On Thursday 10 February 2005 11:40 pm, Nick Smith <[EMAIL PROTECTED]> wrote: > im going to try and setup a firewall on my home server this weekend, but > im unsure as to all the ports i have to open in order for my mail server > to stay operational, this is a list of what i think i need to make > accessible from outside, please let me know if i need to open anything > else and suggestions please. im using 1 nic at the moment with a 2nd > installed but not active yet, going to hook the machine straight up to > my cable modem and bypass the router for now and run nic2 to the > router/switch when i go to set this up. > > here is a list of what i think i need open, and question next to the > ones im not sure of.
Are you sure you want all these avilable to the internet? You may want to have some of these only listen to on the "inside" nic, if they are only supposed to provide services from inside your network. > courier-imap - 143 > courier-imap-ssl - 995? > courier-pop3 - 110 > courier-pop3-ssl - ? > postfix - 25 > apache - 80 > proftpd - 21 > webmin - 10000 > distcc - 3632 > ssh - 22 > ntp - ? what port does it update itself? > clamav - same as above > NFS - ? might try sharing drives across internet, what port? > squid - 8080 > tor - ? does it need a port? > privoxy - ? > openldap - ? when i get this running does it use a port? distcc should *never* be allowed to listen to the open net. [Heck, I was worried about it because it would answer my roommate's win-box.] distcc does NOT check to make the the command-line it is executing is a compile, so you are basically given local access to the box as the distcc user for anyone that the daemon will listen to. I'm not *exactly* sure what webmin is for. I do expose a the web interface to my netgear router to the internet (via ssh only), but that's so I can turn on/off port forwarding to inside boxes as needed. Yes, that's dangerous and you should probably think twice about doing it. -- Boyd Stephen Smith Jr. [EMAIL PROTECTED] ICQ: 514984 YM/AIM: DaTwinkDaddy -- gentoo-user@gentoo.org mailing list