Hi everyone,

I have just installed smoothwall onto an old pc, to be used as the firewall/gateway for our lan.

The installation was as simple as they come, but after doing a port scan it seems ports 21 (ftp) and 23 (telnet) are still open to the outside world.

I checked the smoothwall setup and cannot spot anywhere to disable these very dodgy ports.

Does anyone know how to disable them within smoothwall. I must have overlooked something but cannot spot it.

Thank you.

What's up, lintoon? I have a smoothwall setup at home myself. After the initial installation there should not have been any open port. So, I would double check your port scan. You can administer it through any machine on you lan by pointing your browser to https://192.168.0.1:441 . From there you will have alot of options including opening and closing ports. Plus don't forget to do the two updates that smoothwall have provided.

ajb is right - the only port that Smoothwall leaves open to external users is port 113 - the auth port. If you enable SSH it runs on port 222, but it only opens that to external users if you tell it to.

The open ports list is in Networking -> External Access on the web interface, which, in SmoothWall Express 2.0 at least, is on port 81.

It does, however, allow access on all ports from inside the local network - so you can use IM (hence the port 113), telnet, ssh, ftp, http or whatever from _within_ the network.

Personally I only leave port 222 open to the external world, and I use port forwarding in SSH to get access to other things remotely.

Cheers, at least now I know smoothwall should be ok. Chances are it's something stupid (me).

Time to get my teeth into it.

Thanks for the replies.