[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipchains

To: Linux Users Club of IL <luci-discuss@luci.org>
Subject: Re: ipchains
From: Charles Menzes <charles@lunarmedia.net>
Date: Tue, 11 Apr 2000 08:58:54 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.10.10004110703020.17376-100000@cloud233.cloudmaster.com>
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org


Well, for the home machine, there is no masquerading. It is a single NIC
connecting to a switched segment with a cable modem for upstream access. I
will try the netstat option you suggested. Until now, I have been running:
	netstat -na | grep -i listen
	netstat -na | grep -i udp
I did use lsof to find what applications were using some of the higher
port numbers that did not look familiar. As I mentioned, I blocked access
for X from the outside. I dropped running Gnome since it seemed to open a
load of ports that I was unaware it would be using. Anyone have a good
description of what it uses the higher ports for?

cjm

________________________
Lunar Media Incorporated
what a wicked web we weave
http://www.lunarmedia.net
1 . 8 0 0 . 2 5 2 . 8 2 2 1  

On Tue, 11 Apr 2000, Cloudmaster wrote:

> 
> On Tue, 11 Apr 2000, Charles Menzes wrote:
> > I just recently finished setting up ipchains on both a test server as well
> > as my home machine. I would like to get fairly strict for the server
> > platform, which should not be very difficult, however for home use I have
> > a question about what implications there would be by allowing free range
> > in and out for ports above 1024. I am running X, so I did add a deny for
> > any incoming packets to 6000:6063, but other than that, its pretty much
> > free game. I am not running nfs, however I do run gnapster and icqnix
> > which all use high ports for establishing sessions both as a client and
> > server. I could set up specific rulesets for each of these apps, but I was
> > curious to hear opinion on what ramifications there are from just allowing
> > ACCEPT in/out for >1024.
> 
> On the internal machines, run "netstat -nlt" for all tcp port the machine's
> listening on (similarly -nlu for udp and -nlw for raw sockets). See all the
> stuff under "local address"?  Look for ports greater than 1024.  you should
> be able to do something like "lsof -i :port" where you replace "port" with
> the port you're interested in.  That'll tell you what process(es) are
> listening on that port.  You may have to do it as root to get anything
> useful out of lsof...
> 
> Anyway, decide if you care about those ports being accessable from outside.
> If not, well, block access.  If you think there are users inside that might
> be adding programs that bind to a high port but you don't want them to,
> either remove that user or (if you're that user) block off the ports you're
> concerned about.  You can get a listing of common serices and their
> corresponding ports in /etc/services - that oughtta help some.  I personally
> wouldn't be terribly concerned, but then I masquerade everything and don't
> have non-trusted users, so I really don't have those problems (although
> there are others).
> 
> --Danny
> 
> 
> --
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 


--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: ipchains
  - From: Cloudmaster <sauer@cloudmaster.com>

Prev by Date: Re: Debian and Slackware
Next by Date: Command Performance.
Prev by thread: Re: ipchains
Next by thread: Command Performance.
Index(es):
- Date
- Thread