[CentOS] nmap showing lots of ports open that shouldn't be

Sun Feb 12 20:41:04 UTC 2006
Scot L. Harris <webid at cfl.rr.com>

On Sun, 2006-02-12 at 15:30 -0500, Jim Bassett wrote:
> On Feb 12, 2006, at 3:22 PM, Craig White wrote:
> 
> > On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com wrote:
> >> I have a  CentOS 4.2 machine. lokkit shows that a firewall is
> >> enabled, and it is customized to allow SSH, Web, and DNS traffic  
> >> only.
> >>
> >> But if I run nmap against the server IP (from my home machine,
> >> outside the local network) it shows over 1000 open ports. Am I not
> >> understanding nmap, or is there something seriously wrong here?

> > might as well get a root shell and type...
> >
> > iptables -L
> >
> > and see what's up with that.
> >
> > Craig
> >
> 
> Thanks for the response. Any advice on understanding this is  
> appreciated.
> 
> [root at ash ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere

Looks like the rules above are accepting anything for that server.  The
order of the rules makes a big difference.