I'm trying to configure my firewall on Mandrake 9.0 using
Mandrake's Control Center as a start and then editing the
resulting shorewall configuration files in /etc/shorewall
to get what I want. What I want for now is to allow only
ssh and smtp to access my machine. I did this by specifying
this in my shorewall rules file:
ACCEPT net fw tcp ssh,smtp -
ACCEPT net fw udp ssh,smtp -
When I run nmap from outside my firewall I see ports for
those two protocols open, but also two others closed:
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on nobody.home.com (123.123.321.21):
(The 1597 ports scanned but not shown below are in state: filtered)
Port State Service
22/tcp open ssh
25/tcp open smtp
113/tcp closed auth
135/tcp closed loc-srv
Nmap run completed -- 1 IP address (1 host up) scanned in 422 seconds
What's the meaning of the two closed ports? What's the risk of
their showing up?
Soon I'll need to change the smtp port so that it's only allowed
from a certain address range (network). I haven't figured out
how to do that. Any pointers?
At that time I'll also want to "open up UDP port 500 and IP
Protocol 50 to allow the IPSEC traffic through", so say the
networking staff where I work (I'll have IPSEC access from home).
I think I can figure out how to do this, except for the network
Pointers much appreciated people.... :^)
Unless otherwise noted, the statements herein reflect my personal
opinions and not those of any organization with which I may be affiliated.