LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-17-2002, 11:49 PM   #1
furquan
Member
 
Registered: Feb 2002
Posts: 30

Rep: Reputation: 15
how to block ports


hi
i would like to block some ports on my linux proxy server so as to disable chat services. can some one guide me to it.

regards
 
Old 02-18-2002, 01:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Even tho it's for Novell's BorderManager, here's a resource on chat app ports: http://nscsysop.hypermart.net/no_chat.html
 
Old 02-18-2002, 04:03 AM   #3
karunesh
Member
 
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126

Rep: Reputation: 15
It works

If you are uding iptables,then for which port you want to block,try this command.

iptables -I FORWARD -p tcp -s [Your Network]/[Subnet Mask] --destination-port [Port or Prot Range] -j DROP


__Karunesh__

 
Old 02-18-2002, 04:09 AM   #4
furquan
Member
 
Registered: Feb 2002
Posts: 30

Original Poster
Rep: Reputation: 15
thank u very much for the reply, could u also help me with this problem.

i have used ACL statements on the linux proxy to block websites.
the clients are windows 2k prof. now when in the connections tab i specify to use "Automatic detect connection" it bypasses the proxy acl statements and lets users to see the restricted site.

But when i uncheck this option and specifically specify the proxy ip and port 8080 then it works fine. so could any one help me through the problem as to how come i can totally restrict the access no matter what changes the user makes.
 
Old 02-18-2002, 09:51 PM   #5
karunesh
Member
 
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126

Rep: Reputation: 15
using SQUID ?

I think you are using SQUID web cache-proxy in your linux box.
So you can Run SQUID in Transparent Proxy Mode.After that you don't need to put proxy address and port in your browser's settings.

Simply redirect all traffic for port 80 towards your proxy port.

iptables -t nat -I PREROUTING -p tcp --src [Your Network]/[Subnet Mask] --dest 0/0 --destination-port 80 -j REDIRECT --to-port [Your Proxy Port]

 
Old 02-19-2002, 01:28 AM   #6
furquan
Member
 
Registered: Feb 2002
Posts: 30

Original Poster
Rep: Reputation: 15
Thanks Karunesh

yes i am using squid. could u also guide me as to where do i place this iptables statement ( i mean the path ) bcoz i m still getting my hands on linux.

Thanks
 
Old 02-19-2002, 06:31 AM   #7
karunesh
Member
 
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126

Rep: Reputation: 15
Using iptables

If you r using Linux Kernal 2.4 then you can use iptables.
Look in /sbin/iptables.

 
Old 02-20-2002, 10:47 PM   #8
furquan
Member
 
Registered: Feb 2002
Posts: 30

Original Poster
Rep: Reputation: 15
yeh karunesh

i am using kernel ver. 2.4 but when i open the file /sbin/iptables
it showes me junck characters. i cant figure a word out of it.

whats the next step that i should do

thanks
 
Old 02-21-2002, 01:02 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
No, /sbin/iptables is the binary for managing firewall rules.
If you installed iptables using some form of package management it usually comes with some form of example, and that would be in /etc. For clues look in /etc/(rc.d/)init.d for a file called iptables or firewall or the like, it should say what config file it's using.
Else you could make your own executable script in /etc/(rc.d/)init.d, and link it to the runlevel you have networking in (3 and up, not 6), just look in those dirs for examples.
Else you could tack it onto /etc/(rc.d/)rc.local.
 
Old 02-21-2002, 06:23 AM   #10
karunesh
Member
 
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126

Rep: Reputation: 15
EASY

Put all your iptables rules in a file and save it in /etc.Then make this file executable with chmod command.Now call this executable from /etc/rc.local.

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
block m$ related ports using iptables carboncopy Linux - Security 8 01-28-2005 12:30 PM
Block ports and limit access esears Linux - Security 2 06-09-2004 12:45 AM
Ports to Block chrisfirestar Linux - General 1 10-28-2003 03:27 AM
how to check for block ports by isp? Drogo Linux - Software 2 10-26-2003 05:15 PM
How to Block music ports JohnRide Linux - Security 1 12-02-2002 03:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration