Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

Firewall rules for ports running CentOS 5

I need to configure my firewall (rules) for my server.
I am having trouble setting the rule for the port(s) used for BIND or any DNS service.
Which ports should be open or "listening"?

Also, from the port scan below, does anyone see something that should be closed?

Thanks,


Port scan of my server:

Open TCP Port:       21                 ftp
Open TCP Port:       22                 ssh
Open TCP Port:       53                 domain
Open TCP Port:       80                 http
Open TCP Port:       106                3com-tsmux
Open TCP Port:       110                pop3
Open TCP Port:       143                imap
Open TCP Port:       443                https
Open TCP Port:       465                urd
Open TCP Port:       587                submission
Open TCP Port:       993                imaps
Open TCP Port:       995                pop3s
Open TCP Port:       3306               mysql
Open TCP Port:       8443               pcsync-https
Open TCP Port:       8880               cddbp-alt
0
JordoRocko
Asked:
JordoRocko
  • 5
  • 3
  • 3
  • +1
1 Solution
 
tlovieCommented:
I think that bind may want port 53 UDP open as well, depending on how it is configured.
0
 
InsoftserviceCommented:
HI,
If i am not wrong you want open this port for public ip right?


#accept inbound connentions from the outside
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#allow port 25 connections that entered to go through the NAT and be processed by the local SMTP daemon.
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
0
 
ujitnosCommented:
If you want to enable DNS serice from your server to outside world, allow only DNS service on TCP/UDP port 53. Rest all ports can be blocked to the internet from the server.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
InsoftserviceCommented:
Hi @ujitnos

i think @JordoRocko wants to on its all port for outside world i.e he might be required it for sendmail, sms gateway,web hosting and so on.
So, i don't think so only making port 53 on will do .please correct me if i am wrong.
We should provide him the link which would let him know which port would be used to which what u say

http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447
http://www.cyberciti.biz/tips/linux-iptables-13-how-to-allowopen-imap-serverprotocol.html
0
 
ujitnosCommented:
yes, it will be better if JordoRocko  can be more clear about the requirement, rather than we assuming the requirement.
0
 
JordoRockoAuthor Commented:
Thanks to all for your replies...
@ujitnos your first link has the answers  I needed.
http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447

Thanks
0
 
JordoRockoAuthor Commented:
Solved
0
 
ujitnosCommented:
JordoRocko, it was insoftservice who posted the link.
0
 
InsoftserviceCommented:
Hi,

@ujitnos thx for ur last comment regarding posted link.
@JordoRocko please do the need full.
0
 
JordoRockoAuthor Commented:
Sorry insoftservice is the one that answered my question.
http://www.experts-exchange.com/Q_26491474.html

Sorry for the confusion.
0
 
InsoftserviceCommented:
HI @jordoRocko,

Please do the need full.
I can understand it was done by mistake.
0
 
InsoftserviceCommented:
HI @jordoRocko,

May i know whats the issue in the question and why its still not been resolved.

@SouthMod please let me know what's the issue in the delay.

Sorry to state rude statement if any.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now