Solved

Firewall rules for ports running CentOS 5

Posted on 2010-09-21
13
1,054 Views
Last Modified: 2013-11-08
I need to configure my firewall (rules) for my server.
I am having trouble setting the rule for the port(s) used for BIND or any DNS service.
Which ports should be open or "listening"?

Also, from the port scan below, does anyone see something that should be closed?

Thanks,


Port scan of my server:

Open TCP Port:       21                 ftp
Open TCP Port:       22                 ssh
Open TCP Port:       53                 domain
Open TCP Port:       80                 http
Open TCP Port:       106                3com-tsmux
Open TCP Port:       110                pop3
Open TCP Port:       143                imap
Open TCP Port:       443                https
Open TCP Port:       465                urd
Open TCP Port:       587                submission
Open TCP Port:       993                imaps
Open TCP Port:       995                pop3s
Open TCP Port:       3306               mysql
Open TCP Port:       8443               pcsync-https
Open TCP Port:       8880               cddbp-alt
0
Comment
Question by:JordoRocko
  • 5
  • 3
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:tlovie
ID: 33731108
I think that bind may want port 53 UDP open as well, depending on how it is configured.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33731529
HI,
If i am not wrong you want open this port for public ip right?


#accept inbound connentions from the outside
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#allow port 25 connections that entered to go through the NAT and be processed by the local SMTP daemon.
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731815
If you want to enable DNS serice from your server to outside world, allow only DNS service on TCP/UDP port 53. Rest all ports can be blocked to the internet from the server.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 15

Accepted Solution

by:
Insoftservice earned 500 total points
ID: 33731889
Hi @ujitnos

i think @JordoRocko wants to on its all port for outside world i.e he might be required it for sendmail, sms gateway,web hosting and so on.
So, i don't think so only making port 53 on will do .please correct me if i am wrong.
We should provide him the link which would let him know which port would be used to which what u say

http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447
http://www.cyberciti.biz/tips/linux-iptables-13-how-to-allowopen-imap-serverprotocol.html
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731931
yes, it will be better if JordoRocko  can be more clear about the requirement, rather than we assuming the requirement.
0
 

Author Comment

by:JordoRocko
ID: 33731974
Thanks to all for your replies...
@ujitnos your first link has the answers  I needed.
http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447

Thanks
0
 

Author Closing Comment

by:JordoRocko
ID: 33731981
Solved
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33732016
JordoRocko, it was insoftservice who posted the link.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33732168
Hi,

@ujitnos thx for ur last comment regarding posted link.
@JordoRocko please do the need full.
0
 

Author Comment

by:JordoRocko
ID: 33738165
Sorry insoftservice is the one that answered my question.
http://www.experts-exchange.com/Q_26491474.html

Sorry for the confusion.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33755824
HI @jordoRocko,

Please do the need full.
I can understand it was done by mistake.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33820728
HI @jordoRocko,

May i know whats the issue in the question and why its still not been resolved.

@SouthMod please let me know what's the issue in the delay.

Sorry to state rude statement if any.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating a Samba server for a small office. Ubuntu Linux and Samba can breathe new life into a retired PC and save an office money on new hardware/software. Our example server will have two hard disks, one exclusively for storing shared data. …
After running Ubuntu some time, you will be asked to download updates for fixing bugs and security updates. All the packages you download replace the previous ones, except for the kernel, also called "linux-image". This is due to the fact that w…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question