PDA

View Full Version : Closing Ports (FC1)?


IanWaring
19th April 2004, 12:07 AM
Please excuse this trivial question. I've been playing around trying to get two Windows XP machines to see my (working locally on CUPS) HP printer using SAMBA, which only seems to work by blowing holes in the respective firewalls (ports 111, 139, 445, 631 among them). I still haven't got it to list the printer as available from the XP machines, but that's probably a longer task to debug here.

However, i'm now wanting to close off these ports while I do another dose of bedtime reading. None are showing in my IPTABLES rules, and yet the ports are up even after a reboot.

How do I disable them?

ghenry
19th April 2004, 09:21 AM
Hi, I moved this to security, as the title suggests.

You just need to switch of portmap, cups and samba for the time being:


/sbin/service portmap stop
/sbin/service cups stop
/sbin/service smb stop


To switch these off on reboot run, and find the above and untick them:

/sbin/ntsysv

or

/sbin/setup

and go to the serivces section (which calls ntsysv anyway).

HTH.

IanWaring
19th April 2004, 11:51 AM
All back in one piece now, thanks. I'm hooked up to a Linksys WAG54G wireless router, and have my Linux server as the designated DMZ connection - so it gets all the unsolicited traffic fired at my one fixed IP address. Although I have SMB set to listen to local traffic only, I know that any ports I open on my Linux box are also open to the world outside :-)

But happy that things are locked down now without Portmap being active - and that nothing I don't know about is starting up!

Thankyou.

kosmosik
24th April 2004, 05:03 PM
However, i'm now wanting to close off these ports (...) How do I disable them?
This is *WRONG* - iptables/firewalls are for controlling access - it is not a security feature, and should not be considered as one. Proper way is to launch local services listening only on local network interfaces (not into Internet) - doing bind() on specified adresses (local) only. With Samba you can do that in config. f.e.:
interfaces = 127.0.0.1 10.0.0.1
bind interfaces only = yes
Thus no need to filter anything on firewall.

New Yekepa Travel Photos - West Vancouver Travel Photos on Instagram - Buy