Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've just adjusted my linux firewall (iptables) and would like to know what program can I use to check whether the firewall is functioning.I mean,whether the firewall is protecting my computer from attack.
Actually,my home server is behind my router so it actually blocks all incoming connection except those I open (e.g.http,ssh).However,I am curious to know whether I know which port(s) the server is opening for connection when the router doesn't exist?I've tried like nmap localhost and it lists the port which is open but I don't know whether it's accessible to outsider(Outside the LAN) or not.
Sorry for bothering you with yet another dumb question.
The online version is on the public side of the router/gateway, whereas if your server, and testing client, is behind it on your lan - the view may be very different.
But the question is,which one is opening to outsider?I did open these ports but not sure they are opened to outsider.
The way to interpret that output is - check the "Local Address" column:
0.0.0.0 -- listening on all interfaces over IPv4
::: -- listening on all interfaces over IPv6
192.168.1.201 -- listening on that particular IPv4 address / interface
127.0.0.1 -- listening on localhost
In cases where you have 0.0.0.0, :::, or 192.168.x.y, you should be aware that you're listening for connections from the outside world. (Well, 192.168.1/24 is RFC 1918 private IP space, but you said you're forwarding connections from your router.)
So if there are any of those services you don't want to be potentially serving up to the 'net, then be sure your netfilter ruleset is protecting them. Or - if you're not using it - disable and/or uninstall the service.
Try the ShieldsUP! application at https://www.grc.com
The objective here is to get a PASS on All Service Ports in Stealth (all green).
To be able to pass you need to suppress ICMP Echo Request (ping) which you may not want to do.
Thanks for the detailed replies from anomie and brak44. Those are very informative knowledge which I should have.
Quote:
In cases where you have 0.0.0.0, :::, or 192.168.x.y, you should be aware that you're listening for connections from the outside world. (Well, 192.168.1/24 is RFC 1918 private IP space, but you said you're forwarding connections from your router.)
So if there are any of those services you don't want to be potentially serving up to the 'net, then be sure your netfilter ruleset is protecting them. Or - if you're not using it - disable and/or uninstall the service.
anomie,I use my router to forward some specific service like web or ssh only.As I used the ShieldUp which is recommended by brak44,they can only scan the port 80 as open.So I think I am protected against intrusion other than attack from port 80.
I think if time is allowed for the experiment,I have to connect my web server directly with the outside world to see whether the iptable rules are activated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.