Is Public Access To Port 8735 Security Sensitive?
Results 1 to 4 of 4

Thread: Is Public Access To Port 8735 Security Sensitive?

  1. #1
    Active Member
    Join Date
    Oct 2012
    Posts
    18

    Is Public Access To Port 8735 Security Sensitive?

    During the installation procedure, Zextras says:

    ZeXtras Suite needs to bind on TCP port 8735 in order to operate, for inter-instance communication.
    Please verify no other service listens on that port and that it is properly filtered from public access by your firewall
    I have a single server setup and currently do not filter this port. Does this cause any security problems?

  2. #2
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    565
    Hi vicenz,

    as stated in the warning message you shouldn't expose it to the public access to avoid security problems....

    D0s0n
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

  3. #3
    Active Member
    Join Date
    Oct 2012
    Posts
    18
    Ok, I think this should be communicated better.
    Further, the webinterface seems to need access to this port even in single server setups, so I had to allow traffic for the loopback interface.
    Just in case there is anybody else like me not too familiar with iptables, this is how I solved it:

    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8735 -j REJECT --reject-with icmp-port-unreachable
    -A INPUT -p udp -m udp --dport 8735 -j REJECT --reject-with icmp-port-unreachable

  4. #4
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    565
    Quote Originally Posted by vinzenz View Post
    Further, the webinterface seems to need access to this port even in single server setups, so I had to allow traffic for the loopback interface.
    Hi vinzenz,
    AFAIK, there's no need to access to that port in a single server enviroment... If you have experienced some issue when you are blocking it, please let us know.

    Quote Originally Posted by vinzenz View Post
    Just in case there is anybody else like me not too familiar with iptables, this is how I solved it:

    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8735 -j REJECT --reject-with icmp-port-unreachable
    -A INPUT -p udp -m udp --dport 8735 -j REJECT --reject-with icmp-port-unreachable
    A single line like this will be suffice:
    Code:
    -A INPUT -p tcp  --dport 8735 -j REJECT
    D0s0n
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •