Solved

Firewall rules for ports running CentOS 5

Posted on 2010-09-21
13
1,069 Views
Last Modified: 2013-11-08
I need to configure my firewall (rules) for my server.
I am having trouble setting the rule for the port(s) used for BIND or any DNS service.
Which ports should be open or "listening"?

Also, from the port scan below, does anyone see something that should be closed?

Thanks,


Port scan of my server:

Open TCP Port:       21                 ftp
Open TCP Port:       22                 ssh
Open TCP Port:       53                 domain
Open TCP Port:       80                 http
Open TCP Port:       106                3com-tsmux
Open TCP Port:       110                pop3
Open TCP Port:       143                imap
Open TCP Port:       443                https
Open TCP Port:       465                urd
Open TCP Port:       587                submission
Open TCP Port:       993                imaps
Open TCP Port:       995                pop3s
Open TCP Port:       3306               mysql
Open TCP Port:       8443               pcsync-https
Open TCP Port:       8880               cddbp-alt
0
Comment
Question by:JordoRocko
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:tlovie
ID: 33731108
I think that bind may want port 53 UDP open as well, depending on how it is configured.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33731529
HI,
If i am not wrong you want open this port for public ip right?


#accept inbound connentions from the outside
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#allow port 25 connections that entered to go through the NAT and be processed by the local SMTP daemon.
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731815
If you want to enable DNS serice from your server to outside world, allow only DNS service on TCP/UDP port 53. Rest all ports can be blocked to the internet from the server.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 15

Accepted Solution

by:
Insoftservice earned 500 total points
ID: 33731889
Hi @ujitnos

i think @JordoRocko wants to on its all port for outside world i.e he might be required it for sendmail, sms gateway,web hosting and so on.
So, i don't think so only making port 53 on will do .please correct me if i am wrong.
We should provide him the link which would let him know which port would be used to which what u say

http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447
http://www.cyberciti.biz/tips/linux-iptables-13-how-to-allowopen-imap-serverprotocol.html
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731931
yes, it will be better if JordoRocko  can be more clear about the requirement, rather than we assuming the requirement.
0
 

Author Comment

by:JordoRocko
ID: 33731974
Thanks to all for your replies...
@ujitnos your first link has the answers  I needed.
http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447

Thanks
0
 

Author Closing Comment

by:JordoRocko
ID: 33731981
Solved
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33732016
JordoRocko, it was insoftservice who posted the link.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33732168
Hi,

@ujitnos thx for ur last comment regarding posted link.
@JordoRocko please do the need full.
0
 

Author Comment

by:JordoRocko
ID: 33738165
Sorry insoftservice is the one that answered my question.
http://www.experts-exchange.com/Q_26491474.html

Sorry for the confusion.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33755824
HI @jordoRocko,

Please do the need full.
I can understand it was done by mistake.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33820728
HI @jordoRocko,

May i know whats the issue in the question and why its still not been resolved.

@SouthMod please let me know what's the issue in the delay.

Sorry to state rude statement if any.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you sitting there reading this and wondering how to get started with Linux? It almost seems like picking the right Linux distribution is about like picking the right college or buying a new car if you read some of the article out there. Relax… l…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question