Date: Sat, 14 Feb 2004 11:26:43 -0500 From: "JJB" <Barbish3@adelphia.net> To: <ecrist@adtechintegrated.com>, "FreeBSD questions List" <freebsd-questions@freebsd.org> Subject: RE: Running processes... Message-ID: <MIEPLLIBMLEEABPDBIEGIEBFFLAA.Barbish3@adelphia.net> In-Reply-To: <200402140643.12904.ecrist@adtechintegrated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This port map is only showing you what ports are open to accept start requests from the public internet. Looks like you are using IPFW with stateless rules which just provides an very basic level of security. Use stateful rules with 'out' and 'via' keywords to separate your firewall into out bound control where you allow all these ports listed below out to the public internet. Then for the inbound side use stateful rules with 'in' and 'via' keywords allowing in only the ports that you have servers running on. That will close all those listed ports to inbound availability. If you have LAN behind your gateway and using ipfw with divert rule legacy sub-routine call to userland Natd then stateful rules do not work because of legacy bug in basic concept design of this process. Use IPFILTER, it's stateful rules work in Nated environment and as such provides an much highter level of security than IPFW can provide in an Nated environment. I have IPFILTER sample rule set if you are interested. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Eric F Crist Sent: Saturday, February 14, 2004 7:43 AM To: FreeBSD questions List Subject: Running processes... Hello list, Which of the processes can I safely block from the internet via ipfw? Here's an nmap output from one of my servers. I would really like to tame this down: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-02-14 06:41 CST Interesting ports on localhost (127.0.0.1): (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 443/tcp open https 587/tcp open submission 783/tcp open hp-alarm-mgr 3306/tcp open mysql 6667/tcp open irc 6668/tcp open irc 9999/tcp open abyss Nmap run completed -- 1 IP address (1 host up) scanned in 9.730 seconds Port 9999 is an irc port for server connections, for anyone who's wondering what that's doing there. I mainly need to get rid of 783, 587. What are those anyways? Also, what's the name of that app that basically makes all ports appear open and logs connection attempts? Thanks. -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEBFFLAA.Barbish3>