printerserver and firewall 89

Duane Arnold

You have to have port 80 open to connect to your ISP. True, some use 8080 as well, but it is unofficial. If you close *all* your ports, then you are disconnected from the Internet!

I use shorewall, and the ports I have open to the Internet are: 21 (ftp), 80 (http), 123 (ntp) and 587 (msa). That last one is because my ISP blocks port 25 and I have to use an alternate port for a paid email account. Every bit of it is routed through squid, a caching proxy server, on port 3128.

What I have blocked, are: 25 (smtp), 109 (pop-2), 110 (pop-3), 119 (news) and 139 (netbios) and all the rest under port 1024. Port 139 (Netbios) is open to the internal network, but blocked from the Internet. I have to have it because I have mixed Linux and Windows machines on my network.

The mail and news ports are blocked to prevent my machines from being zombied by spammers. The mail and news are routed through the ISP via port 80 - everything except telnet, ssh and other special stuff is.

printerserver and firewall 90
No you don't have to have port 80 open and it is not true on no software FW, NAT router or FW appliance that I have used. A host based FW, the firmware in a...

I have about two break-in attempts per month - and they are logged! But those attempts are stopped at the MTA (my mail handler) which is Postfix. If you can't login you are stopped at the door. IOW, there is no "Guest" account on this network.

Michael

List | Previous | Next

printerserver and firewall 90

Alt Computers from Newsgroups

The #1 Usenet Provider on the Internet

Windows 98 Startup CD ROM

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		printerserver and firewall 89 Duane Arnold You have to have port 80 open to connect to your ISP. True, some use 8080 as well, but it is unofficial. If you close all your ports, then you are disconnected from the Internet! I use shorewall, and the ports I have open to the Internet are: 21 (ftp), 80 (http), 123 (ntp) and 587 (msa). That last one is because my ISP blocks port 25 and I have to use an alternate port for a paid email account. Every bit of it is routed through squid, a caching proxy server, on port 3128. What I have blocked, are: 25 (smtp), 109 (pop-2), 110 (pop-3), 119 (news) and 139 (netbios) and all the rest under port 1024. Port 139 (Netbios) is open to the internal network, but blocked from the Internet. I have to have it because I have mixed Linux and Windows machines on my network. The mail and news ports are blocked to prevent my machines from being zombied by spammers. The mail and news are routed through the ISP via port 80 - everything except telnet, ssh and other special stuff is. printerserver and firewall 90 No you don't have to have port 80 open and it is not true on no software FW, NAT router or FW appliance that I have used. A host based FW, the firmware in a... I have about two break-in attempts per month - and they are logged! But those attempts are stopped at the MTA (my mail handler) which is Postfix. If you can't login you are stopped at the door. IOW, there is no "Guest" account on this network. Michael List \| Previous \| Next



		printerserver and firewall 90 Alt Computers from Newsgroups The #1 Usenet Provider on the Internet Windows 98 Startup CD ROM