Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: AJB on December 25, 2003, 05:52:13 AM

Title: security - server only vs server/gateway mode?
Post by: AJB on December 25, 2003, 05:52:13 AM

Hi all,

quick question - I have a SME6.0b3 box directly connected to the net, i.e. it has one ethernet interface and that interface has a public IP.  Is there anything about the server being in server only mode (as it currently is) that will lead to an insecure setup here? Should it always be in server/gateway mode unless it's behind another firewall/NAT box?

I did an nmap run on the server in question - this is what i got and hence why i'm asking - things like port 53 and 139 being open are a little worrying.

As an aside - THANKS to all the people keeping this awesome project going, the best way i can help is with a donation, which i've just done. :-)

AJB

Title: Re: security - server only vs server/gateway mode?
Post by: AJB on December 25, 2003, 05:59:37 AM

Might be helpful if i post the results of the nmap scan... :-)

Adding open port 21/tcp
Adding open port 113/tcp
Adding open port 22/tcp
Adding open port 143/tcp
Adding open port 110/tcp
Adding open port 80/tcp
Adding open port 53/tcp
Adding open port 25/tcp
Adding open port 443/tcp
Adding open port 139/tcp
Adding open port 389/tcp
Adding open port 3128/tcp
Adding open port 515/tcp

PORT     STATE SERVICE     VERSION
21/tcp   open  ftp?
22/tcp   open  ssh         OpenSSH 3.5p1 (protocol 1.99)
25/tcp   open  smtp
53/tcp   open  domain?
80/tcp   open  http        Apache httpd
110/tcp  open  pop3        qmail-pop3d
113/tcp  open  auth?
139/tcp  open  netbios-ssn Samba smbd
143/tcp  open  imap?
389/tcp  open  ldap?
443/tcp  open  ssl         OpenSSL
515/tcp  open  printer     LPRng
3128/tcp open  http-proxy  Squid webproxy 2.4.STABLE6



AJB

Title: Re: security - server only vs server/gateway mode?
Post by: Paul on December 25, 2003, 06:21:33 AM

Get that server OUT of server only mode ASAP!!!  You should not run the server in "server only" mode unless it's behind another firewall.

Too many ports are open and the others are only closed.  In server/gateway mode, you will have a lot less ports open and the others will show as "Stealth".

Good Luck
Paul

Title: Re: security - server only vs server/gateway mode?
Post by: Arne on December 25, 2003, 06:28:31 AM

Paul is right. If you are running in server only mode and all those ports are open, the security will not be ok. Unless you know how to make a manual firewall configuration with script in server only mode you shouls use it in server and gateway mode even though you eventuelle have not a lan behind. This wil give you the firewall functions by defalt.

Title: Re: security - server only vs server/gateway mode?
Post by: AJB on December 25, 2003, 09:35:19 AM

Thanx to both of you for the speedy replies...the machine in question is down for now until after the holidays when i'll set it up PROPERLY!

:-)

AJB