LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Find out if ISP is blocking port. *Edited (http://www.linuxquestions.org/questions/general-10/find-out-if-isp-is-blocking-port-%2Aedited-4175444791/)

lupusarcanus 01-09-2013 05:29 AM

Find out if ISP is blocking port. *Edited
 
So I found out my previous ISP was blocking ports.

But I moved and now have different ISP. I searched on Google and couldn't find any definitive info on if they do or don't.

What is a simple way to test if my ISP is blocking ports, and which ones they are blocking?

Hopefully this question is not too general.

EDIT: The simplest way I thought if was to actually install a mail or web server than test it externally. I was hoping for a way I could do it without having to install anything and also find out if other ports are blocked for future reference.

unSpawn 01-09-2013 07:13 AM

Run a nmap scan from outside your LAN and grep for "filtered" results? There's on-line nmap services if you don't have access to a remote machine.

lupusarcanus 01-09-2013 07:29 AM

Quote:

Originally Posted by unSpawn (Post 4866068)
Run a nmap scan from outside your LAN and grep for "filtered" results? There's on-line nmap services if you don't have access to a remote machine.

Code:

Starting Nmap 6.01 ( http://nmap.org ) at 2013-01-09 14:26 Central Europe Standard Time
Nmap scan report for xx.xx.xx.xx (xx.xx.xx.xx)
Host is up.
All 100 scanned ports on xx.xx.xx.xx (xx.xx.xx.xx) are filtered
Nmap done: 1 IP address (1 host up) scanned in 6.54 seconds

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2013-01-09 at 13:37:24

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
  26 Ports Stealth
---------------------
  26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                  - NO unsolicited packets were received,
                  - NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------


unSpawn 01-09-2013 08:24 AM

BTW if you only allow --state ESTABLISHED,RELATED ingress there's now way telling where along the route stuff gets filtered.

lupusarcanus 01-09-2013 09:54 AM

Well, I just setup a web server real quick. I figured that if it worked, I was going to keep it anyway. I forgot that Ubuntu makes it insanely easy to do. It does work, I can connect to it through port 80 externally. Neat!

My last ISP blocked inbound port 80 and a few more as well. Having a personal server was against the ToS. I moved and now have a new ISP. I researched and read every document and from what I gathered it's absolutely fine to run a server as long as its not for commercial/enterprise use. They don't seem to block any ports, but I am going to try the mail server now and see if that sending email back and forth.

unSpawn 01-09-2013 10:05 AM

Quote:

Originally Posted by lupusarcanus (Post 4866229)
Well, I just setup a web server real quick. I figured that if it worked, I was going to keep it anyway. I forgot that Ubuntu makes it insanely easy to do. It does work, I can connect to it through port 80 externally. Neat!

Nice. Best block traffic to TCP/80 until you've properly hardened the machine, tested the service (OpenVAS?) to satisfaction before exposing it again.


Quote:

Originally Posted by lupusarcanus (Post 4866229)
I am going to try the mail server now and see if that sending email back and forth.

I'd argue against running a public MTA unless you need remote web mail or something like that. (Should I mentioning hardening again?) BTW RBLs often flag domestic IP ranges as suspect so you would need to "smarthost" via an acceptable conduit anyway.

lupusarcanus 01-09-2013 10:41 AM

Quote:

Originally Posted by unSpawn (Post 4866235)
I'd argue against running a public MTA unless you need remote web mail or something like that. (Should I mentioning hardening again?) BTW RBLs often flag domestic IP ranges as suspect so you would need to "smarthost" via an acceptable conduit anyway.

I'm going to be the only one using the email. I was thinking about using Roundcube web mail for remote access. If I am flagged as suspect, I could just dump the mail server idea and go back to Gmail without consequences?

Also, how do I mark a thread as solved? I swear that I used to just go to thread tools. I haven't logged in for a year and some change, was this changed?

Oh and as always, thanks. I'll try to give you some more rep if I can if you care for it.

unSpawn 01-09-2013 11:25 AM

Quote:

Originally Posted by lupusarcanus (Post 4866270)
I'm going to be the only one using the email. I was thinking about using Roundcube web mail for remote access. If I am flagged as suspect, I could just dump the mail server idea and go back to Gmail without consequences?

If your email gets rejected just try routing it through your ISPs MTA first.


Quote:

Originally Posted by lupusarcanus (Post 4866270)
Also, how do I mark a thread as solved? I swear that I used to just go to thread tools.

Yes, either thread tools or see the top of this page, just above your first post on the left it should read "Please Mark this thread as solved if you feel a solution has been provided.".


Quote:

Originally Posted by lupusarcanus (Post 4866270)
Oh and as always, thanks. I'll try to give you some more rep if I can if you care for it.

NP. IMHO rep should be given freely, not asked for, influenced or agreed upon. Not that it should matter to you but I personally favor meaningful reputation comments over rep itself.

lupusarcanus 01-09-2013 12:09 PM

1 Attachment(s)
Quote:

Originally Posted by unSpawn (Post 4866301)
Yes, either thread tools or see the top of this page, just above your first post on the left it should read "Please Mark this thread as solved if you feel a solution has been provided.".

Attachment 11562

I'm just not seeing it. I clicked your link and it said it was marking the thread as solved, but didn't update the thread title with the little [SOLVED] prefix.

unSpawn 01-09-2013 12:21 PM

Yeah, forgot. Threads in /General can't be marked [SOLVED].
Kind of makes sense with all those threads about religion, politics and Microsoft Windows :-]

TheIndependentAquarius 01-09-2013 07:02 PM

[deleted] // Huh, couldn't see that it had already been realized that it was /General.
Sorry. [First time I responded before reading further :mad:]


All times are GMT -5. The time now is 07:05 AM.