[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains/ipmasq/List of Ports/Exim

Good Morning,

To find out what services run on what ports, theres a couple fairly easy

1) Something like "more /etc/services" or "less /etc/services" or one way
or another look at the /etc/services text file.  Don't freak out that "wc
-l /etc/services" claims 384 possible services per my machine, just because
it lists the numerous ports for appletalk doesn't mean you're running
appletalk...  Its a dictionary, or a reference list of which service goes
with which port.  Obviously, if you are running something outside of
inetd.conf, like maybe a "redir" command or two, this isn't going to help.
This option is a good "first guess", but you really need to run and
understand the output of something like nmap... see below.

2) Run a nmap on your machine and look at the results.  If you already have
filtering rules, you probably need to run that from the "outside" or from
another machine.   The debian package is creatively named "nmap" and you
probably want to run something like "nmap whatevermy.ip.address.is"

Heres an example of nmap, run on a purely internal, yet semi secure host
via 10 meg ethernet.  Obivously would be a wee bit slower over a 56K modem.
In the example below, SSH, NFS (sunrpc), and X11, and email (smtp) are
open.  I have no idea what right off hand why something is running on ports
750, 775, and 1024.  I suppose I should look into that.

nmc:~$ nmap -p 1-65535 vlm-jr

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on  (
Port    State       Protocol  Service
22      open        tcp        ssh
25      open        tcp        smtp
111     open        tcp        sunrpc
750     open        tcp        kerberos
775     open        tcp        entomb
1024    open        tcp        unknown
2049    open        tcp        nfs
6000    open        tcp        X11

Nmap run completed -- 1 IP address (1 host up) scanned in 67 seconds

Read the man page for nmap and understand it, before you use it, or you'll
merely shoot yourself in your foot.

3) Try something like "netstat -a | more"  That should tell you exactly
what is running on what port, in addition to what connections are open at
any given time.

As for email, yes "cron" tends to send me a few emails per month, even if
things are working perfectly, which I suppose could be considered a bug in
the package that is sending the email...  Also if there is a
misconfiguration you could have plenty more emails.  Although log files are
rotated, if something is screwed up enough, its possible to get huge log
files, and 20 meg email boxes, etc.  Realistically, you should be at least
scanning through those log files and email anyway, and it only takes a
minute to run "du /var/log" and "df" and "elm" (or pine, etc) every week or
so anyway.  Remember those log files and emails are generated for you, and
theres generally a good reason why.

To install ssh, you will need to install the creatively named package
"ssh".  You will likely have to download it from the Debian website
(download it from a mirror).  There is at least one dependancy on some math
library package, which is no big deal.  In general, if you want to find the
package name for a program, go to the Debian website and go in the packages
area and search for the name and/or the description of the package.

I really can't comment on the MTA or ip chains problem.  There plenty of
MTAs to chose from, and I wouldn't be surprised if one exists that's easier
to setup than exim, and/or smaller.  If all you want is local delivery, it
can surely be a pretty stripped down program compared to sendmail!

Thanks and Good Luck!

                    Michael Boyd                                                                                          
                    <Michael.Boyd@mauns        To:     debian-firewall@lists.debian.org                                   
                    ell.co.uk>                 cc:     (bcc: Vince Mulhollon/Norlight)                                    
                                               Fax to:                                                                    
                    11/10/2000 07:50 AM        Subject:     ipchains/ipmasq/List of Ports/Exim                            

The info. you've kindly provided since my first mail has been most
helpful thanks.  I am intending to rebuild by debian box over the
weekend with the bare necessities in terms of packages and modules and
with a 100MB HD rather than 500MB.

Before installing ipmasq I entered 'ipchains -nL' and received what I
expected, i.e. a return listing the 3 chains and not much else.  After
installing and starting ipmasq the same command returns a much longer
list with more information.  Does this mean that both ipchains and
ipmasq affect a single 'service' underlying them both?  I read an
article last night referring to MASQ in ipchains commands, is that what
ipmasq is activating?

Assuming my rebuild goes ok I intend to start planning the rules to give
my FW.  Can anyone point me in the direction of a list of which ports do
what?  I know 23 is telnet from a magazine article but that's about all.

My reason for asking about exim in my last message was perhaps not as
clear as it might have been.  I had 2 reasons for asking; 1) I was
wondering if exim is an appropriate tool for making the logs on my FW
available to a masqed box as emails, and 2) If root generates emails
routinely (excuse my lack of knowledge but I don't know if it does) I
had a thought lurking in my mind that they could pile up and fill what
remains of my 100MB drive.  With the file system full I guess the FW box
would protest and in effect I would have done a DoS on myself.  If I am
talking rubbish, please tell me, but not all at once!  :-)

One last thing, which packages do I need to access my FW using ssh?



To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: