You should test it from outside the firewall, instead of from behind it. That will give you the REAL idea of what the world can see of your system. I can see all kinds of ports open from behind my firewall, but almost nothing from outside it. JEFFREY WIMMER ----- Original Message ----- From: "Staven Bruce" <Staven.Bruce@xxxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Wednesday, October 08, 2003 3:57 PM Subject: RE: Open TCP & UDP Ports > Thanks for the suggestions Edward and Reuben. > > I should explain a little more and say my server is behind a Cisco PIX > firewall, and that only port 25 and 80 are open to the outside world. But I > was thinking that I should have everything locked down tight on the box as > well, just in case. Am I being paranoid? > > > > om: Edward Croft [mailto:ecroft@xxxxxxxxxxxxxxx] > Sent: Wednesday, October 08, 2003 12:25 PM > To: Red Hat List > Subject: Re: Open TCP & UDP Ports > > On Wed, 2003-10-08 at 15:11, Staven Bruce wrote: > > I have a RedHat 8.0 box running Apache and Mailman. I am trying to make > sure > > it is locked down. When I run a port scan with nmap, I find the following > > TCP ports open: > > > > 25 -- Mail > > 80 -- WWW > > 111 -- SUN RPC > > 443 -- SSL > > 515 -- spooler > > 6000 -- X Windows > > 32768 -- Filenet > > > > Now, I know I need 80 and 25 open, but can't I just close the rest? How do > I > > close a specific port within the RedHat OS? > > > > One last question, the port scan also returns 81 UDP ports as open or not > > answering, should I close these as well? > > > > I would appreciate any info..... > > > I always err on the conservative side. You can use lokkit and set the > level to high, then tab to customize and open up the ports you need from > there. Then click okay. This should lock down the ports. > Of course others may have other ideas and there are other firewall > tools. I just figured you needed quick and dirty. For more flexible and > configurable, you might try gShield. It has worked for me. > Ed > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
