Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Mike on June 18, 2003, 05:36:01 PM

Title: Closing Ports on SME 5.6
Post by: Mike on June 18, 2003, 05:36:01 PM

How do I close the ports for PING and TELNET on SME 5.6 all other ports indicate Stealth except HTTP which is seen as Open.

Title: Re: Closing Ports on SME 5.6
Post by: Klaus Eckert on June 18, 2003, 07:27:34 PM

there is a contrib that does that job.
search in the forum for "port opening".

cheers
klaus

Title: Re: Closing Ports on SME 5.6
Post by: Charlie Brady on June 18, 2003, 10:50:37 PM

Klaus Eckert wrote:

> there is a contrib that does that job.
> search in the forum for "port opening".

No, the "port opening" contrib does not do this. It isn't very useful. Don't use it. If you need a port open for an application, use a simple custom template instead, or better yet, make an distribute an interface RPM which supports the application.

http://www.e-smith.org/docs/howto/howto_modify_e-smith_interface_rpm.php3

Charlie

Title: Re: Closing Ports on SME 5.6
Post by: Nathan Fowler on June 19, 2003, 09:43:10 PM

Use ipchains to close the ports, if you want the rules to be persistent on reboot, append them to the end of /etc/rc.d/rc.local

To deny ICMP:
/sbin/ipchains -A input -p icmp --icmp-type echo-request -d -i [extern interface] -j DENY

To deny TELNET:
I would recommend you set it to Private from the E-smith manager.  Then add:
/sbin/ipchains -A input -p tcp --dport 23 -d /32 -j DENY

Title: Re: Closing Ports on SME 5.6
Post by: Mike on June 21, 2003, 08:18:21 PM

Have managed to close Telnet Port 23 on SME 5.6 but "PING" does not appear to use a port? Have I missed something here? How does one stop the server from responding to PING?

Title: Re: Closing Ports on SME 5.6
Post by: phillip ramirez on June 23, 2003, 12:13:35 AM

look up icmp port.

Title: Re: Closing Ports on SME 5.6
Post by: Charlie Brady on June 23, 2003, 01:28:16 AM

Mike wrote:

> Have managed to close Telnet Port 23 on SME 5.6

Telnet is denied by default. If you have enabled telnet, disable it or set it to private (if you must), and the port will be closed.

Charlie

Title: Re: Closing Ports on SME 5.6
Post by: Mike on June 23, 2003, 12:01:06 PM

Interesting comment about Telnet being closed by default. An external port scan from Symantec on a fresh install of SME 5.6 showed it as Open?

Thankyou all for your comments, much appreciated.

Title: Re: Closing Ports on SME 5.6
Post by: Charlie Brady on June 23, 2003, 06:32:43 PM

Mike wrote:

> Interesting comment about Telnet being closed by default. An
> external port scan from Symantec on a fresh install of SME
> 5.6 showed it as Open?

Any security concerns should be communicated directly (in detail) to smesecurity@mitel.com and any suspected bugs to smebugs@mitel.com.

Charlie

Title: Re: Closing Ports on SME 5.6
Post by: Joseph B on June 27, 2003, 09:06:53 PM

Hi, Nathan,

I appended ipchains rules to rc.local, as you suggest, to disable web access for some computers in the network (see http://forums.contribs.org/index.php?topic=17827.msg69746#msg69746), but the rules disappear after some time (during dialup ?)... Seems that the system re-initiates its own rules from time to time...

A solution ?

Thanks.

Joseph.

Title: Re: Closing Ports on SME 5.6
Post by: Joseph B on June 28, 2003, 02:49:39 PM

Many thanks to Nathan Fowler who gave me the solution to my problem.

(see http://www.e-smith.org/bboard//read.php?f=3&i=33358&t=33338)

Joseph.