LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Incognito
User Name
Password
Incognito This forum is for the discussion of Incognito Linux.

Notices

Reply
 
Search this Thread
Old 10-17-2009, 03:37 AM   #1
john99
Member
 
Registered: Mar 2007
Posts: 44

Rep: Reputation: 15
what corporate firwall-ports should to be open?


Hallo

1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?


Thank's a lot for evey help!

John
 
Old 10-17-2009, 11:17 PM   #2
jhwilliams
Senior Member
 
Registered: Apr 2007
Location: Portland, OR
Distribution: Debian, Android, LFS
Posts: 1,168

Rep: Reputation: 206Reputation: 206Reputation: 206
Quote:
Originally Posted by john99 View Post
Hallo

1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?


Thank's a lot for evey help!

John

22, 53, 80, 443, 25, 993 are good ones.

Of f* it, just DMZ the whole box. ;-)

Last edited by jhwilliams; 10-17-2009 at 11:18 PM.
 
Old 10-21-2009, 11:24 AM   #3
anonym
Incognito Maintainer
 
Registered: Oct 2008
Distribution: Gentoo
Posts: 100

Rep: Reputation: 26
Quote:
Originally Posted by john99 View Post
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?
You will have to be able to communicate with the Tor network. You can use TorStatus to check which ORPorts and DirPorts the relays tend to use. Your firewall has to allow outbound connection to some subest of these TCP ports. Note that the fewer of the ORPorts you're able to connect to, the worse Tor's anonymity and performance gets.

If you want the time to be set correctly (Tor needs a somewhat accurate clock, so this might be nexessary) you also need the NTP port (UDP port 123) open for outbound connections.

Quote:
Originally Posted by john99 View Post
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?
The best way I think is to use a Tor bridge. You can setup Tor to use a bridge through the TorK GUI controller for Tor (the onion in the system tray). Note that you'll have to redo this everytime you start Incognito when booting from a CD.
 
1 members found this post helpful.
Old 11-19-2009, 10:07 AM   #4
john99
Member
 
Registered: Mar 2007
Posts: 44

Original Poster
Rep: Reputation: 15
Thank's a lot for the informations! For a beginner like me, it sounds like trial and error...

Is there not a more "reliable" method to test from within Icognito if the required ports(for TOR)
on the corporate firewall are open?


Thank's a lot for any feedback!

John
 
Old 11-19-2009, 06:17 PM   #5
jhwilliams
Senior Member
 
Registered: Apr 2007
Location: Portland, OR
Distribution: Debian, Android, LFS
Posts: 1,168

Rep: Reputation: 206Reputation: 206Reputation: 206
John,

I don't know what Incognito is, but here's how I handle opening ports:

As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."

If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:

Code:
nmap domain.name
On the gateway:
Code:
PORT     STATE SERVICE
22/tcp   open     ssh
23/tcp   open     telnet
53/tcp   open     domain
80/tcp   open     http
443/tcp  open     https
8080/tcp filtered http-proxy
And on the main internal server (you don't have access to this information directly since its in my network):

Code:
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
2049/tcp open  nfs
3306/tcp open  mysql
Best!
Jameson

Last edited by jhwilliams; 11-19-2009 at 06:21 PM.
 
1 members found this post helpful.
Old 12-05-2009, 03:16 AM   #6
john99
Member
 
Registered: Mar 2007
Posts: 44

Original Poster
Rep: Reputation: 15
Thank's a lot for the help!



Quote:
Originally Posted by jhwilliams View Post
As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."
Ok, but you know already before that Appache requires port 80. Is there - apart from firewall logs - other possibilities to find it out?





Quote:
Originally Posted by jhwilliams View Post


If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:

Code:
nmap domain.name

Code:
PORT     STATE SERVICE
23/tcp   open     telnet
I am wondering why Icognito/TOR does work in my case with port TCP 23 only. My opinion was, that much more open ports are required...
Do I miss something?


Thank's a lot for additional help!

John
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
open ports for utorrent using iptables n close smpt to that ports shtorrent00 Linux - Networking 2 09-30-2008 03:34 PM
LXer: Open source and the corporate elephant LXer Syndicated Linux News 0 12-14-2007 04:50 AM
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
LXer: An open letter to Corporate Linux LXer Syndicated Linux News 0 04-16-2007 08:31 PM
LXer: Corporate Fight Against Open Source LXer Syndicated Linux News 0 02-13-2007 01:16 PM


All times are GMT -5. The time now is 12:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration