LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-15-2004, 11:28 AM   #1
Tutilupo
LQ Newbie
 
Registered: Jul 2003
Posts: 6

Rep: Reputation: 0
Newbie Security, Nmap and Hosts.Allow


I am running a firewall/gateway called Clarkconnect, behind which are two MAC os X machines and one linux fedora core 1 machine. I don't think that I run any services on the clarkconnect box that I don't need, i.e. no web server etc. That's what the others are for !.

I ran nmap on both eth0 and eth1 on the Clarkconnect box and found the following ports open on both interfaces.

22/ tcp sshd
81/tcp hosts2-ns
82/tcp xfer
2000/tcp callbook

I did a little searching on the net and the last three seem pretty benign services, but nonetheless, I want to shut 82 and 2000 down and close off access to 22 and 81 except from one of my mac os x machines. I can use the webconfig on the clarkconnect box to close off ports 82 and 2000.

I think that I can close the other two in iptables and/or in hosts.allow and hosts. deny. So my question is, is this the recommended way to do this?

in my firewall script rc.firewall i thought I would add the following

$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
$IPTABLES -A FORWARD -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT


In hosts access control lists i thought I would add the following:

Hosts.deny

ALL:ALL

Hosts.allow

ALL:192.168.1.203 (this being the ip of the MAC os X machine)

Could someone tell me if these are done correctly? Also will I cut off web access on port 80 to the other machines? Thanks for your help
 
Old 01-16-2004, 03:59 AM   #2
Skunk_Face
Member
 
Registered: Jan 2004
Posts: 54

Rep: Reputation: 15
if you want to close of all ports except for the 22 and 81 ...i suggest you do

$IPTABLES -A INPUT -p tcp -i $INSIDE -s 192.168.1.203 --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp -i $INSIDE -s 192.168.1.203 --dport 81 -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 02:08 AM
NFS security with /etc/hosts.deny supernode Linux - Security 8 10-22-2005 10:51 AM
security newbie, but not Linux newbie. advice on secure delete tools mattie_linux Linux - Security 19 08-15-2005 02:50 AM
newbie learning NMAP, NESSUS, NIKTO amrogers3 Linux - Newbie 1 01-28-2004 04:55 PM
nmap security sam00 Linux - Security 8 01-02-2004 09:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration