Newbie iptables question - Bernardo Vieira

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Bernardo Vieira <bernardo.vieira@terra.com.br>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Newbie iptables question
Date: Thu, 09 Dec 2004 13:47:28 -0200	[thread overview]
Message-ID: <41B87390.3080501@terra.com.br> (raw)

Hi all,
Sorry for the lame post but I'm really stuck with this and got nowhere 
to turn. Anyway, here's my problem:
I need to close all external traffic (eth0:0)  to my server from execpt 
on a few ports (smtp, http, ping, echo, etc) and for my local network I 
need, in addition to those ports,  SMB. So, as a test I came up with the 
following tables (for now I'm allowing all local traffic):


Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination        
15521 3812K ACCEPT     all  --  !eth0:0 *      !192.168.1.3         
!192.168.1.3       
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp flags:0x10/0x10
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0          state ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0          state RELATED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
0.0.0.0/0          udp spt:53 dpts:1024:65535
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          icmp type 12
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:113
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:10000
    0     0 SMB        all  --  *      *       192.168.1.0/24       
192.168.1.0/24    

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination        
    0     0 SMB        all  --  *      *       0.0.0.0/0            
0.0.0.0/0         

Chain OUTPUT (policy ACCEPT 20416 packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               
destination        
15938   16M SMB        all  --  *      *       192.168.1.0/24       
192.168.1.0/24    

Chain SMB (3 references)
 pkts bytes target     prot opt in     out     source               
destination        
   10  1111 ACCEPT     tcp  --  *      *      !192.168.1.3         
!192.168.1.3        tcp multiport dports 135,136,137,138,139,445
    4   499 ACCEPT     udp  --  *      *      !192.168.1.3         
!192.168.1.3        udp multiport sports 135,136,137,138,139,445

However, when I run a portscan I get the following, I'm particularly 
worried about ports 139 and 3306 being open:

21           ftp       File Transfer [Control]                      
22           ssh       Secure Shell Login                           
25          smtp       Simple Mail Transfer                         
37          time       timserver                                    
80          http       World Wide Web HTTP                          
111        sunrpc      portmapper, rpcbind                          
139      netbios-ssn   NETBIOS Session Service                      
143         imap2      Interim Mail Access Protocol v2              
443         https      secure http (SSL)                            
587      submission    -                                            
3306        mysql      mySQL                                        
10000 snet-sensor-mgmt SecureNet Pro Sensor https management server 

Can anyone shed some light on this?

Thanx.




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0450-1, 09/12/2004
Tested on: 9/12/2004 13:47:30
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com

next             reply	other threads:[~2004-12-09 15:47 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-09 15:47 Bernardo Vieira [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-12-09 16:32 Newbie iptables question Gary W. Smith
2004-12-09 17:29 ` Bernardo Vieira
2004-12-09 17:34 Hudson Delbert J Contr 61 CS/SCBN

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41B87390.3080501@terra.com.br \
    --to=bernardo.vieira@terra.com.br \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox