[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need help blocking all ports except a few



I'm using a newly installed Debian 3.0r2 and the game server I'm running ís 
Neverwinter Nights. Gamespy needs all those ports opened to list the server.

I checked my ports with netstat -tulp but how do I stop those services?
In inetd.conf there's only smtp and identd externally. I commented out smtp (it 
didnt relay anyway but it's not needed).

This is my output from netstat -tulp:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
PID/Program name   
tcp        0      0 *:ssh                   *:*                     LISTEN      
200/sshd            
tcp        0      0 *:printer               *:*                     LISTEN      
191/lpd             
tcp        0      0 *:auth                  *:*                     LISTEN      
187/inetd           
tcp        0      0 *:smtp                  *:*                     LISTEN      
187/inetd           
tcp        0      0 *:time                  *:*                     LISTEN      
187/inetd           
tcp        0      0 *:daytime               *:*                     LISTEN      
187/inetd           
tcp        0      0 *:discard               *:*                     LISTEN      
187/inetd           
tcp        0      0 *:1024                  *:*                     LISTEN      
179/rpc.statd       
tcp        0      0 *:111                   *:*                     LISTEN      
111/portmap         
udp        0      0 *:discard               *:*                                 
187/inetd           
udp        0      0 *:1024                  *:*                                 
179/rpc.statd       
udp        0      0 *:moira_ureg            *:*                                 
179/rpc.statd       
udp        0      0 *:111                   *:*                                 
111/portmap         
udp        0      0 *:bootpc                *:*                                 
107/dhclient-2.2.x

Thanks for all the help!

Yours,
Sommarnatt

Quoting Patrick Lesslie <patricklesslie@iinet.net.au>:

> On Thu, Dec 25, 2003 at 02:54:41PM +0100, Sommarnatt wrote:
> > 
> > I'm new to iptables/chains and need help setting up my new Debian system.
> > The system is going to be a gameserver and I've never set that up before.
> 
> ipchains can run on 2.2 series kernels.  iptables requires 2.4
> (or 2.3, but you might as well use 2.4).  Installing a 2.4 
> kernel-image is fairly easy on debian, and since most modern 
> firewall programs use iptables scripts I'd recommend making 
> the switch to 2.4 (e.g. debian package kernel-image-2.4.18-1-686
> or similar, depending what platform you run).
> 
> You can run ipchains, but I'm not sure what you have to do.
> 
> > The only services that really need to be open are ssh2 and the game
> server.
> > 
> > The game server needs these ports opened:
> > 5120-5300 (UDP only)
> > 6667, 80,27900,28900,29900.29901,13139 and 6500
> > 
> > Any takers? Or some pointers? Tried Firehol, but it complains that it needs
> a 
> > kernel higher than 2.3
> 
> The other thing you could do is just make sure there aren't programs
> running on any ports but these.  There was a recentish post about
> doing that, and avoiding having a firewall altogether.  It amounts
> to not having much else running, and it sounds like you won't need
> much else anyway.
> 
> Patrick Lesslie
> 
> 
> On Wed, Dec 10, 2003 Bernd Eckenfels wrote:
> >
> > On Wed, Dec 10, 2003 at 01:40:28PM +1100, Daniel Pittman wrote:
> > > Extremely. Without a Firewall, connecting to the Internet is an
> > > invitation to pain, these days. :/
> >
> > this is not true, if your system runs with a minimum of secure
> > configuration. You do not need to run a firewall, if you do not have
> > open ports.
> >
> > Using "netstat -tulp" as root will print all the processes you have to
> > terminate, or decide you want to use (if you want to use them a firewall
> > will have to permit those ports, anyway)
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 





Reply to: