I am running a firewall/gateway called Clarkconnect, behind which are two MAC os X machines and one linux fedora core 1 machine. I don't think that I run any services on the clarkconnect box that I don't need, i.e. no web server etc. That's what the others are for !.

I ran nmap on both eth0 and eth1 on the Clarkconnect box and found the following ports open on both interfaces.

22/ tcp sshd
81/tcp hosts2-ns
82/tcp xfer
2000/tcp callbook

I did a little searching on the net and the last three seem pretty benign services, but nonetheless, I want to shut 82 and 2000 down and close off access to 22 and 81 except from one of my mac os x machines. I can use the webconfig on the clarkconnect box to close off ports 82 and 2000.

I think that I can close the other two in iptables and/or in hosts.allow and hosts. deny. So my question is, is this the recommended way to do this?

in my firewall script rc.firewall i thought I would add the following

$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
$IPTABLES -A FORWARD -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT


In hosts access control lists i thought I would add the following:

Hosts.deny

ALL:ALL

Hosts.allow

ALL:192.168.1.203 (this being the ip of the MAC os X machine)

Could someone tell me if these are done correctly? Also will I cut off web access on port 80 to the other machines? Thanks for your help

if you want to close of all ports except for the 22 and 81 ...i suggest you do

$IPTABLES -A INPUT -p tcp -i $INSIDE -s 192.168.1.203 --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp -i $INSIDE -s 192.168.1.203 --dport 81 -j ACCEPT