Server Administration
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsOther TechnologiesServer Administration

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old April 15th, 2003, 10:22 AM
Lars Jensen Lars Jensen is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Kobe, Japan
Posts: 27 Lars Jensen User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Dedicated - blocking ports

I am about to switch from my cradle shared-hosting to my very own 2u rackmounted baby of which I plan to install a FreeBSD 4.7/8 or 5.0. I have a few running locally behind a linksys natrouter/firewall thingy. Hosting it in datacenter, I dont think the small linksys will survive.

I am looking into docs, how to block inbound communication on almost all ports except 80, ftp and ssh. I am looking into weather I need to install firewall software or maybe other solution...

Any words of wizdom welcome... I am going through some tutorials but most seem for early BSD versions and not current. Got to be plenty out there who has been where I am now

/ LJ

Reply With Quote
  #2  
Old April 16th, 2003, 02:41 AM
postalcow postalcow is offline
Codewalkers Beginner (1000 - 1499 posts)
 
Join Date: Apr 2007
Location: Ford CIty, PA USA
Posts: 1,267 postalcow User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 4
Send a message via Yahoo to postalcow
RE: Dedicated - blocking ports

One of the esiest ways to do it is by the /etc/host.allow and the /etc/hosts.deny files. You can deny from all the let in what and who you want for each service

Reply With Quote
  #3  
Old April 16th, 2003, 03:09 AM
Lars Jensen Lars Jensen is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Kobe, Japan
Posts: 27 Lars Jensen User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
RE: Dedicated - blocking ports

oho, thanks for that... I was looking into like ipchains ect.

/ LJ
PS. that's a mad looking cow you got ya there ;)

Reply With Quote
  #4  
Old April 16th, 2003, 12:09 PM
postalcow postalcow is offline
Codewalkers Beginner (1000 - 1499 posts)
 
Join Date: Apr 2007
Location: Ford CIty, PA USA
Posts: 1,267 postalcow User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 4
Send a message via Yahoo to postalcow
RE: Dedicated - blocking ports

Read into the IPchains. I'll help you where you get stuck. Its pretty easy. Also turn off any services you don't need.

You Lika Da Cow Eh?

Reply With Quote
  #5  
Old April 17th, 2003, 10:25 PM
marcel marcel is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Nieuw Vennep ,Netherlands
Posts: 108 marcel User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 3
RE: Dedicated - blocking ports

use netstat to check for services listening on your server and kill them if you don't need them ;)

netstat -nap|less

look into "man netstat" to get some details on what you see ;)

after that still read the iptables docs. building a secure server is 1% good programs and the othe 99% is the administrator that has to know what he is doing....

Reply With Quote
  #6  
Old April 18th, 2003, 12:25 AM
Lars Jensen Lars Jensen is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Kobe, Japan
Posts: 27 Lars Jensen User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
RE: Dedicated - blocking ports

netstat to look for what ports it listen on. What I wanted is more blocking ports as done by firewall - example so someone probing my ports wouldnt get a reply (and know the server was there) and same time use it as first level of security, to open only http, ftp and ssh - block all other ports...

Btw. tried your commands on a FreeBSD 5.0 Tiny, it gives :
copernicus# netstat -nap | less
netstat: option requires an argument -- p
usage: netstat [-AaLnSW] [-f protocol_family | -p protocol]
[-M core] [-N system]
netstat -i | -I interface [-abdnt] [-f address_family]
[-M core] [-N system]
netstat -w wait [-I interface] [-d] [-M core] [-N system]
netstat -s [-s] [-z] [-f protocol_family | -p protocol] [-M core]
netstat -i | -I interface -s [-f protocol_family | -p protocol]
[-M core] [-N system]
netstat -m [-M core] [-N system]
netstat -r [-AanW] [-f address_family] [-M core] [-N system]
netstat -rs [-s] [-M core] [-N system]
netstat -g [-W] [-f address_family] [-M core] [-N system]
netstat -gs [-s] [-f address_family] [-M core] [-N system]


copernicus# man netstat
No manual entry for netstat

Reply With Quote
  #7  
Old April 18th, 2003, 12:41 AM
postalcow postalcow is offline
Codewalkers Beginner (1000 - 1499 posts)
 
Join Date: Apr 2007
Location: Ford CIty, PA USA
Posts: 1,267 postalcow User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 4
Send a message via Yahoo to postalcow
RE: Dedicated - blocking ports

Then do what I am saying. set your hosts.allow for what you want to let in and set your hosts deny file to ALL :ALL. That is a good day to get what you want done. DO you want me to give you examples of doing it this way????

Reply With Quote
  #8  
Old April 18th, 2003, 12:50 AM
Lars Jensen Lars Jensen is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Kobe, Japan
Posts: 27 Lars Jensen User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
RE: Dedicated - blocking ports

Hi Postal,

No need for examples ;) but thx... Pointers welcome as you've given me so far - but got to learn some for myself also. Else I will never pass the current state of knowledge ;)


Marcel,
This seems to do the trick
netstat -na | grep LISTEN

It shows I am unwantedly listening on port 25 (smtp) - this server will always be sending mail out - got other to handle incoming. And I got mySQL listening on port 3306 of which I got no use either. No need to provide them the option to go directly into the base

Reply With Quote
Reply

Viewing: Codewalkers ForumsOther TechnologiesServer Administration > Dedicated - blocking ports


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.

Request Your Free Technology Downloads!
 
Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.

Request Your Free Technology Downloads!
 
Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.

Request Your Free Technology Downloads!
 
Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.

Request Your Free Technology Downloads!
 
Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.

Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek