On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com wrote: > I have a CentOS 4.2 machine. lokkit shows that a firewall is > enabled, and it is customized to allow SSH, Web, and DNS traffic only. > > But if I run nmap against the server IP (from my home machine, > outside the local network) it shows over 1000 open ports. Am I not > understanding nmap, or is there something seriously wrong here? > > Here is a small snip of the nmap output (I can include it all if that > is helpful, but it is quite long): > > (The 202 ports scanned but not shown below are in state: closed) > PORT STATE SERVICE > 1/tcp open tcpmux > 2/tcp open compressnet > 3/tcp open compressnet > 4/tcp open unknown > 5/tcp open rje > 6/tcp open unknown > 7/tcp open echo > 8/tcp open unknown > 9/tcp open discard > 11/tcp open systat > 12/tcp open unknown > 13/tcp open daytime > 14/tcp open unknown > 15/tcp open netstat > 16/tcp open unknown > 17/tcp open qotd > 20/tcp open ftp-data > 22/tcp open ssh > 24/tcp open priv-mail > 25/tcp open smtp > 26/tcp open unknown ---- might as well get a root shell and type... iptables -L and see what's up with that. Craig