On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote: > > Hello, > > I am configuring a computer as a firewall and ip-masquerading server. > Being on this adventure (it is my first time doing this), I have the > following questions: > > - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111) > and 'printer' (515) are open. I have not found these in inetd.conf and I > do not know how to turn these off. I have already tried removing sunrpc.o > from the modules, but the computer would not do that. What is this port > used for? > > - I have heard something about putting hosts who are portscanning you > automatically in hosts.deny, so that your computer is invisible for that > host. Where can I control that function (and put it on)? > > - any other things worth knowing about private firewall ip-masq servers? > > Thanks in advance! > Sebastiaan
There have already been some good suggestions on how to fix this. (Remove uneeded packages!) However, you can also use ipchains to specifically block these incoming ports. One machine I administer has this rule /sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT This allows incoming traffic that has the SYN flag on (I.e. incoming, trying to establish a new connection) to work only on ports 20 through 80. Even on a well-administered firewall, this kind of rule can protect you from accidently installing something that exposes you to additional risk. And on a firewall which has software on it that your client insists on, it can really reduce your exposure! > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >
