It is assumed that each site in the Reciprocal Net site network will have an always-on connection to the Internet. The only port that needs to be open from the Internet to your server is TCP port 80 (HTTP), on which Apache Httpd answers incoming HTTP requests. Opening port TCP port 80 allows users across the globe to visit your web site and access those samples that you have chosen to make public. Reciprocal Net site software does not require that any other port be opened.
Some system administrators find it convenient to enable SSH remote shell access to their servers. For this, TCP port 23 should be opened.
Good security practice dictates that all ports other than those listed above should be blocked. In particular, the following specific ports are in use by your server and are vulnerable to attack from the Internet unless blocked:
· TCP port 1099. This is used by recipnetd to receive queries from the web application running within tomcat5.
· TCP port 3306. This is used by mysqld to receive SQL database queries from recipnetd.
· TCP port 8005. This is used by tomcat5 to receive shutdown signals from its daemon script.
· TCP port 8009. This is used by tomcat5 to receive requests for JSP files that have been forwarded from httpd.
Red Hat Enterprise Linux includes a host-based firewall program called iptables . If you followed instructions in the Installation chapter to the letter, then iptables is already installed and configured properly. Further configuration can be effected from the GNOME desktop: navigate to the System/Administration menu and launch the Security Level and Firewall program.
For further information about firewalls and ports in use at your organization, please consult with your network administrator.