LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-16-2005, 06:20 PM   #1
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,211

Rep: Reputation: 292Reputation: 292Reputation: 292
firewall problem with x server


I downloaded a firewall.rc script (cant remember where now but the link is on here somewhere)
Then I recompiled my kernel with iptables and some other ip stuff enabled and rebooted.
But no matter how i configured the firewall.rc it wouldnt startx - got error couldnt open listen server or some such.

Anyone else had this problem and found how to get around it?
 
Old 08-16-2005, 06:57 PM   #2
dunric
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 448

Rep: Reputation: 55
I guess you have to exclude filtering of communication to and from X server (std port address 6000). If it's running on local host, enabling communication on loopback may be enough (/usr/sbin/iptables -A INPUT -i lo -j ACCEPT;/usr/sbin/iptables -A OUTPUT -i lo -j ACCEPT) .
 
Old 08-16-2005, 10:44 PM   #3
LiNuCe
Member
 
Registered: Apr 2004
Location: France
Distribution: Slackware Linux 10.2
Posts: 119

Rep: Reputation: 15
Re: firewall problem with x server

Quote:
dive wrote :
I downloaded a firewall.rc script (cant remember where now but the link is on here somewhere) Then I recompiled my kernel with iptables and some other ip stuff enabled and rebooted. But no matter how i configured the firewall.rc it wouldnt startx - got error couldnt open listen server or some such. Anyone else had this problem and found how to get around it?
Please, provided us more informations if you want to get help : the exact error message and your rc.firewall would be very helpful to us.

However, instead of using some firewall script which you have found somewhere on the web and which you are not able to understand (and so, to find any errors it could contain) , you can use well-known solutions such as the Easy Firewall Generator for iptables or FireStarter. If you wish to learn Iptables (which is the software use to set up a firewall with Linux), the Easy Firewall Generator could be a good starting point with the excellent Iptables tutorial written by Oskar Andreasson.

You may also try to boot your system with a standard Linux kernel as provided with Slackware Linux. May be you have disabled something you should not in your new kernel configuration. In fact, if I were you, I will start with a standard kernel to see if there is a problem with its configuration. And if the problem even happens with a standard kernel, I will try with a clean, new rc.firewall script.

-- LiNuCe
 
Old 08-17-2005, 11:28 AM   #4
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,211

Original Poster
Rep: Reputation: 292Reputation: 292Reputation: 292
Before I recompile with iptables support again - I am wondering how much a firewall really is needed for my setup?
The only ports open are X on 6000 and CUPS on 631. I am not running sshd or any other services that would allow remote log on.

Are there any exploits that can run thru those 2 ports that I should protect against?
 
Old 08-17-2005, 12:30 PM   #5
LiNuCe
Member
 
Registered: Apr 2004
Location: France
Distribution: Slackware Linux 10.2
Posts: 119

Rep: Reputation: 15
Quote:
dive wrote :
(...) The only ports open are X on 6000 and CUPS on 631. I am not running sshd or any other services that would allow remote log on. Are there any exploits that can run thru those 2 ports that I should protect against?
As you already know it, the door of your house is closed to everyone, but when you need to allow a friend of yours to enter your house, you open the door and let him/her in. The same apply to your computer which is connected to the Internet : nobody needs to access it, unless you really need/want it. That is the reason why you should not have accessible port from the Internet. Now, you can decide to close these opened ports one by one and/or to use a firewall. To use a firewall, see my previous message.

How to close the standard X port ?

To close the standard X port (6000+), create the /etc/X11/xinit/xserverrc file, edit it and be sure it contains the following lines :

Code:
#!/bin/sh
exec /usr/X11R6/bin/X -nolisten tcp
Be sure it has proper permissions and ownership :

Code:
# chmod 755 /etc/X11/xinit/xserverrc
# chown root.root /etc/X11/xinit/xserverrc
Now, each time you will start X, it will not try to open any TCP port. The drawback of this solution is that you won't be able to connect to your computer from another one, but I doubt you really need it.

How to deny remote connection to the CUPS daemon ?

To be sure the CUPS daemon only listens on your local computer, you can edit the /etc/cups/cupsd.conf file and replace the following line :
Code:
Port 631
with :
Code:
Listen 127.0.0.1:631
After the change, you can connect to the CUPS daemon at http://127.0.0.1:631.

-- LiNuCe
 
Old 08-17-2005, 12:40 PM   #6
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,211

Original Poster
Rep: Reputation: 292Reputation: 292Reputation: 292
Thanks for those tips - I think thats just what I need
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
redhat as webserver, ftp server, Mail server, firewall ineth Linux - Newbie 1 09-10-2005 08:14 AM
server/firewall bigjunbug Linux - Software 0 04-23-2004 06:25 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 08:52 AM
Firewall and server in one journeyonline Linux - Security 2 08-04-2003 04:04 PM
Server behind firewall gdw Linux - Networking 4 02-27-2003 12:40 PM


All times are GMT -5. The time now is 02:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration