extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-22 12:41:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert ports.htm to Docbook XML

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@967 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-12-26 15:52:12 +00:00
parent caa793d2b4
commit 0857b52089
2 changed files with 270 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
Shorewall-docs/ports.htm
View File

@ -1,147 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shorewall Port Information</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>
<body>
<h1 style="text-align: center;">Ports Required for Various
Services/Applications<br>
</h1>
<p>In addition to those applications described in <a
href="Documentation.htm">the /etc/shorewall/rules documentation</a>,
here are some other services/applications that you may need to
configure
your firewall to accommodate.</p>
<p>NTP (Network Time Protocol)</p>
<blockquote>
<p>UDP Port 123</p>
</blockquote>
<p>rdate</p>
<blockquote>
<p>TCP Port 37</p>
</blockquote>
<p>UseNet (NNTP)</p>
<blockquote>
<p>TCP Port 119</p>
</blockquote>
<p>DNS</p>
<blockquote>
<p>UDP Port 53. If you are configuring a DNS client, you will
probably
want to open TCP Port 53 as well.<br>
If you are configuring a server, only open TCP Port 53 if
you will return long replies to queries or if you need to enable ZONE
transfers.&nbsp;In the latter case, be sure that your server is
properly
configured.</p>
</blockquote>
<p>ICQ&nbsp;&nbsp;&nbsp;</p>
<blockquote>
<p>UDP Port 4000. You will also need to open a range of TCP ports
which you can specify to your ICQ client. By default, clients use
4000-4100.</p>
</blockquote>
<p>PPTP</p>
<blockquote>
<p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a
href="PPTP.htm">Lots more information here</a>).</p>
</blockquote>
<p>IPSEC</p>
<blockquote>
<p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP
Port 500. These should be opened in both directions (Lots more
information <a href="IPSEC.htm">here</a> and <a href="VPN.htm">here</a>).</p>
</blockquote>
<p>SMTP (Email)</p>
<blockquote>
<p>&nbsp;TCP Port 25.</p>
</blockquote>
<p>RealPlayer<br>
</p>
<blockquote>
<p>UDP Port 6790 inbound<br>
</p>
</blockquote>
<p>POP3</p>
<blockquote>
<p>TCP Port 110 (Secure = TCP Port 995)<br>
</p>
</blockquote>
<p>IMAP<br>
</p>
<blockquote>TCP Port 143 (Secure = TCP Port 993)<br>
</blockquote>
<p>TELNET</p>
<blockquote>
<p>TCP Port 23.</p>
</blockquote>
<p>SSH</p>
<blockquote>
<p>TCP Port 22.</p>
</blockquote>
<p>Auth (identd)</p>
<blockquote>
<p>TCP Port 113</p>
</blockquote>
<p>Web Access</p>
<blockquote>
<p>TCP Ports 80 and 443.</p>
</blockquote>
<p>FTP<br>
</p>
<blockquote>
<p>TCP port 21 plus <a href="FTP.html">look here for much more
information</a>.<br>
</p>
</blockquote>
<p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p>
<blockquote> </blockquote>
<blockquote>
<p>TCP Ports 137, 139 and 445.<br>
UDP Ports 137-139.<br>
<br>
Also, <a href="samba.htm">see this page</a>.</p>
</blockquote>
<p>Traceroute</p>
<blockquote>
<p>UDP ports 33434 through 33434+<i>&lt;max number of hops&gt;</i>-1<br>
ICMP type 8 ('ping')<br>
</p>
</blockquote>
<p>NFS<br>
</p>
<blockquote>
<p>I personally use the following rules for opening access from zone
z1 to a server with IP address a.b.c.d in zone z2:<br>
</p>
<pre>ACCEPT z1 z2:a.b.c.d udp 111<br>ACCEPT z1 z2:a.b.c.d tcp 111<br>ACCEPT z1 z2:a.b.c.d udp 2049<br>ACCEPT z1 z2:a.b.c.d udp 32700:<br></pre>
</blockquote>
<blockquote>
<p>Note that my rules only cover NFS using UDP (the normal case).
There is lots of additional information at&nbsp; <a
href="http://nfs.sourceforge.net/nfs-howto/security.html">
http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
</blockquote>
<p>VNC<br>
</p>
<blockquote>
<p>TCP port 5900 + &lt;display number&gt;</p>
</blockquote>
<p>Didn't find what you are looking for -- have you looked in your own
/etc/services file? </p>
<p>Still looking? Try <a
href="http://www.networkice.com/advice/Exploits/Ports">
http://www.networkice.com/advice/Exploits/Ports</a></p>
<p><font size="2">Last updated 7/30/2003 - </font><font size="2"> <a
href="support.htm">Tom Eastep</a></font> </p>
<a href="copyright.htm"><font size="2">Copyright</font> ©
<font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
<br>
<br>
<br>
</body>
</html>

270
Shorewall-docs/ports.xml Normal file
View File

@ -0,0 +1,270 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>Ports Required for Various Services/Applications</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate>2002-07-30</pubdate>
<copyright>
<year>2001-2002</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice>
<abstract>
<para>In addition to those applications described in the
/etc/shorewall/rules documentation, here are some other
services/applications that you may need to configure your firewall to
accommodate.</para>
</abstract>
</articleinfo>
<section>
<title>NTP (Network Time Protocol)</title>
<para>UDP Port 123</para>
</section>
<section>
<title>rdate</title>
<para>TCP Port 37</para>
</section>
<section>
<title>Usenet (NNTP)</title>
<para>TCP Port 119</para>
</section>
<section>
<title>DNS</title>
<para>UDP Port 53. If you are configuring a DNS client, you will probably
want to open TCP Port 53 as well. If you are configuring a server, only
open TCP Port 53 if you will return long replies to queries or if you need
to enable ZONE transfers. In the latter case, be sure that your server is
properly configured.</para>
</section>
<section>
<title>ICQ</title>
<para>UDP Port 4000. You will also need to open a range of TCP ports which
you can specify to your ICQ client. By default, clients use 4000-4100.</para>
</section>
<section>
<title>PPTP</title>
<para>Protocol 47 (NOT port 47) and TCP Port 1723 (Lots more information
<ulink url="PPTP.htm">here</ulink> and <ulink url="VPN.htm">here</ulink>).</para>
</section>
<section>
<title>IPSEC</title>
<para>Protocols 50 and 51 (NOT ports 50 and 51) and UDP Port 500. These
should be opened in both directions (Lots more information <ulink
url="IPSEC.htm">here</ulink> and <ulink url="VPN.htm">here</ulink>)</para>
</section>
<section>
<title>SMTP (email)</title>
<para>TCP Port 25.</para>
</section>
<section>
<title>Pop3</title>
<para>TCP Port 110 (Secure Pop3 is TCP Port 995)</para>
</section>
<section>
<title>IMAP</title>
<para>TCP Port 143 (Secure IMAP is TCP Port 993)</para>
</section>
<section>
<title>Telnet</title>
<para>TCP Port 23.</para>
</section>
<section>
<title>SSH</title>
<para>TCP Port 22.</para>
</section>
<section>
<title>Auth (identd)</title>
<para>TCP Port 113</para>
</section>
<section>
<title>Web Access</title>
<para>TCP Ports 80 and 443.</para>
</section>
<section>
<title>FTP</title>
<para>TCP port 21 plus look <ulink url="FTP.html">here</ulink> for much
more information.</para>
</section>
<section>
<title>SMB/NMB (Samba/Windows Browsing/File Sharing)</title>
<para>TCP Ports 137, 139 and 445.</para>
<para>UDP Ports 137-139.</para>
<para>Also, see <ulink url="samba.htm">this page</ulink>.</para>
</section>
<section>
<title>Traceroute</title>
<para>UDP ports 33434 through 33434+&#60;max number of hops&#62;-1</para>
<para>ICMP type 8 (&#39;ping&#39;)</para>
</section>
<section>
<title>NFS</title>
<para>I personally use the following rules for opening access from zone z1
to a server with IP address a.b.c.d in zone z2:</para>
<informaltable>
<tgroup cols="7">
<thead>
<row>
<entry align="center">ACTION</entry>
<entry align="center">SOURCE</entry>
<entry align="center">DESTINATION</entry>
<entry align="center">PROTOCOL</entry>
<entry align="center">PORT(S)</entry>
<entry align="center">SOURCE PORT(S)</entry>
<entry align="center">ORIGINAL DEST</entry>
</row>
</thead>
<tbody>
<row>
<entry>ACCEPT</entry>
<entry>z1</entry>
<entry>z2:a.b.c.d</entry>
<entry>udp</entry>
<entry>111</entry>
<entry></entry>
<entry></entry>
</row>
<row>
<entry>ACCEPT</entry>
<entry>z1</entry>
<entry>z2:a.b.c.d</entry>
<entry>tcp</entry>
<entry>111</entry>
<entry></entry>
<entry></entry>
</row>
<row>
<entry>ACCEPT</entry>
<entry>z1</entry>
<entry>z2:a.b.c.d</entry>
<entry>udp</entry>
<entry>2049</entry>
<entry></entry>
<entry></entry>
</row>
<row>
<entry>ACCEPT</entry>
<entry>z1</entry>
<entry>z2:a.b.c.d</entry>
<entry>udp</entry>
<entry>32700:</entry>
<entry></entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
<section>
<title>VNC</title>
<para>TCP port 5900 + &#60;display number&#62;. </para>
</section>
<section>
<title>Other Source of Port Information</title>
<para>Didn&#39;t find what you are looking for -- have you looked in your
own /etc/services file?</para>
<para>Still looking? Try <ulink
url="http://www.networkice.com/advice/Exploits/Ports">http://www.networkice.com/advice/Exploits/Ports</ulink></para>
</section>
</article>