LinuxQuestions.org - what corporate firwall-ports should to be open?

- Incognito (https://www.linuxquestions.org/questions/incognito-85/)

- - what corporate firwall-ports should to be open? (https://www.linuxquestions.org/questions/incognito-85/what-corporate-firwall-ports-should-to-be-open-762539/)

what corporate firwall-ports should to be open?

Hallo

1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?

Thank's a lot for evey help!

John

Quote:

Originally Posted by john99 (Post 3722532)

22, 53, 80, 443, 25, 993 are good ones.

Of f* it, just DMZ the whole box. ;-)

Quote:

Originally Posted by john99 (Post 3722532)

What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?

You will have to be able to communicate with the Tor network. You can use TorStatus to check which ORPorts and DirPorts the relays tend to use. Your firewall has to allow outbound connection to some subest of these TCP ports. Note that the fewer of the ORPorts you're able to connect to, the worse Tor's anonymity and performance gets.

If you want the time to be set correctly (Tor needs a somewhat accurate clock, so this might be nexessary) you also need the NTP port (UDP port 123) open for outbound connections.

Quote:

Originally Posted by john99 (Post 3722532)

What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?

The best way I think is to use a Tor bridge. You can setup Tor to use a bridge through the TorK GUI controller for Tor (the onion in the system tray). Note that you'll have to redo this everytime you start Incognito when booting from a CD.

Thank's a lot for the informations! For a beginner like me, it sounds like trial and error...

Is there not a more "reliable" method to test from within Icognito if the required ports(for TOR)
on the corporate firewall are open?

Thank's a lot for any feedback!

John

John,

I don't know what Incognito is, but here's how I handle opening ports:

As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."

If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:

Code:

nmap domain.name

On the gateway:

Code:

PORT    STATE SERVICE

22/tcp  open    ssh

23/tcp  open    telnet

53/tcp  open    domain

80/tcp  open    http

443/tcp  open    https

8080/tcp filtered http-proxy

And on the main internal server (you don't have access to this information directly since its in my network):

Code:

PORT    STATE SERVICE

22/tcp  open  ssh

53/tcp  open  domain

80/tcp  open  http

111/tcp  open  rpcbind

443/tcp  open  https

2049/tcp open  nfs

3306/tcp open  mysql

Best!
Jameson

Thank's a lot for the help!

Quote:

Originally Posted by jhwilliams (Post 3763269)

As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."

Ok, but you know already before that Appache requires port 80. Is there - apart from firewall logs - other possibilities to find it out?

Quote:

Originally Posted by jhwilliams (Post 3763269)

If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:

Code:

nmap domain.name

Code:

PORT    STATE SERVICE

23/tcp  open    telnet

I am wondering why Icognito/TOR does work in my case with port TCP 23 only. My opinion was, that much more open ports are required...
Do I miss something?

Thank's a lot for additional help!

John