Some firewall questions
Results 1 to 4 of 4

Thread: Some firewall questions

  1. #1
    Member
    Join Date
    Jan 2003
    Posts
    37

    Post Some firewall questions

    Hi people; i hope someone can help me with this.
    Well in fact i am asking more to learn than to my concern of haveing some few open ports;
    the thing is that I've got a Red Hat 6.0 box, with a 2.2.16 kernel (really stable; this is the secound year that the PC stays non stop with no clashes at all); and have it programed to be a "router"; I've programed it with IPchains because IPtables had not been released yet; and have the IP masquerading service.
    Well the question is this one:
    which are the ports that need to be open so that i can run ip_masquerade service?
    I've got the 53, 443, 515, 1080, 5190, and 8080 ports open and i am sure that not all of them need to be opened to have the IP_masquerading service working; for example the 515 (spooler port; which I supouse has nothing to do with masquerading doesn't need to be open).
    The second question; is how do i close those ports; which services should i kill to close those ports; or should i touch the inet.d file?
    Well i hope someone can help me with this...
    thanks.
    ampm2003

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You don't need any open ports to use the ip masquerade service. It's a type of routing, and has no interaction with the host networking.

    As far as "how do I close ports" is concerned, please see another one of the million or so threads on this topic

    By the way this thread should probably be in another forum, like network security or unix security.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Re: Some firewall questions

    First, some thoughts.

    IPTables has been released (http://netfilter.org).

    You really should update your kernel. There are a lot of vulnerabilities out there. Just because you believe it works fine doesn't mean that someone hasn't been through.

    I'd recommend switching from IPChains to IPTables. The static nature of IPChains makes it a weak firewall.

    Now, slarty answered your question about the IP_Masquerading. All that IP_MASQ is, is NAT. It is translating addresses internally to external. It is part of the firewall rules and is not a service.

    Elimenate the ports that don't need to be available on the internet. Really, looking at your ports I'd say only port 53 (outbound /inbound to get to DNS), port 443 (for HTTPS and SSL) and port 8080 (assuming you are offering webservices out).

    A question though: what is this box for? Webserver?


    Originally posted here by ampm2003
    Hi people; i hope someone can help me with this.
    Well in fact i am asking more to learn than to my concern of haveing some few open ports;
    the thing is that I've got a Red Hat 6.0 box, with a 2.2.16 kernel (really stable; this is the secound year that the PC stays non stop with no clashes at all); and have it programed to be a "router"; I've programed it with IPchains because IPtables had not been released yet; and have the IP masquerading service.
    Well the question is this one:
    which are the ports that need to be open so that i can run ip_masquerade service?
    I've got the 53, 443, 515, 1080, 5190, and 8080 ports open and i am sure that not all of them need to be opened to have the IP_masquerading service working; for example the 515 (spooler port; which I supouse has nothing to do with masquerading doesn't need to be open).
    The second question; is how do i close those ports; which services should i kill to close those ports; or should i touch the inet.d file?
    Well i hope someone can help me with this...
    thanks.
    ampm2003
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Member
    Join Date
    Jan 2003
    Posts
    37
    Thanks for your help; yes; i should really go into IPTables; but with my studies, i haven't got much time to do so... Regarding MsMittens question; the linux box is only used as a router...
    well peolpe thanks again...
    ampm2003
    \"Aclaró que un Aleph es uno de los puntos del espacio que contiene todos los puntos\"... (An Aleph is a point in space that contains every point)
    Jorge Luis Borges \"El Aleph\"...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •