firewall
Hi
I been installing firewall on iptables, and I have few questions,
my situation is beet specyfic
I am connecetd to internet somthing like this
----------+ +------------------+
my network|-------+eth0 Router ppp0+----+ISP Firewall+------INTERNET
| |with iptables |
--------- + +------------------+
I put the firwall on iptables on router, Linux box with debian
but I can scan only via nmap from inside network or from router interfaces
ppp0 to see what ports I have open,
but my question is
When I scan that way nmap -v -sS -O ppp0(I give IP address)
then I heve some port open,
shoud I make them filtered?!
my open ports are
Service| Port| State
------------------
ssh | 22 | Open
telnet | 23 | Open
smtp | 25 | Open
domain | 53 | Open
pop-3 | 110 | Open
sunrpc | 111 | Open
printer| 515 | Open
kdm |1024 | Open
netstat -anp return this .....
router:/home/tom# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN
509/rpc.mountd
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
491/lpd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
485/inetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
97/portmap
tcp 0 0 10.16.34.56:53 0.0.0.0:* LISTEN
447/named
tcp 0 0 192.168.253.254:53 0.0.0.0:* LISTEN
447/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
447/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
517/sshd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
485/inetd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
485/inetd
tcp 0 0 192.168.253.254:22 192.168.253.20:2209
ESTABLISHED 12226/sshd
tcp 0 0 192.168.253.254:22 192.168.253.20:1666
ESTABLISHED 2544/sshd
udp 0 0 0.0.0.0:1024 0.0.0.0:*
447/named
udp 0 0 0.0.0.0:2049 0.0.0.0:*
-
udp 0 0 0.0.0.0:1026 0.0.0.0:*
-
udp 0 0 0.0.0.0:1027 0.0.0.0:*
509/rpc.mountd
udp 0 0 10.16.34.56:53 0.0.0.0:*
447/named
udp 0 0 192.168.253.254:53 0.0.0.0:*
447/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
447/named
udp 0 0 0.0.0.0:111 0.0.0.0:*
97/portmap
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
unix 2 [ ACC ] STREAM LISTENING 380 447/named
/var/run/ndc
unix 6 [ ] DGRAM 332 435/syslogd
/dev/log
unix 2 [ ACC ] STREAM LISTENING 546 491/lpd
/dev/printer
unix 2 [ ] DGRAM 781 540/pppd
unix 2 [ ] DGRAM 538 491/lpd
unix 2 [ ] DGRAM 434 460/diald
unix 2 [ ] DGRAM 378 447/named
what shoud I do? How can I close for example lpd ?
or sunrpc ?
shoud I block all this port by giving specyfic IP ?
in man for nmap is writen:
"... Filtered means that a firewall, filter, or
other network obstacle is covering the port
and preventing nmap from determining whether
the port is open."
if I will make filtered somehow?! can I still connect to my router via
ssh? orother way?
what is your advice?
any sugestion will be greatfull :)
siaraX
Reply to: