LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices

Reply
 
Search this Thread
Old 06-20-2007, 04:05 PM   #1
ferrel
Member
 
Registered: Feb 2007
Location: Pasadena, Texas
Distribution: Slackware 14.0
Posts: 137

Rep: Reputation: 3
rules.drakx in /etc/shorewall


rules.drakx in /etc/shorewall

Does anyone know why these three ports (11,6000,631) are open?
Is this normal, or at least okay? Is there anything strange here?
I configured the firewall to HIGH setting, and did not check any
boxes to allow ANY outside services to connect.
Ferrel
ps: Sorry if my query is overly generalized.
Mandriva 2007.0 on x86_64

The file /etc/shorewall/rules.drakx is a product of the
Mandriva 2007.0 installation process, and states:
ACCEPT net fw tcp 111,6000,631 -

----------------------------------------------------------------------------
I ran the following scan on my computer (output following):
$ nmap 24.238.220.89

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:33 CDT
Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89):
Not shown: 1677 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11

----------------------------------------------------------------------------
I ran this scan:
$ nmap -A -v 24.238.220.89

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:45 CDT
DNS resolution of 1 IPs took 0.04s.
Initiating Connect() Scan against user-0cetn2p.cable.mindspring.com (24.238.220.
89) [1680 ports] at 15:45
Discovered open port 6000/tcp on 24.238.220.89
Discovered open port 631/tcp on 24.238.220.89
Discovered open port 111/tcp on 24.238.220.89
The Connect() Scan took 0.04s to scan 1680 total ports.
Initiating service scan against 3 services on user-0cetn2p.cable.mindspring.com
(24.238.220.89) at 15:45
The service scan took 6.11s to scan 3 services on 1 host.
Initiating RPCGrind Scan against user-0cetn2p.cable.mindspring.com (24.238.220.8
9) at 15:46
The RPCGrind Scan took 0.00s to scan 1 ports on user-0cetn2p.cable.mindspring.co
m (24.238.220.89).
Host user-0cetn2p.cable.mindspring.com (24.238.220.89) appears to be up ... good
.
Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89):
Not shown: 1677 closed ports
PORT STATE SERVICE VERSION
111/tcp open rpc
631/tcp open ipp CUPS 1.2
6000/tcp open X11 (access denied)
Service Info: OS: Unix

Nmap finished: 1 IP address (1 host up) scanned in 6.372 seconds

----------------------------------------------------------------------------
The /etc/shorewall/policy file states:
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
loc fw ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
----------------------------------------------------------------------------
This file ends here.
--------------------------------------------------------------------------

Last edited by ferrel; 06-20-2007 at 04:06 PM.
 
Old 06-20-2007, 11:00 PM   #2
ernie
Senior Member
 
Registered: Nov 2001
Location: Toledo, Ohio - USA
Distribution: Mageia 1
Posts: 1,079
Blog Entries: 4

Rep: Reputation: 70
Quote:
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
6000/tcp open X11
I think this tells the whole story ...
Port 111 is used by rpcbind. A Google search returns this Unix Manual Page. I have no reason to permit remote log in here (this is my personal desktop system), so I disable or remove such services. If you are not providing services to other computers you probably do not need this running.

Port 631 is used by the Cups print server. You can configure cups and manage print jobs from a WEB browser with the following URI:
Code:
localhost:631
I use my Linux printer from my wife's laptop over my home LAN, so I have print sharing set up which opens ports 139 and 445. As much as I dislike any open ports, if I am to use my computer on my home LAN, a few are unavoidable. My router doubles as a hardware firewall, and I have been carefull to block these ports there.


Port 6000 is used by the X11 server. If you need to log in to your computer from a remote machine (perhaps via ssh) this is the port to use. Again, I do not allow remote log in so this port is closed here.

HTH,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall ignoring rules DeusExMichael Linux - Security 2 03-06-2007 02:20 PM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Shorewall .....rules or tos? matthewa Linux - Security 3 06-26-2005 01:57 PM
Shorewall ignores the rules? N3K0KUN Linux - Security 3 09-06-2004 02:48 PM
Shorewall policies + rules richlawson Linux - Networking 2 06-29-2003 11:35 AM


All times are GMT -5. The time now is 09:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration