Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Michael Roed on February 23, 2003, 05:02:49 PM

Title: How do I diable port 25 & 389???
Post by: Michael Roed on February 23, 2003, 05:02:49 PM

I need to disable ports 25 and 389!

How can I do that entirely???

Thanx,
Michael

Title: Re: How do I diable port 25 & 389???
Post by: Michael Roed on February 23, 2003, 05:43:42 PM

I use ver. 5.6 !

Title: Re: How do I diable port 25 & 389???
Post by: Sonny on February 23, 2003, 11:38:51 PM

trye seaching for a service control panel for the server-manager panel....
I know it is out there, but i can't remember where i have seen it :-(
With this pannel you have fuly control ower what system's/servers that runs on your system!

I wil trye to see if i can re-locate the rpm, and post the link here later!

Title: Re: How do I diable port 25 & 389???
Post by: jeroen on February 24, 2003, 01:27:06 AM

Sonny wrote:
>
> trye seaching for a service control panel for the
> server-manager panel....
> I know it is out there, but i can't remember where i have
> seen it :-(
> With this pannel you have fuly control ower what
> system's/servers that runs on your system!
>
> I wil trye to see if i can re-locate the rpm, and post the
> link here later!

Haven't seen that panel yet for 5.6.

jeroen

Title: Re: How do I diable port 25 & 389???
Post by: Michael Roed on February 25, 2003, 03:15:27 PM

I already got the service panel (it works fine for 5.6!) but I cant fully control which ports is in use on th E-smith.

I found out that I had to terminate the Qmail for port 25 to get free!!

/michael.

Title: Re: How do I diable port 25 & 389???
Post by: Nathan Fowler on February 25, 2003, 08:38:43 PM

You could use ipchains.  The best way would be to stop the services, but if you would rather leave them running, you can simply deny access to these ports.

/sbin/ipchains -A input -p tcp --dport 389 -j DENY
/sbin/ipchains -A input -p tcp --dport 25 -j DENY

If you just want to deny access on the external interface (assuming you're in server-gateway mode), then use:

/sbin/ipchains -A input -p tcp --dport 389 -j DENY -i ethX
/sbin/ipchains -A input -p tcp --dport 25 -j DENY -i ethX

Where X is the interface number, such as eth0, or eth1.

You could also deny access to these ports for everyone EXCEPT your local netmask, assuming your netmask is 192.168.0.0/24

/sbin/ipchains -A input -p tcp --source ! 192.168.0.0/24 --dport 389 -j DENY
/sbin/ipchains -A input -p tcp --source ! 192.168.0.0/24 --dport 25 -j DENY

Add these rules to the bottom of /etc/rc.d/rc.local if you want to execute them on reboot.

Nathan

Title: Re: How do I diable port 25 & 389???
Post by: Michael Roed on February 26, 2003, 10:27:57 AM

Thanx, Nathan!

That was just what I needed !!!  :-))

/Michael.

Title: Re: How do I diable port 25 & 389???
Post by: Nathan Fowler on February 26, 2003, 05:37:38 PM

Anytime, glad I could help.