Newbie iptables question - Bernardo Vieira

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bernardo Vieira <bernardo.vieira@terra.com.br>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Newbie iptables question
Date: Thu, 09 Dec 2004 13:47:28 -0200	[thread overview]
Message-ID: <41B87390.3080501@terra.com.br> (raw)

Hi all,
Sorry for the lame post but I'm really stuck with this and got nowhere 
to turn. Anyway, here's my problem:
I need to close all external traffic (eth0:0)  to my server from execpt 
on a few ports (smtp, http, ping, echo, etc) and for my local network I 
need, in addition to those ports,  SMB. So, as a test I came up with the 
following tables (for now I'm allowing all local traffic):


Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination        
15521 3812K ACCEPT     all  --  !eth0:0 *      !192.168.1.3         
!192.168.1.3       
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp flags:0x10/0x10
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0          state ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0          state RELATED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
0.0.0.0/0          udp spt:53 dpts:1024:65535
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 12
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:113
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:10000
    0     0 SMB        all  --  *      *       192.168.1.0/24       
192.168.1.0/24    

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination        
    0     0 SMB        all  --  *      *       0.0.0.0/0            
0.0.0.0/0         

Chain OUTPUT (policy ACCEPT 20416 packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               
destination        
15938   16M SMB        all  --  *      *       192.168.1.0/24       
192.168.1.0/24    

Chain SMB (3 references)
 pkts bytes target     prot opt in     out     source               
destination        
   10  1111 ACCEPT     tcp  --  *      *      !192.168.1.3         
!192.168.1.3        tcp multiport dports 135,136,137,138,139,445
    4   499 ACCEPT     udp  --  *      *      !192.168.1.3         
!192.168.1.3        udp multiport sports 135,136,137,138,139,445

However, when I run a portscan I get the following, I'm particularly 
worried about ports 139 and 3306 being open:

21           ftp       File Transfer [Control]                      
22           ssh       Secure Shell Login                           
25          smtp       Simple Mail Transfer                         
37          time       timserver                                    
80          http       World Wide Web HTTP                          
111        sunrpc      portmapper, rpcbind                          
139      netbios-ssn   NETBIOS Session Service                      
143         imap2      Interim Mail Access Protocol v2              
443         https      secure http (SSL)                            
587      submission    -                                            
3306        mysql      mySQL                                        
10000 snet-sensor-mgmt SecureNet Pro Sensor https management server 

Can anyone shed some light on this?

Thanx.




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0450-1, 09/12/2004
Tested on: 9/12/2004 13:47:30
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com

next             reply	other threads:[~2004-12-09 15:47 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-09 15:47 Bernardo Vieira [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-12-09 16:32 Newbie iptables question Gary W. Smith
2004-12-09 17:29 ` Bernardo Vieira
2004-12-09 17:34 Hudson Delbert J Contr 61 CS/SCBN

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41B87390.3080501@terra.com.br \
    --to=bernardo.vieira@terra.com.br \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.