Topic: Closing ports

[RRX]

the following unwanted ports are open to the internet:

25 SMTP
113 IDENT
443 HTTPS

Is there a possibility to close them??? I don't usewebmail, I don't use E-Smith as mail-server @all

[RRX]

Does no one has an solution?

[Adam Rykala]

Did you choose to install e-smith as a PRIVATE server and gateway?

Cause if you didn't, you needed to

Adam

[RRX]

no, because I do want to use the Webserver, and FTP server. is there no other way to close the ports?

[DJ_Ramjet99]

Install the service-control module  from the contributed RPMS, that should sort out what you need.

[Anthony V]

Had a look but can't seem to find the service-control module.
The contribs is divided by name of the person.
Can't tell which person....
Can you tell exactly what its is called / what folder it is in?

[Anthony V]

Ok.  I found the RPM by looking a little harder.
Installed ok.
But when I try and disable or enable a service the web browser
comes back saying the page could not be opened.
Looked in /var/log/httpd/admin_error_log

and I see:

services: Use of uninitialized value in string eq at /etc/e-smith/web/panels/manager/cgi-bin/services line 263.


Any hints?

[DJ_Ramjet99]

Hmmm,

Sorry Anthony. I did not have this happen to me but it sounds as if some of the permissions have stuffed up somewhere along the line so you MIGHT want to try these as root

chmod 550 /etc/e-smith/web/panels/
chmod 550 /etc/e-smith/web/functions/
chmod 550 /etc/e-smith/web/common/
chmod 755 /etc/e-smith/events/actions/

if that fails , try a reboot (works for WinDoze  )

If that fails try this one

chmod +s /etc/e-smith/web/functions/* ..

(note the two periods in the above line)

other than that, try

rpm -e (service-control-module rpm name)

and that will (or should) remove the module and leave you where you were. Hope at least one of these works for you as they have sorted out a few probs for me in the past.

[Kelvin Lee]

I have seen others post this before with no replies. I wonder why......

Anyway, being a newbie myself, I thought I'd jump in feet first and see where I landed and here's what I've come across.

In the directory :

/etc/e-smith/templates/etc/rc.d/init.d/masq

are the templates used to configure the IPChains.
By experimenting, I found that the 45Allowxxxxx templates controls what is allowed through the firewall.

If you only want to close the port from the EXTERNAL interface, edit the 45AllowFTP template. Look for the line :

/sbin/ipchains --append input -p tcp -s 0/0 -d $OUTERNET 21 -j ACCEPT

Just change ACCEPT to DENY and save the file. Repeat for 45AllowHTTPS and any others you want to close. Then you need to activate the changes. I don't remember the expand template commands, I usually just use the e-smith-manager, go to Remote Access and click Save.

I don't know if it is possible to close the IDENT port without affecting the services you still want to run. If anyone can confirm one way or the other, I'd appreciate it.

Feel free to comment / correct this. Other newbies like me would like the opportunity to learn more.

Kelvin