[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ports




Erez Doron wrote:

> before I connect my firewall to the internet, i ran a little test,
> I've telnet each and every port on the firewall from inside,
> and saw which were open and on which connection was refused.
> 
> between the ports which not refused connection i found many ports,
> but 3 of them did not apear in /etc/srvices. the ports are : 874, 901,
> 1251
> 
> any ideas what those ports do ?

Nope, but you can find out which processes are associated with a given 
port using the `fuser' command, e.g. `fuser 874/tcp'.

> btw: if i want to use ipfwadm to disable connections to some ports
> which range should i choose, so it will not be possible to connect to
> me from outside, but it will give me full connectivity to the internet.
> ( i know i should exclude some ports if i want mail etc..., but that's
> not the
>  issue, i'll open these ports manually)

If you only want to receive packets which are replies to outbound TCP
connections, give the `-k' flag to ipfwadm, e.g.

	/sbin/ipfwadm -Ia accept -P tcp -k

will accept any packet which is part of an existing TCP connection,
but not a SYN-without-ACK packet used to initiate an inbound
connection.

> my biggest not refusing connection is port 2049 (nfs), is closing ports
> 0..2049 from outside is enough ? will it disable me to connect outside
> ( i.e. by telnet,ftp,http etc, connections opened by me )

Start by blocking all inbound packets with `ipfwadm -Ip reject', then
accept only those packets which you need to accept, e.g. TCP replies,
DNS replies, inbound SMTP connections.

-- 
Glynn Clements <glynn@sensei.co.uk>