Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-28-2006, 12:50 AM
|
#1
|
Member
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474
Rep:
|
Ports
-in creating a firewall what are the ports and services that should be allowed?
|
|
|
09-28-2006, 01:34 AM
|
#2
|
Member
Registered: Jun 2006
Location: Belarus
Distribution: Debian GNU/Linux testing/unstable
Posts: 471
Rep:
|
Exactly the ones you need.
|
|
|
09-28-2006, 05:28 AM
|
#3
|
Member
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777
Rep:
|
1. In case of normal IPTABLES-SQUID setup.
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 8080/3128 IN | TCP(depending on if you are running PROXY accept for LAN) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE
2. In case of Iptables-transparent SQUID setup & MASQUAREDING
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 80/443/53 IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE
In last case & only in MASQUAREDING.. you got to,
Destination-port 80/443/53 FORWARD IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED FORWARD IN | @INET-INTERFACE
For rest of the ports & their direction of implementation;
you got to make list of services you are running & refer /etc/services for their port nos.
p.s. : ALL CHAINS HAVE DEFAULT POLICIES AS DROP.
|
|
|
10-01-2006, 11:32 PM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
is this a router, a server, or a stand-alone PC?? the typical stand-alone PC won't need to allow any incoming connections to any port at all (all ports filtered), and outgoing connections would either be allowed to any port, or to "exactly the ones you need", as indicated by Samotnik... but really, the only way for us to advise you on which ports/services to allow is if you first provide a description of what the relevant box's duties are...
Last edited by win32sux; 10-01-2006 at 11:33 PM.
|
|
|
10-03-2006, 10:27 PM
|
#5
|
Member
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474
Original Poster
Rep:
|
-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for ftp & http download and web access.
|
|
|
10-03-2006, 10:28 PM
|
#6
|
Member
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474
Original Poster
Rep:
|
-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for safe and secure ftp & http download and web access.
|
|
|
All times are GMT -5. The time now is 07:43 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|