> > >>> jessem@xxxxxxxxxxxxxxxx 10/20/03 04:00PM >>> > > > > I've been having some trouble opening and closing ports. Basically, I > > want to close of all ports except 22 for ssh and 3 other ports to do > > some testing with openmosix. No matter what I do though, the ports > > that > > I want open stay closed and the ports that I want closed are open. > > (Mostly) > > > > Port State Service > > 22/tcp open ssh > > 25/tcp open smtp > > 111/tcp open sunrpc > > 139/tcp open netbios-ssn > > 505/tcp open mailbox-lm > > 631/tcp open ipp > > 885/tcp open unknown > > 4660/tcp open unknown > > 6000/tcp open X11 > > 9158/tcp open unknown > > 10000/tcp open snet-sensor-mgmt > > 32768/tcp open unknown > > 32769/tcp open unknown > > 32770/tcp open sometimes-rpc3 > > > > Looks like I don't even have a firewall activated. > > redhat-config-securitylevel is set to medium. If I change it to hight > > the same ports are open. Trusted device is set to my network card > > (eth0) > > nothing is checked except ssh and dhcp. Like I said above, I want a > > couple other ports for open openmosix but, I have not "other ports" > > section using redhat-config-securitylevel. > > > > Other notes, I have iptables service enabled. It starts at boot. Also, > > I > > have tried to use iptables directly i.e iptables -A INPUT -p tcp ... > > etc. Still nothing. I may be way off base, but in case it helps, here is what pops into my head upon reading this thread: How did you generate that list of open ports? It occurs to me that you might actually have iptables working just fine... A service or program can be listening on a port, even while a firewall is blocking access to that port. It is like having an earplug in your ear... The ear is still listening, but the sounds are prevented from reaching it. There may be a default firewall rule that will allow all loopback traffic through, while blocking remote hosts. So unless you are generating the list of open ports using a remote scan, you might not know what's really open or closed to the outside world. A complementary approach to using a firewall is to disable unneeded services. So for instance, you could do something like "service sendmail stop" and "chkconfig --level 2345 sendmail off" to close the smtp port. "lsof -i" and "netstat -lp" (and others) might help determine what service daemon or application is using each port; with that you can usually disable or reconfigure them to be less open. As someone else said, setting an interface as "trusted" effectively turns off the firewall for that interface, not usually the desired result unless you have a multi-homed system where one interface is on a local trusted network and the other is to the big bad world. You probably want eth0 to be untrusted, else you wouldn't bother creating firewall rules for it... Or maybe I missed some piece(s) of the puzzle... :-) Hope that helps. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
