On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote:
> I am configuring a computer as a firewall and ip-masquerading server.
> Being on this adventure (it is my first time doing this), I have the
> following questions:
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules, but the computer would not do that. What is this port
> used for?
> - I have heard something about putting hosts who are portscanning you
> automatically in hosts.deny, so that your computer is invisible for that
> host. Where can I control that function (and put it on)?
> - any other things worth knowing about private firewall ip-masq servers?
> Thanks in advance!
There have already been some good suggestions on how to fix this. (Remove
However, you can also use ipchains to specifically block these incoming
One machine I administer has this rule
/sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT
This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
to establish a new connection) to work only on ports 20 through 80.
Even on a well-administered firewall, this kind of rule can protect you
from accidently installing something that exposes you to additional risk.
And on a firewall which has software on it that your client insists on,
it can really reduce your exposure!
> Unsubscribe? mail -s unsubscribe firstname.lastname@example.org < /dev/null
- From: Sebastiaan <email@example.com>