Many thanks to both Kevin & Leif for the help on this one. So it looks like iptables do the job very well with the bastille-firewall config.
I realise the originating mail was a bit confusing, but I was using the system in a non-standard setup. It also looks as if using nmap from within a system can produce some erroneous results again thanks Richard Kevin wrote: > > On Wednesday 31 October 2001 7:19 am, you wrote: > > Hi all , me again ! > > I just remotely loggged into my machine at home going in sorta via the > > back door. > > I'l briefly explain, I hav'nt been able to get prerouting with dnat > > functioning properly yet. > > I have 2 ether ports, 1 on a cable modem the other to a local network. > > I have 2 ports which xinetd redirects to a nother machine on the local > > network. > > So I've just telneted back in the machine from the local network, which > > from the bastille-netfilter.cfg script should only have 5 ports open > > from that side. > > I've run nmap and it reports 15 ports open, but not the 2 ports I let > > xinetd redirect from. ! ? > > However, I've tried telnetting to all of the ports listed that I hav'nt > > listed in bastille-netfilter and they all time out, this would suggest > > that they are correctly set to > > DROP the incoming packet. > > > > Which has priority in the system iptables or xinetd ? > > the open ports are listed as 111,139,631,870,901,3128,6000,32770, there > > are 2 for obvious reasons I'm not happy as being reported open.. > > > > I'm inclined to believe the bastill-netfilter.cfg file, but curious as > > to why the difference. > > > > Your email is a little confusing to me, however I can try and help clear up > your xinetd -> iptables question. With bastille running, everything will be > filtered through your Bastille config file first. If Bastille allows it to > pass, then xinetd will handle it. > > If you have Bastille setup to redirect, and xinetd on the same machine to > redirect the same port, Bastille will redirect it and xinetd won't see it. > > /------\ | | | | > | Internet | -> | Bastille | -> | Xinetd | > \------/ | | | | > > HTH, > > Kevin > > ------------------------------------------------------------------------ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Richard Bown Ericsson Microwave Systems AB SE-431 84 M�lndal e-mail [EMAIL PROTECTED] tel +46 31 74 72422 mobile +46 7098 72422
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
