RE: closeing open ports

To: "Osamu Aoki" <debian@aokiconsulting.com>
Cc: <debian-user@lists.debian.org>
Subject: RE: closeing open ports
From: "Michael Earls" <michael@michaelearls.com>
Date: Sun, 29 Apr 2001 11:38:25 -0700
Message-id: <[🔎] FCECJLJEDJPPIPDCLMGCKEOPCAAA.michael@michaelearls.com>
In-reply-to: <[🔎] 20010429020503.A6985@mickey.lan.aokiconsulting.com>

that was great info, but i do not need to masq any ips,  i just need to
limit the ports being open,  i have edited inetd.conf, but there were some
ports not listed in there.  here is a port scan on my box,

[root@dali mearls]# nmap -sS -sU vermeer

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on vermeer.michaelearls.com (207.86.78.22):
(The 3092 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
25/tcp     open        smtp
69/udp     filtered    tftp
80/tcp     open        http
111/tcp    open        sunrpc
111/udp    open        sunrpc
138/udp    open        netbios-dgm
515/tcp    open        printer
517/udp    open        talk
1024/tcp   open        kdm
1025/udp   open        blackjack
1026/udp   open        unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds

from port 111 to 1026.  I only need the first ones open,  does your ipchain
script do that without trying to masq or what do i need to change to fix
that.

Thanks for your time

michael

-----Original Message-----
From: Osamu Aoki [mailto:debian@gateway.aokiconsulting.com]On Behalf Of
Osamu Aoki
Sent: Sunday, April 29, 2001 2:05 AM
To: Michael Earls
Cc: debian-user@lists.debian.org
Subject: Re: closeing open ports

On Sun, Apr 29, 2001 at 01:38:33AM -0700, Michael Earls wrote:
> What is a good starting point / reference point on ipchains.  I have it
> installedx but not config.  Is there a file that i can edit for ipchains?
>
> I only need 21 ftp 22 ssh 25 smtp 80 http
You may want to open auth too.

Closing service can be done by /etc/inetd and update-rc.d but for your
purpose installing ipchain based firewall may be better.  If this is
gateway machine, you want to install ipmasq package.  To close service,
by ipchain, follow

    http://bugs.debian.org/87499

The script attached is actually for potato ipmasq.  My quick reference
site has same info.

--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~
+  Osamu Aoki <debian@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D  +
+  My debian quick-reference, http://www.aokiconsulting.com/quick/    +

Reply to:

Follow-Ups:
- Re: closeing open ports
  - From: Daniel Freedman <freedman@ccmr.cornell.edu>
- Re: closeing open ports
  - From: ktb <ktb@nixnotes.org>

References:
- Re: closeing open ports
  - From: Osamu Aoki <debian@aokiconsulting.com>

Prev by Date: Re: Partitioning prior to dual boot installation of Debian and Windows ME
Next by Date: Printer Failure
Previous by thread: Re: closeing open ports
Next by thread: Re: closeing open ports
Index(es):
- Date
- Thread