LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-22-2005, 06:14 AM   #1
hottdogg
Member
 
Registered: Aug 2004
Distribution: opensuse ,debian/ubuntu
Posts: 217

Rep: Reputation: 30
Open/Closing port without iptables?


I'm sorry for asking about open-close port again.
Based on my quick search I only found opening/closing port is done using iptables. I dont want to mess around my iptables b'cause i plan to use dedicated firewall (old-pc). Oh..btw, iptables is for hiding port right? (some argue this is better)

Anyway, How to close or open a port/service using text configuration file?
I use slackware 10.2.

If I missed from my search, Giving link(s) to another thread that answer my question would be appreciated too.

-edit-
1 more question. Is it possible to download via ssh? How to do it?
quick scan of man ssh doesn't give any clue

Thanx.

Last edited by hottdogg; 12-22-2005 at 06:27 AM.
 
Old 12-22-2005, 06:51 AM   #2
raska
Member
 
Registered: Aug 2004
Location: Aguascalientes, AGS. Mexico.
Distribution: Slackware 13.0 kernel 2.6.29.6
Posts: 816

Rep: Reputation: 31
Quote:
Originally Posted by hottdogg
...Is it possible to download via ssh? How to do it?
quick scan of man ssh doesn't give any clue
check out the scp utility. for the ports without iptables thing ... I don't know
 
Old 12-22-2005, 07:32 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 420Reputation: 420Reputation: 420Reputation: 420Reputation: 420
The only way to close ports beside using iptables is to shut down the daemons that are running the services. For example, if you don't serve web pages off of the box, you should turn off Apache, thus effectively "closing" port 80. You can use the hosts.allow and hosts.deny files to stop some access, but iptables is probably a more general way to approach the problem.

Quote:
Oh..btw, iptables is for hiding port right? (some argue this is better)
Actually, iptables is much more capable than that. It is a set of rules that allows you to do all sorts of things with packets so you can build a complete firewall and/or router with iptables. The ability to "hide" ports is only a small portion of its abilities.
 
Old 12-23-2005, 06:44 PM   #4
hottdogg
Member
 
Registered: Aug 2004
Distribution: opensuse ,debian/ubuntu
Posts: 217

Original Poster
Rep: Reputation: 30
Ok, how to close/open service?

And regarding scp I think it's good idea. Currently just for temporary, I want to transfer a big file from my slackware to netbsd. So, I want to make netbsd act as a client and slackware as an scp server. How to setup scp server for slackware?
 
Old 12-23-2005, 07:11 PM   #5
raska
Member
 
Registered: Aug 2004
Location: Aguascalientes, AGS. Mexico.
Distribution: Slackware 13.0 kernel 2.6.29.6
Posts: 816

Rep: Reputation: 31
you don't need to set it up, though I think the ssh service should be working on the target server

just issue a command like this

Code:
scp user@targetHost:/path/to/whatever/file /where/you/want/it
that shall bring the file to the second path, which is in the client machine. It will ask you for the user@targetHost password, and make the connection through ssh. Here's a clearer example

Code:
scp root@192.168.1.1:/root/da.file /root
You can also share some folders on a machine with NFS and make it a file server. Those NFS shares (Unix Network File System) can be mounted on any host which has permission. The file /etc/exports is the configuration file to allow access to certain hosts, and the service is started with /etc/rc.d/rc.nfsd start | stop | restart. As always, is recommended to check out the man pages of all those files and services, man exports is helpful.
 
Old 12-25-2005, 04:49 PM   #6
Marsanghas
Member
 
Registered: Sep 2003
Location: Spijkenisse, Netherlands
Posts: 119

Rep: Reputation: 15
For secure copying of files you can also use sftp.. works just like ftp. It's much more convenient than scp when doing things manually.

And when you are using a firewall, what do you need to shut down ports for on your local machine? And which? As said.. don't run services you don't need, and you can also check your /etc/inetd.conf .
 
Old 12-26-2005, 10:56 AM   #7
tw001_tw
Member
 
Registered: Mar 2003
Location: St. Louis, MO
Distribution: kubuntu-current
Posts: 551
Blog Entries: 4

Rep: Reputation: 31
Quote:
Anyway, How to close or open a port/service using text configuration file? I use slackware 10.2.
Here is a simple how-to... it might get you started on manually closing ports. Its just a copy and paste.

Quote:
Since most systems are different, here is a breif rundown of my system and setup.

I have cable access to the internet.
My cable modem is a Motorola
That is connected to my Linksys router w/switch & firewall

I did a clean install of Slackware 10.

When I ran nmap - here were the results:

"nmap localhost" results in:
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
37/tcp open time
113/tcp open auth
587/tcp open submission
631/tcp open ipp
6000/tcp open X11

and "nmap -sU localhost" results in:
37/udp open time
68/udp open dhcpclient
512/udp open biff

We will go 1 at a time.
========================================================

22/tcp ssh - Since I never planning on accessing my system from anywhere except from here at my desk, I wanted this off.

You can do it manually by editing /etc/rc/d/rc.inet2

Change this:
# Start the OpenSSH SSH daemon:
if [ -x /etc/rc.d/rc.sshd ]; then
echo "Starting OpenSSH SSH daemon: /usr/sbin/sshd"
/etc/rc.d/rc.sshd start
fi

to this:
# Start the OpenSSH SSH daemon:
# UNCOMMENTED BY DEFAULT *****************************
# if [ -x /etc/rc.d/rc.sshd ]; then
# echo "Starting OpenSSH SSH daemon: /usr/sbin/sshd"
# /etc/rc.d/rc.sshd start
# fi


I made the # UNCOMMENTED BY DEFAULT **** line so it would be easier to find
if I ever need to enable it again.

OR you could simply run 'pkgtool' -> setup -> services, select services and remove the 'X' in front of rc.sshd - I am sure that this would be the prefered way.

=========================================================

25/tcp smtp - Since my computer will not be a mail server, nor will I use 'sendmail' I wanted this off too.

You can do it manually by editing /etc/rc.d/rc.sendmail

change this:
# Start the sendmail daemon:
if [ -x /etc/rc.d/rc.sendmail ]; then
. /etc/rc.d/rc.sendmail start
fi

to this:
# Start the sendmail daemon:
# NEXT # LINES ORIGINALLY UNCOMMENTED *******************
# if [ -x /etc/rc.d/rc.sendmail ]; then
# . /etc/rc.d/rc.sendmail start
# fi

OR once again, you could do it automatically by running 'pkgtool' -> setup -> services, select services and remove the 'X' in front of rc.sendmail
=========================================================

37/tcp time - I do not update my computers time setting via the internet automatically, so I wanted this off too. This will also get rid of "37/udp open time"

You can do it manually by editing /etc/inetd.conf

change this:
time stream tcp nowait root internal
time dgram udp wait root internal

to this:

# COMMENTED OUT time stream tcp nowait root internal
# COMMENTED OUT time dgram udp wait root internal

=========================================================

113/tcp auth - This I want. It is for authentication on the internet.

You can look at the line in /etc/inetd.conf

It looks like this:

# Ident service is used for net authentication
auth stream tcp wait root /usr/sbin/in.identd in.identd

==========================================================

587/tcp submission - This is a port for Message Submission protocol - it is part of 'send mail'. By removing sendmail, this open port is also removed from the list.

==========================================================

631/tcp ipp - This is the Internet Printing Protocol. If you use the CUPS print server, this port is opened.

To disable it, 'pkgtool' -> setup -> services, select services and remove the 'X' in front of rc.cups - If you use CUPS as a print manager, keep it.

==========================================================

6000/tcp X11 - Apparently you can disable this and still have X work properly - although I have read many conflicting reports on the issue. I use KDM as a login manager, so I am unsure how and unable to find information on how to close this port manually.
Any help on this issue would be nice.

==========================================================

37/udp time - This is taken care of when editing the 2 lines for 37/tcp in the file /etc/inetd.conf

==========================================================

68/udp open dhcpclient - This I left open. 68/udp is dhcp bootstrap protocol client - I have yet to find good info on this. I can say that this is the transmit port, not a listening port so it all should be OK. At the current time I don't know how to disable it. However I can tell you that I can not access my website (being hosted on the computer I am writing these instrucitons off of) if I kill the PID,so I left this one.

==========================================================

512/udp biff - Since I don't use biff, I don't need it.

You can close this port by editing our good friend /etc/inetd.conf

Change this:

# The comsat daemon notifies the user of new mail when biff is set to y:
comsat dgram udp wait root /usr/sbin/tcpd in.comsat

to this:

# The comsat daemon notifies the user of new mail when biff is set to y:
# COMMENTED OUT comsat dgram udp wait root /usr/sbin/tcpd in.comsat

===========================================================
So thats it. Now, when I run nmap:

"nmap localhost" results in:
113/tcp open auth
6000/tcp open X11

and
"nmap -sU localhost" results in:
68/udp open dhcpclient


 
Old 12-27-2005, 12:16 PM   #8
lokiharfagr
LQ Newbie
 
Registered: Dec 2005
Location: France
Distribution: Slackware, what else?-)
Posts: 4

Rep: Reputation: 0
Instead of commenting inside your rc files
use the modifiers to turn the ones you want off to
non-executable files, this way the rc launchers'll
know your choices, that's the way it is supposed
to work ;-)

For instance:
chmod -x /etc/rc.d/rc.sshd

Then, the test in /etc/rc/d/rc.inet2 :
---------
if [ -x /etc/rc.d/rc.sshd ]; then...
---------

will be happy.
 
Old 12-27-2005, 03:55 PM   #9
Poetics
Senior Member
 
Registered: Jun 2003
Location: California
Distribution: Slackware
Posts: 1,181

Rep: Reputation: 49
I've always been much more a fan of the ol' `chmod -x` than going through whatever graphical windows to arrive at the same conclusion as well
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Closing port 4000. gbowden Linux - Security 3 10-10-2005 11:04 AM
Iptables help, block port to outside but open to inside. Brian1 Linux - Networking 2 09-27-2005 08:41 PM
closing ssh port einstien Linux - Security 32 06-29-2005 09:57 PM
open port 10000 by iptables vijaysh Linux - Security 2 12-24-2004 12:55 PM
Advanced port closing azi Linux - Security 1 06-02-2004 03:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration