that was great info, but i do not need to masq any ips, i just need to limit the ports being open, i have edited inetd.conf, but there were some ports not listed in there. here is a port scan on my box,
[EMAIL PROTECTED] mearls]# nmap -sS -sU vermeer Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Interesting ports on vermeer.michaelearls.com (207.86.78.22): (The 3092 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 69/udp filtered tftp 80/tcp open http 111/tcp open sunrpc 111/udp open sunrpc 138/udp open netbios-dgm 515/tcp open printer 517/udp open talk 1024/tcp open kdm 1025/udp open blackjack 1026/udp open unknown Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds from port 111 to 1026. I only need the first ones open, does your ipchain script do that without trying to masq or what do i need to change to fix that. Thanks for your time michael -----Original Message----- From: Osamu Aoki [mailto:[EMAIL PROTECTED] Behalf Of Osamu Aoki Sent: Sunday, April 29, 2001 2:05 AM To: Michael Earls Cc: [email protected] Subject: Re: closeing open ports On Sun, Apr 29, 2001 at 01:38:33AM -0700, Michael Earls wrote: > What is a good starting point / reference point on ipchains. I have it > installedx but not config. Is there a file that i can edit for ipchains? > > I only need 21 ftp 22 ssh 25 smtp 80 http You may want to open auth too. Closing service can be done by /etc/inetd and update-rc.d but for your purpose installing ipchain based firewall may be better. If this is gateway machine, you want to install ipmasq package. To close service, by ipchain, follow http://bugs.debian.org/87499 The script attached is actually for potato ipmasq. My quick reference site has same info. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/ +
