[H-GEN] Firewall configuration on a remote machine

gavin duley gavin at microcomaustralia.com.au
Wed Feb 9 01:43:05 EST 2011


On 9 Feb 2011, at 16:00, Stephen Thorne wrote:

> On 2011-02-09, gavin duley wrote:
>> Any suggestions as to where I could look them up to see what they are,
>> and therefore how to disable them? I could post them to the list, but
>> that might turn out to be publicly listing vulnerabilities on my
>> server. This would seem to be a bad idea.
> 
> netstat -tunpl
> 
> Program name is the rightmost column, if you're looking at ipv6, ::: is
> public, ::1 is localhost, 

Thanks. I figured out that the "unwanted" open ports were nfs related. I'm not using nfs, so I uninstalled nfs-common and they no longer seem to be open any more.

I assume that I want the 'local address' column to be in the form 127.0.0.1:portnumber for most things. I think I can just ignore the 'foreign address' column here?

Unless I'm misreading it horribly, I assume lines like this indicate that the port is listening only on 127.0.0.1:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1322/exim4

For what it's worth, I can telnet to port 25 locally, but not from a remote machine. The open ports were like this:

tcp        0      0 0.0.0.0:35843           0.0.0.0:*               LISTEN      836/rpc.statd

(note: that port is no longer open).

thanks,

gavin,

-- 
Honestly, if you're given the choice between Armageddon or tea, you don't say 'What kind of tea?'
		-- Neil Gaiman

Gavin Duley
<gavin at microcomaustralia.com.au> <gpd at sdf-eu.org>
WWW: http://www.gavinduley.org/




More information about the General mailing list