JordoRocko
asked on
Firewall rules for ports running CentOS 5
I need to configure my firewall (rules) for my server.
I am having trouble setting the rule for the port(s) used for BIND or any DNS service.
Which ports should be open or "listening"?
Also, from the port scan below, does anyone see something that should be closed?
Thanks,
Port scan of my server:
Open TCP Port: 21 ftp
Open TCP Port: 22 ssh
Open TCP Port: 53 domain
Open TCP Port: 80 http
Open TCP Port: 106 3com-tsmux
Open TCP Port: 110 pop3
Open TCP Port: 143 imap
Open TCP Port: 443 https
Open TCP Port: 465 urd
Open TCP Port: 587 submission
Open TCP Port: 993 imaps
Open TCP Port: 995 pop3s
Open TCP Port: 3306 mysql
Open TCP Port: 8443 pcsync-https
Open TCP Port: 8880 cddbp-alt
I am having trouble setting the rule for the port(s) used for BIND or any DNS service.
Which ports should be open or "listening"?
Also, from the port scan below, does anyone see something that should be closed?
Thanks,
Port scan of my server:
Open TCP Port: 21 ftp
Open TCP Port: 22 ssh
Open TCP Port: 53 domain
Open TCP Port: 80 http
Open TCP Port: 106 3com-tsmux
Open TCP Port: 110 pop3
Open TCP Port: 143 imap
Open TCP Port: 443 https
Open TCP Port: 465 urd
Open TCP Port: 587 submission
Open TCP Port: 993 imaps
Open TCP Port: 995 pop3s
Open TCP Port: 3306 mysql
Open TCP Port: 8443 pcsync-https
Open TCP Port: 8880 cddbp-alt
I think that bind may want port 53 UDP open as well, depending on how it is configured.
HI,
If i am not wrong you want open this port for public ip right?
#accept inbound connentions from the outside
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#allow port 25 connections that entered to go through the NAT and be processed by the local SMTP daemon.
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
If i am not wrong you want open this port for public ip right?
#accept inbound connentions from the outside
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#allow port 25 connections that entered to go through the NAT and be processed by the local SMTP daemon.
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
If you want to enable DNS serice from your server to outside world, allow only DNS service on TCP/UDP port 53. Rest all ports can be blocked to the internet from the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes, it will be better if JordoRocko can be more clear about the requirement, rather than we assuming the requirement.
ASKER
Thanks to all for your replies...
@ujitnos your first link has the answers I needed.
http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447
Thanks
@ujitnos your first link has the answers I needed.
http://blogs.techrepublic.com.com/security/?p=443&tag=leftCol;post-447
Thanks
ASKER
Solved
JordoRocko, it was insoftservice who posted the link.
Hi,
@ujitnos thx for ur last comment regarding posted link.
@JordoRocko please do the need full.
@ujitnos thx for ur last comment regarding posted link.
@JordoRocko please do the need full.
ASKER
Sorry insoftservice is the one that answered my question.
https://www.experts-exchange.com/questions/26491474/28-Sep-10-08-Automated-Request-for-Attention-Q-26490352.html
Sorry for the confusion.
https://www.experts-exchange.com/questions/26491474/28-Sep-10-08-Automated-Request-for-Attention-Q-26490352.html
Sorry for the confusion.
HI @jordoRocko,
Please do the need full.
I can understand it was done by mistake.
Please do the need full.
I can understand it was done by mistake.
HI @jordoRocko,
May i know whats the issue in the question and why its still not been resolved.
@SouthMod please let me know what's the issue in the delay.
Sorry to state rude statement if any.
May i know whats the issue in the question and why its still not been resolved.
@SouthMod please let me know what's the issue in the delay.
Sorry to state rude statement if any.