I just noticed that I have ports 25(smtp), 80 and 139 (NetBIOS) open and I need to close them. I am running a SuSE box to connect to the internet (dial-up) and it is running ip-masq to serve the connection to the rest of the house. This same machine also works my NFS, Samba and printing. I hate to do much to it, because it has been up for 130 days w/o a single problem (2 windoz boxes and a SuSE workstation are connected to it). What do I need to do to make this machine tighter on security. I thought I had ip-chains configured correctly, but I must be wrong. Here is the url that detected the open ports: http://www.grc.com/default.htm. Any and all help/ideas would be greatly appreciated. TIA. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, I have the excact same configuration at home. Here's what I did: (my private NIC is eth0, the public (Internet) NIC is eth1) echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -F ipchains -A forward -j MASQ ipchains -A input -d <IP of my eth1> 1-1024 -j DENY That's it. The only thing ipchains allows is pinging, therefore port 0 is open. The rest is not accessable from the outside. It works for me, I usually got nuked and pinged often, now this is over, since the box doesn't respond. I'm now searching for a way to specifiy eth1 in stead of the IP, because I have another box dialing into a dynamic IP pool , so the IP number changes every time I dial. Greetings, Rogier jfondow wrote:
I just noticed that I have ports 25(smtp), 80 and 139 (NetBIOS) open and I need to close them. I am running a SuSE box to connect to the internet (dial-up) and it is running ip-masq to serve the connection to the rest of the house. This same machine also works my NFS, Samba and printing. I hate to do much to it, because it has been up for 130 days w/o a single problem (2 windoz boxes and a SuSE workstation are connected to it). What do I need to do to make this machine tighter on security. I thought I had ip-chains configured correctly, but I must be wrong. Here is the url that detected the open ports: http://www.grc.com/default.htm. Any and all help/ideas would be greatly appreciated. TIA.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Rogier Maas wrote:
Hi,
I have the excact same configuration at home. Here's what I did:
(my private NIC is eth0, the public (Internet) NIC is eth1)
echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -F ipchains -A forward -j MASQ ipchains -A input -d <IP of my eth1> 1-1024 -j DENY
That's it.
The only thing ipchains allows is pinging, therefore port 0 is open. The rest is not accessable from the outside.
It works for me, I usually got nuked and pinged often, now this is over, since the box doesn't respond.
I'm now searching for a way to specifiy eth1 in stead of the IP, because I have another box dialing into a dynamic IP pool , so the IP number changes every time I dial.
If this is all in a script, you can grep ifconfig and move your current ip into a variable, and then instert the variable in the appropriate place.
I just noticed that I have ports 25(smtp), 80 and 139 (NetBIOS) open and I need to close them. I am running a SuSE box to connect to the internet (dial-up) and it is running ip-masq to serve the connection to the rest of the house. This same machine also works my NFS, Samba and printing. I hate to do much to it, because it has been up for 130 days w/o a single problem (2 windoz boxes and a SuSE workstation are connected to it). What do I need to do to make this machine tighter on security. I thought I had ip-chains configured correctly, but I must be wrong. Here is the url that detected the open ports: http://www.grc.com/default.htm. Any and all help/ideas would be greatly appreciated. TIA.
Put the following lines in the appropriate place in your script: ipchains -A input -p tcp -d your.ip.add.ress 25 -i ppp0 -j DENY ipchains -A input -p tcp -d your.ip.add.ress 80 -i ppp0 -j DENY ipchains -A input -p tcp -d your.ip.add.ress 139 -i ppp0 -j DENY ipchains -A input -p udp -d your.ip.add.ress 25 -i ppp0 -j DENY ipchains -A input -p udp -d your.ip.add.ress 80 -i ppp0 -j DENY ipchains -A input -p udp -d your.ip.add.ress 139 -i ppp0 -j DENY or you could just block all ports < 1024 with: ipchains -A input -p tcp -d your.ip.add.ress :1023 -i ppp0 -j DENY ipchains -A input -p udp -d your.ip.add.ress :1023 -i ppp0 -j DENY In each of these cases, ppp0 is your internet facing interface. I think this should work with masq, because the packets get forwarded to an *interface*, but it may not. In that case, you may have to add in an -s ! your.internal.net.address/your.internal.net.mask after the -d your.ip.add.ress XX part of the command. If you need any clarification, feel free to give me a shout, but the above is all I can come up with with the limited info given. I could also show you part of my script. And if anyone spots that I'm way of the mark here (I could be), make sure you speak up - I think firewalling is a *very* importent and serious matter! Hope that helps, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, 25 Nov 1999, Rogier Maas wrote: rm> Hi, rm> rm> I have the excact same configuration at home. Here's what I did: rm> rm> (my private NIC is eth0, the public (Internet) NIC is eth1) rm> rm> echo 1 > /proc/sys/net/ipv4/ip_forward rm> ipchains -F rm> ipchains -A forward -j MASQ rm> ipchains -A input -d <IP of my eth1> 1-1024 -j DENY rm> rm> That's it. rm> rm> The only thing ipchains allows is pinging, therefore port 0 is open. The rm> rest is not accessable from the outside. rm> rm> It works for me, I usually got nuked and pinged often, now this is over, rm> since the box doesn't respond. rm> rm> I'm now searching for a way to specifiy eth1 in stead of the IP, because I rm> have another box dialing into a dynamic IP pool , so the IP number changes rm> every time I dial. rm> Why not try something like the following EXT_INT="eth0" # whichever you use IPADDR="`ifconfig ${EXT_INT} | grep 'inet addr' | awk '{print $2}' | sed -e 's/. then as your ipchain rules do like the following ipchains -A -i ${EXT_INT} input -d ${IPADDR} 1-1024 -j DENY rm> rm> -- S.Toms - tomas@primenet.com - New homepage coming soon SuSE Linux v6.2+ - Kernel 2.2.13 "Would you tell me, please, which way I ought to go from here?" "That depends a good deal on where you want to get to," said the Cat -- Lewis Carrol -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"S.Toms" wrote:
On Thu, 25 Nov 1999, Rogier Maas wrote:
rm> I'm now searching for a way to specifiy eth1 in stead of the IP, because I rm> have another box dialing into a dynamic IP pool , so the IP number changes rm> every time I dial.
Why not try something like the following
EXT_INT="eth0" # whichever you use IPADDR="`ifconfig ${EXT_INT} | grep 'inet addr' | awk '{print $2}' | sed -e 's/.
then as your ipchain rules do like the following
ipchains -A -i ${EXT_INT} input -d ${IPADDR} 1-1024 -j DENY
My problem still remains: how do I tell Linux my IP addy has changed? Does he smell it? When my users ping or do anything that has to go out, it dials in. Is there some script it calls where I can do the ipchains-thingy? Thanks, Rogier -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, 25 Nov 1999, Rogier Maas wrote: rm> "S.Toms" wrote: rm> > rm> > On Thu, 25 Nov 1999, Rogier Maas wrote: rm> > rm> > rm> I'm now searching for a way to specifiy eth1 in stead of the IP, because I rm> > rm> have another box dialing into a dynamic IP pool , so the IP number changes rm> > rm> every time I dial. rm> > rm> > Why not try something like the following rm> > rm> > EXT_INT="eth0" # whichever you use rm> > IPADDR="`ifconfig ${EXT_INT} | grep 'inet addr' | awk '{print $2}' | sed -e 's/. rm> > rm> > then as your ipchain rules do like the following rm> > rm> > ipchains -A -i ${EXT_INT} input -d ${IPADDR} 1-1024 -j DENY rm> > rm> rm> My problem still remains: how do I tell Linux my IP addy has changed? rm> Does he smell it? rm> Your IP only changes when you make a new connection. So the above will check with ifconfig, what IP eth0 has at the time it goes to set your rules with ipchains. What you need to do is add the two first lines to your firewall rules file. Then figure a way to have it called when your system makes a connection. Similarly to the way ipup and ipdown work. If you were looking for a way to have your rules updated with whichever IP eth0 currently has, I don't believe thats possible, you would have to delete the rules, then reapply them. SO, since thats the case, the above should do what you want. rm> When my users ping or do anything that has to go out, it dials in. Is rm> there some script it calls where I can do the ipchains-thingy? rm> rm> Thanks, rm> rm> Rogier rm> rm> -- S.Toms - tomas@primenet.com - New homepage coming soon SuSE Linux v6.2+ - Kernel 2.2.13 Honk if you hate bumper stickers that say "Honk if ..." -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Rogier Maas said:
"S.Toms" wrote:
On Thu, 25 Nov 1999, Rogier Maas wrote:
rm> I'm now searching for a way to specifiy eth1 in stead of the IP, because I rm> have another box dialing into a dynamic IP pool , so the IP number changes rm> every time I dial.
Why not try something like the following
EXT_INT="eth0" # whichever you use IPADDR="`ifconfig ${EXT_INT} | grep 'inet addr' | awk '{print $2}' | sed -e 's/.
then as your ipchain rules do like the following
ipchains -A -i ${EXT_INT} input -d ${IPADDR} 1-1024 -j DENY
My problem still remains: how do I tell Linux my IP addy has changed? Does he smell it?
When my users ping or do anything that has to go out, it dials in. Is there some script it calls where I can do the ipchains-thingy?
If you're using pppd, /etc/ppp/ip-up A program or script which is executed when the link is available for sending and receiving IP packets (that is, IPCP has come up). It is executed with the parameters interface-name tty-device speed local-IP-address remote-IP-address ipparam /etc/ppp/ip-down A program or script which is executed when the link is no longer available for sending and receiving IP packets. This script can be used for undoing the effects of the /etc/ppp/ip-up script. It is invoked in the same manner and with the same param eters as the ip-up script. (from the pppd man page) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi. At 21:47 on 24 Nov 99, jfondow begun to yabber about "[SLE] ports open / help" Date sent: Wed, 24 Nov 1999 21:47:59 -0500 From: jfondow <jfondow@sprintmail.com> To: suse-e <suse-linux-e@suse.com> Subject: [SLE] ports open / help
I just noticed that I have ports 25(smtp), 80 and 139 (NetBIOS) open and I need to close them. I am running a SuSE box to connect to the internet (dial-up) and it is running ip-masq to serve the connection to the rest of the house. This same machine also works my NFS, Samba and printing. I hate to do much to it, because it has been up for 130 days w/o a single problem (2 windoz boxes and a SuSE workstation are connected to it). What do I need to do to make this machine tighter on security. I thought I had ip-chains configured correctly, but I must be wrong. Here is the url that detected the open ports: http://www.grc.com/default.htm. Any and all help/ideas would be greatly appreciated. TIA.
Just make sure that any daemons that listen on that port (sendmail, pop, etc) are not running, and that lines from /etc/inetd.conf have been commented out or removed. Cya Matthew -------------------------------------------------- Matthew King: Sys Admin, Quakers Hill High School. My ICQ#: 2342475 Message me! -------------------------------------------------- -------------------------------------------------- Cellular Phone: +61 415 257 516 E-Mail: noodle@penguinpowered.com Homepage: http://www.penguinpowered.com/~noodle/ -------------------------------------------------- --------------------------------------------------------------------------- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GM/S d(-)@ s(-):(+) a--- C++++(+++) U P(+) L(+) E? W++>+++ N++ o? K++ w !O- M--(-) !V- PS PE Y(+) !PGP t+++ 5+++(++) X+ R+++ tv++ b+++ DI+ D G++ e h+ r-->+++ y ------END GEEK CODE BLOCK------ --------------------------------------------------------------------------- -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Can any-one help please. I installed 6.2 on Inspiron 7000 Ok, came to install star office, seemed to go Ok, then ran star office and got message saying 'this installation is out of date please re-install", so like a good little boy I uninstalled and then reinstalled. Low and behols I get the same message. I cannot find a way roun the message (doing anything to it closes star office, which seemed to load up fine). My problem is that I have received several spreadsheets and need to look at them soon. Many thanks in hope. Francesco -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Francesco Scaglioni wrote:
Can any-one help please. I installed 6.2 on Inspiron 7000 Ok, came to install star office, seemed to go Ok, then ran star office and got message saying 'this installation is out of date please re-install", so like a good little boy I uninstalled and then reinstalled. Low and behols I get the same message. I cannot find a way roun the message (doing anything to it closes star office, which seemed to load up fine). My problem is that I have received several spreadsheets and need to look at them soon. Many thanks in hope.
Francesco, I know you have installed and reinstalled this program several times, but did you delete this file when you did? .sversionrc This file is created in the home directory of the user that you install the software for .. yourself or someone else. StarOffice sees this file and if it doesn't like the dates or something else within this file then this could be the cause of your problem. Delete the file and start over ... and if this doesn't work you could either download the 5.1a version from Sun or order it as I did for $10 + Shipping .. it has an added function of telling it that you are a registered user already and there for it will never ask you to register it. I hope this helps. laters, -- Ben Rosenberg mailto:ben@whack.org -------------------------- DOJ's real answer to M$: 'stop+a then boot -r' -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (8)
-
ben@whack.org -
chris.reeves@iname.com -
fgs@epulse.net -
icarus@guldennet.nl -
jfondow@sprintmail.com -
jmgrant@primenet.com -
noodle@penguinpowered.com -
tomas@primenet.com