Testing Linux Firewall?

I am new to linux, and I have begun to try to understand some of its basics. I have two questions. Do I need the following ports open to simply surf the net, do email, and download the occasional program?

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1596 ports scanned but not shown below are in state: closed)
Port State Service
25/tcp open smtp
111/tcp open sunrpc
631/tcp open ipp
6000/tcp open X11
10000/tcp open snet-sensor-mgmt

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

I have tried to configure my firewall using ipchains, and would like to test it. Is there any way that I can do this? I even searched google and AO, and was only successful in finding windoz based scans. (Note: An online scan is probably not possible in my situation because I am behind a router.) Thanks, sorry if this is kind of long and rambling.

X11 runs for remote X servers and that's what I know off the top of my head as well don't feel like doing the google thing right now you should try it and see what you get when you google it is quite simple.

Did you run NMAP on the local host or remotely? Is your firewall up and running?

oh, and to "simply surf the net" you do not need those ports open.

631 ipp is internet printing protocol, either case, you don't need all those other ports open (except for x11, i don't use windows manager, so i'm not sure about this). anyways, if you're curious what those ports do, try the following:

lsof -i type:port
grep something /etc/services

hope this helps.

-w0rm3y

Thanks for the help everyone!

You probably don't need port 25 open, because unlike what Marijuana said, it isn't used for outgoing mail, it's used for *incoming* mail. Now unless you're using your machine as an incoming mail server for a domain, you don't need SMTP listening. *even* if you're using the machine as a relay.

I would say you can safely firewall all of those ports. However it's better practice just to firewall everything and then let in what you need.

Reading further down your post: if you are behind a router which does NAT (i.e. Most home routers and many others), the whole thing is academic anyway because attackers cannot address your machine, much less attack it. So if your machine has an IP in one of the reserved ranges (10.* , 192.168.* or 172.16.*-172.17.*), there is no possibility of an attacker connecting to it in a direct manner

The question u should ask yourself is: "Do I need any server application on my machine?".
If not make a simple rule to forbid any connection between port 1 to 1024.

For other port visit the following site - it will give u any info you're looking for
http://www.chebucto.ns.ca/~rakerman/port-table.html

BTW §I'll advice you to use iptable which is the Netfilter upgrade of ipchain

As a sidenote,SMTP(25) is used for both incoming and/or outgoing.(RFC 2821) also
a firewall does not insure 'no possibilty' of someone connecting, thats whats called candy security. aka Hard crunchy shell, soft chewy inside. Follow good security practices and shut down un-neccessary services regardless.

-Maestr0

111/tcp open sunrpc

Hi


You better close this one :( it's remote procedure call service Crackers/Script Kiddies
probe for this open port all the time rpc services have many security issues. Attackers can register a bogus rpc service & instruct your portmapper to listen for his her commands requests. If he or she manipulates your portmapper to forward requests to avalible services on your Linux system the attackers trick them into thinking there coming from your machine if you need to run any RPC services you need to weigh the security considerations very carefully if you don't need any rpc services I'd advise you to disable them
all including Portmapper beware!


Doc

Wow! I'm glad that I posted this thread, because I probably would have just left my firewall the way it was. Thanks to everyone for the info!