 is used by rpcbind. A Google search returns this Unix Manual Page. I have no reason to permit remote log in here (this is my personal desktop system), so I disable or remove such services. If you are not providing services to other computers you probably do not need this running.

Port 631 is used by the Cups print server. You can configure cups and manage print jobs from a WEB browser with the following URI:

I use my Linux printer from my wife's laptop over my home LAN, so I have print sharing set up which opens ports 139 and 445. As much as I dislike any open ports, if I am to use my computer on my home LAN, a few are unavoidable. My router doubles as a hardware firewall, and I have been carefull to block these ports there.

Port 6000 is used by the X11 server. If you need to log in to your computer from a remote machine (perhaps via ssh) this is the port to use. Again, I do not allow remote log in so this port is closed here.


All times are GMT -5. The time now is 12:09 AM.