Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A port scanner at grc.com showed me that my SMTP, HTTP server and identification ports are open to the internet!!!
I wonder why, as presently I use my Linux computer only for Internet browsing. I do not use any mail programs, and I installed no http server or such.
I only installed a local DNS caching system (named).
I decided to use ipchains to protect myself. I studyed the ipchains how-to and found that the first sample configuration could be easily tailored to my needs.
When I tried it, however, it made the internet unavailable for me.
I found that the problem may be related to the $LOCALIP keyword used in the samples to identify my dynamic IP address. It seems that my SuSE system does not recognize it, as it complains of unidentifiable service. When I use the actual IP address, its OK. But I cannot tell what will be my IP address the next time I connect to my ISP.
Can you help me to overcome the above problem, or give me a working ipchains configuration for the following system and needs:
SuSE Linux 6.4 Eval, KDE, Netscape, modem connection to ISP with dynamic IP address, IP address cashing, no mail, no ftp, no anything just browsing.
You don't need to use your IP address - you can simply specify an interface. For example to close all the priviledged ports to tcp traffic on any PPP (dialup) interface you could use
As you can't guarantee what port your incomming connections will be comming in on (you send your request to port 80 for http, yet packets will come back to your machine destine for some high numbered port - hence you don't want to go blocking these!!), you really only want to close the port you know things i will be running on. Have a look at the output at the top of
I would still prefer to use the sample firewall commands described in the how-to.
I suppose that they might easily be made to work (if I get a little help).
So, could you please tell me why this command:
#ipchains -A input -p UDP -s 194.88.32.226 -d $LOCALIP dns -j ACCEPT
results in the following error message:
ipchains: host/network 'dns' not found
When I use the actual (dynamic) IP address got from my ISP instead of $LOCALIP, as follows:
#ipchains -A input -p UDP -s 194.88.32.226 -d 195.56.211.116 dns -j ACCEPT
it also results in an error message, but a different one:
ipchains: invalid port/service 'dns' specified
'I allow UDP packets in for DNS (I run a caching nameserver which forwards all requests to 203.29.16.1, so I expect DNS replies from them only), incoming ftp, and return ftp-data only (which should only be going to a port above 1023, and not the X11 ports around 6000).
As a newbie, how could I know what that 'dns' means in this example? I thought it is something like an 'environment variable' of the system that is automatically created and updated when I set up a local, caching name server.
Based on my experiences with Linux and M$ programs, I find that usually they both have extensive documentation, only they should be used in a different way:
- in M$ programs: try the examples, understand how they work and tailor them to your needs
- in Linux: try the examples, understand why they do not work, then tailor them to your needs.
I am browsing my system files now, and in rc.config I was faced with the fact that I actually run a server on my machine. Not quite unintentionally, as I intended to run a server on Localhost, for later testing purposes of mysql + php. But my original intention was that it should be operable only for Localhost, and not for the whole Internet whilst keeping three ports totally open to the Internet when I am browsing.
Actually, in rc.config I switched off the httpd service (and also found out how to start named at start-up), but I still have port 113 being always open.
Can you tell me how to close port 113 (which service shall be disabled and where) and also the drawback of doing so?
Still want to install a firewall by ipchains (I would prefer stealthing my ports instead of closing them), if once I find out what that 'dns' means in the sample configuration.
$LOCALIP is a variable that is stated at the start of your script. You should see 'something' like
LOCALIP = "bleh"
Right close to the beginning of the script.
You could try just replacing any instance of '$LOCALIP' with 'ppp+'
and see how it goes.
Or, I guess you could replace the 'bleh' at the top with 'ppp+' then you'd not have to go through your script to replace every instance of $LOCALIP.....
I tried PMFirewall but it made the Internet unavailable, although I installed it to my best knowledge (which is, however, very limited).
I run it at start-up time, but it made strange strings:
It gave the Forward chain a policy of Deny, and no other rules (this may have caused the Internet access failure).
It gave the Output chain a policy of Accept, and filled it with Accept rules only (this is an other thing I could not understand).
Finally I dropped PMFirewall.
So, my questions are still relevant (and simple):
- Could someone give me a sample configuration of ipchains that allows browsing the internet, local nameserver, dynamic IP address from ISP, but otherwise protect the machine from possible attacts?
- Can anyone tell me what that 'dns' means in the sample configuration in the ipchains howto (which possibly not understood by my system)?
Thank you in advance.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.