[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPtables...
The reason that the http server is shown as "stealth" is because your IP has blocked it so people can't (easily) host web servers. So, if you want to host web pages, you need to do it on another port (see the ZoneEdit FAQ).
On 07 Jan 2002 08:56:31 +0000
Alexander Wallace <[email protected]> wrote:
> Thanks! My machine does show a lot of open ports, that is my net
> machine, only http is shown stealth and some others are closed....
>
> I guess I will have to learn IP tables!
>
> Since http shows stealth, but apache is running, I'm asumming that even
> if somethin shows as stealth, it works, but can't be scanned over the
> internet, right? I gues I want that on all my ports...
>
> Any suggestions on where to start to learn how to make my ports stealth
> but keep their functionality?
>
> Thanks!
>
> On Mon, 2002-01-07 at 05:02, [email protected] wrote:
> > I think you may want to test out your firewall...I don't think that
> > IPtables comes with any real default rules. I would go over to
> > www.grc.com and to their shields up test. focus on the results of the
> > "probe my ports" test, if things come up stealth, then IPtalbes is
> > likely firewalling for you, if ports come up open or closed, then
> > IPtalbes is likely not packet filtering.
> >
> > jason
> >
> > On Sun, 06 Jan 2002, Alexander Wallace wrote:
> > > Thanks Jason! Each time I do a new thing, the more I realize I know very
> > > little....
> > >
> > > I entered the rules for IPTables by hand, and everything seemed to have
> > > worked, except, after a while, I realized I was not getting any email! I
> > > created the file in /etc/inet.d and likn in /etc/rc2.d in place 40, I
> > > thought that would be good.. not knowing any better I rebooted and
> > > NOTHING WORKED! Quicly i deleted the link and again not knowing any
> > > better I rebooted... This time a whole bunch of rules, that I assume
> > > where default rules loaded and everything works and I'm receiving emails
> > > again (wew!)... I asume the default rules may not be too secure... I'll
> > > have to learn a bit more about iptables before messing with them
> > > again....
> > >
> > > Thank you!
> > >
> > > On Mon, 2002-01-07 at 02:18, [email protected] wrote:
> > > > The file name in init.d is irrelevant, the link name in rc2.d is not. It
> > > > must have the form "SXXwhateverelseherre", the SXX (where XX is the two
> > > > digit number representing the order in which the scripts are run) is the
> > > > important part. The number that you select is not trivial. For example,
> > > > if you start it two early, there might be certain services up in running
> > > > that are required. For example, before you can laod your firewall, the
> > > > networking support needs to be started. A common way of handling this is
> > > > to make a S99local link in rc2.d that points to a file (normally called)
> > > > local in init.d. In local you can run whatever extra things you want
> > > > started at boot, and pretty much be assured that everything else that is
> > > > important is started prior to its running. For example, in my local
> > > > script, I start my adsl-connect, load the firewall (I start my firewall
> > > > imeadiately after the connection is made, to minimize the time when
> > > > there is a connection with out a firewall...if I had a static IP, I
> > > > would start it prior to connecting), update my dns server, then run a
> > > > few other things, like loading kernel modules for sensors, so I can know
> > > > the temperature of my MB and CPU, as well as my fan speeds (they are
> > > > displayed in gkrellm).
> > > >
> > > > Hope that gets you started
> > > >
> > > > jason
> > > >
> > > >
> > > > On Sun, 06 Jan 2002, Alexander Wallace wrote:
> > > > > Hello there! Ok I got the libra gateway working! It was much easyer that
> > > > > I thought it would be...
> > > > >
> > > > > I have a quick question... What shold I do to have the rules for
> > > > > iptables load automatically at startup? What file shoudl I use? Where?
> > > > >
> > > > > I read something about placing a file in /etc/init.d and then link from
> > > > > /etc/rc2.d. I just what to make sure. I guess the file name is
> > > > > unimprtant right? and, does it matter if my connection is supposed to be
> > > > > dynamic?
> > > > >
> > > > > Also, me external adapter (eth1) is connected to a roadrunner modem,
> > > > > when I was doing the rules for ip tables, I gave the static IP for the
> > > > > external adapter... How do I tell IP tables that eth1 uses dhcp?
> > > > >
> > > > > Thanks!
> > > > >
> > > > > --
> > > > > The archive is at https://www.libranetlinux.com/archive.html
> > > > > To unsubscribe, send email to [email protected]
> > > > > with a subject of UNSUBSCRIBE.
> > > >
> > > > --
> > > > The archive is at https://www.libranetlinux.com/archive.html
> > > > To unsubscribe, send email to [email protected]
> > > > with a subject of UNSUBSCRIBE.
> > >
> > >
> > > --
> > > The archive is at https://www.libranetlinux.com/archive.html
> > > To unsubscribe, send email to [email protected]
> > > with a subject of UNSUBSCRIBE.
> >
> > --
> > The archive is at https://www.libranetlinux.com/archive.html
> > To unsubscribe, send email to [email protected]
> > with a subject of UNSUBSCRIBE.
>
>
> --
> The archive is at https://www.libranetlinux.com/archive.html
> To unsubscribe, send email to [email protected]
> with a subject of UNSUBSCRIBE.
>
--
The archive is at https://www.libranetlinux.com/archive.html
To unsubscribe, send email to [email protected]
with a subject of UNSUBSCRIBE.