when i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns: Code: james@james-linux:~$ nmap localhost Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): Not shown: 994 closed ports PORT STATE SERVICE 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 2049/tcp open nfs Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code: james@james-linux:~$ nmap 192.168.0.108 Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT Interesting ports on 192.168.0.108: Not shown: 996 closed ports PORT STATE SERVICE 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
I installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
I am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
Well I'm kinda a paranoid person, and got bored and ran a port scan from 0 to 500000 and turned up some interesting results, I was wondering how I find the programs tied to each open port. Its my computer and I'd like to very well know what programs are needing these ports and for what usage.
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
I now have a firewall up and running: almost perfectly. When I use nmap and perform the most comprehensive scan I can think of, it cannot detect any wide open ports (unless bittorent is running) and cannot fingerprint the OS. My last 2 questions about my firewall (I am very happy now) are:
It seems as though Firestarter has been "abandoned" by the developers, and that gufw is more current. Does it really matter which firewall I use because don't they all do the same thing? I like firestarters system tray icon a lot. 2nd question is I have two open|filtered ports. Are these still pretty well protected?
It is very pleasing to see that I have no open ports, because if you were an experienced Windows user like I was, you got used to the fact you were going to have open ports no matter what. Linux's builtin firewall completely destroys the expensive and useless scams they call Norton and McAfee. Linux officially rocks now
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
A few months ago I installed Ubuntu 9.10 on my girlfriends laptop, on her request, as she didn't like Windows any more. Since then the internet connection periodically slows down due to too many open ports/connections. Always when this happens I call our ISP and usually there are around 80-200(!) active connections to various IP's.
She is not downloading torrents or anything. She only uses Firefox and a few open tabs as people do. Skype is open. Wireless internet connection.
I am thinking either Ubuntu is updating more or less constantly or the ports/connections aren't closed "after use".
I'm trying to open my ports all the way, but for some reason, I am unable to do so. I've forwarded the ports I want open in my router (I switched between two routers to make sure), I made exceptions in Firestarter, and I even added UFW rules, but when I use pretty much any and every port checking tool out there, the ports eithere back stealthed or closed.I'm not a complete noob, and I'm not an expert, but I'm p sure I'm doing everything right, seeing as there isn't much to screw up.The reason I'm trying to fully open these ports is because I'm getting this dumb 'No Incoming Connections
I'm using ubuntu-linux ( ubuntu 9.10)I use utility autoscan network to scan the systems available in local area network of my hostel.It shows my open TCP ports : like Ssh , Smtp , Http , NetBios-ssn , Microsoft-ds , ipp , Mysql , Postgres.Are all these services need to run all the time or I can manage the ports.Don't know much about it just want to know these ports are by default open or I can manage them.
"Ubuntu Server has no open ports by default" - [URL]. Does this mean right after a 10.04 Server Edition installation, if a user wants to start a web service e.g. a Java process to listen on say port 8080, he would have to configure the firewall first?
I have been running Ubuntu 10.10 and have found that at any time I am connected to the Internet that I will randomly see high port numbers open when doing a port scan on my computer all are in the unknown listings with five digit numbers so I don't know what is going on or who is using them. Please check your system to see if you are having the same thing happen by using network tools and filling in your local ip address in the port scan tab. If you shut down your Ethernet interface and run port scans the high ports are no longer open. this will at least keep whoever is using your ports at bay when you are not using the net.
Just did a check on "shields up" and it says that ten of my ports are open. I get the same result with or without both shorewall and firestarter. I suspect it may have something to do with the mysql server packages added automatically during installation. Am I right. If so, what can be done about it? If not, has anyone any idea how to keep my ports closed?
I'm trying to setup oracle10g but, whenever I try to go to my database homepage http://127.0.0.1:8080/apex I get an "unable to connect to" error. Only reason I can think of as to why I can't connect to it is because my ports aren't open. I also recall SELinux complaining about something awhile ago, I can't seem to bring that up any more for some reason.
After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
Recently I've updated my small file server at home (Ubuntu 9.10) (Linux ubuntu 2.6.31-16-generic) and after I restarted my system No Ports where open anymore. I use ssh, vsftpd, apache2 and samba ... nothing start after reboot, I have to start it manually. I don't know what happened and if is it even direct result of some updates. I have another machine like that at work and there was no problems after resent updates.
I forwarded ports 28900(TCP/UDP) and 5029(UDP) to my linux box for a game. Testing my ports with a website now shows these ports as "connection refused" rather than "timeout" which means the connections are getting to my system but the iptables are blocking them. But I added 28900 as a test and it still won't accept anything on this port. This is my output of iptables -L
I need to ensure ports 6112 through 6119 are open. I tried using Firestarter to do this, but when I search for what ports are open, it says none of them are. I use Ubuntu 9.04.
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
I'm trying to set up an SSH connection from my school to my home, but not on port 22. I originally tried port 2222, but it didn't work. I called my school IT people and they said they block that port. I asked if they care if I set up an SSH and they said no, but that they wouldn't tell me which ports are blocked and which are open for "security" reasons (which I guess I can actually understand). They suggested just using port 22 or 222, but said if a ports open I can use it.
My question is, can I check ports without setting up SSH? It seems like a hassle to try a different port every day on my home SSHD file, come to school, see if it works and repeat. Is there a way I can check my computer home for connections that could connect, even if there isn't a service listening? I don't know how to do that, or even if its possible. If not, I suspect I'll just try a few until I find something that works, or just go ahead and use 22.
I'm trying to open ports in Firehol for PS3 Media Server. So far I've tried all options from this Firehol "adding services" page and none of 'em is working for me. Here are the IPs:PC : 192.168.1.139PS3 : 192.168.1.138TV: 192.168.1.131PS3 Media Server Port: 35355If a port can be opened for specific IPs then I would like to open one for only 2 IPs.Firehol configuration:
version 5 # Accept all client traffic on any interface interface any internet
I've tried to set up a Hadoop cluster on a few freshly-installed 10.04 Server Edition machines and hit a problem. (I was able to set up the cluster using Desktop edition previously). The issue is that I can't connect to the service even though the Java process is running and listening on the port and there is no error in the logs. Anyway, I started to wonder if it was firewall issue so I googled it and found conflicting information.
1. "Ubuntu Server has no open ports by default" - [URL] 2. iptables shows different info. ufw is also disabled.
I even tried to enable ufw and did "sudo ufw default allow incoming" but still no help. The only package I manually selected during installation is OpenSSH server.
Yesterday I switched from CentOS to Ubuntu, and wanted to install TeamSpeak3 which runs on ports 9987 UDP and 10011 TCP. The TeamSpeak3 worked fine on CentOS before this.
I believe the only firewall for Ubuntu is "UFW", am I correct? If so, "ufw status" reports:
Code: Status: inactive
I do have other things running on UDP (Counter Strike Source servers) and people can connect just fine.
When I telnet localhost 10011 I get a response from the TeamSpeak3 server:
Code: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. TS3
Welcome to the TeamSpeak 3 ServerQuery interface, type "help" for a list of commands and "help <command>" for information on a specific command. However, telnetting from outside just gets no answer, this is what leads me to believe it is a firewall in the way.
I've been struggling for days trying to open port 53 and 25 but can't get it to work. My iptables at /etc/sysconfig contains the following: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] .....
On the server machine when I do port scan with nmap I see the following result: Starting Nmap 4.76 [URL] at 2010-03-28 01:03 CET Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): Not shown: 986 closed ports .....
But when I try to do telnet from an external machine, e.g: telnet <IP of host> 53 I get: Connection refused telnet: Unable to connect to remote host
I also did a port scan with a tool on an external machine but port 53 and 25 weren't listed as opened ports. Also CheckDNS.net on the server returns "Connection reset. Probably DNS server is offline". I am 100% sure that named and sendmail are running. When I do a ps -aux I see: named 9261 0.0 0.3 85528 14784 ? Ssl 00:46 0:00 /usr/sbin/named -u named root 2550 0.0 0.0 9536 1960 ? Ss Mar23 0:02 sendmail: accepting connections
