On Feb 12, 2006, at 3:22 PM, Craig White wrote:
On Sun, 2006-02-12 at 15:17 -0500, jim@datamantic.com wrote:
I have a CentOS 4.2 machine. lokkit shows that a firewall is enabled, and it is customized to allow SSH, Web, and DNS traffic only.
But if I run nmap against the server IP (from my home machine, outside the local network) it shows over 1000 open ports. Am I not understanding nmap, or is there something seriously wrong here?
Here is a small snip of the nmap output (I can include it all if that is helpful, but it is quite long):
(The 202 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 1/tcp open tcpmux 2/tcp open compressnet 3/tcp open compressnet 4/tcp open unknown 5/tcp open rje 6/tcp open unknown 7/tcp open echo 8/tcp open unknown 9/tcp open discard 11/tcp open systat 12/tcp open unknown 13/tcp open daytime 14/tcp open unknown 15/tcp open netstat 16/tcp open unknown 17/tcp open qotd 20/tcp open ftp-data 22/tcp open ssh 24/tcp open priv-mail 25/tcp open smtp 26/tcp open unknown
might as well get a root shell and type...
iptables -L
and see what's up with that.
Craig
Thanks for the response. Any advice on understanding this is appreciated.
[root@ash ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt: 5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject- with icmp-host-prohibited