[plug] Firewall on gateway
Craig Ringer
craig at postnewspapers.com.au
Fri Mar 19 13:14:22 WST 2004
On Fri, 2004-03-19 at 12:47, Rennie Barnett wrote:
> Anyhow I've been able to get Gatekeeper
Is that the hostname of your firewall?
> to firewall everything except SSH
Do you mean that it blocks all incoming new connections except for port
22 (ssh)? Or something else?
> and
> keep on NATing but I seem to be getting significant traffic on unusual ports
> like 2206 & 3541 etc..
Incoming hits to ports on the firewall, or outgoing NATed traffic?
> Is it a bad idea to block OUTPUT, FORWARD and INPUT on a whole bunch of these
> seemingly unnecessary ports?
It'd be wise to identify what the traffic is for, and doing, first.
Search google for info on the ports in use. Use 'ethereal' to get a dump
of the traffic in question, and examine it to see what machine it's
coming from, and what it's content is. See if you can identify what app
is generating the traffic, and why. /then/ decide if you want to
firewall the ports, or if some other action (AdAware, virus scan,
killing a user, etc) is more appropriate.
Craig Ringer
More information about the plug
mailing list