Applying iptables rules / don't seem to work once I change them
Okay, I think I am retarded when it comes to iptables. I modified Plesk's standard iptables config script file, just to have the basics there. Now it looks like this:
Code:
#!/bin/sh Thanks. |
If you do iptables --list, that shows the current rule set -- there's no separate "apply" step needed.
Quote:
|
It depends on your distro, which you haven't mentioned.
Can you also show iptables -L and the output of nmap? I don't even have a bagzillion ports, let alone open ones. |
plpl303, I am scanning from a remote machine, my own computer. I don't know much about iptables, just modified Plesk's firewall to pass minimum traffic...
billymayday, this one is hosted on mediatemple's centos, not sure of version. here's output of iptables -l: Code:
Chain INPUT (policy DROP) |
Quote:
iptables --list --verbose I suspect this one is the one for the loopback interface, since that rule is being added right after the --state INVALID rule. In other words, if you see something like 1000 110K ACCEPT all -- lo any anywhere anywhere then it's a loopback-only rule. Oh, you might also try replacing /sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset with /sbin/iptables -A INPUT -p tcp -m state --state NEW -j REJECT --reject-with tcp-reset |
yeah, that's a loopback rule, and that line that you recommended does bad stuff to server - request times out, or it can't connect.... :(
|
You shouldn't need
Quote:
Can you show that nmap output (run it from an external machine if possible)? Actual version will be in /etc/redhat-release, but knowing it's CentOS is enough. I have basic firewall running, then from rc.local, call a script that flushes the tables and enters new rules (much like yours, but somewhat more of them). There are various ways to do it on RH distros, but I find this simple, portable, etc. |
here's just a sample output for: "nmap -T Aggressive -A -v .com"
I don't know what's going on anymore, every time it seems to find a random huge number of open ports. I am scanning from my own computer, which is a remote one for that ip... what are all these open ports?! Code:
Starting Nmap 4.68 ( http://nmap.org ) at 2008-10-20 22:14 Central Daylight Time |
this is really weird, i scanned it again, and it shows 1715 ports open... ports like pcanywhere (65301), Elite (31337), subseven (27374) and a whole bunch of others. Have I been hacked? MediaTemple refuses to help since they say it's a dedicated virtual and not their concern...
|
could it be somehow that the firewall simply lets thru a lot of the packets? because i don't even think the server is running all the programs nmap lists, like vnc or pcanywhere. those are not even installed...
|
Quote:
So would this (or something like it) do what you want? iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT iptables -A INPUT -m tcp -p tcp --dport 443 -j ACCEPT iptables -A INPUT -m state --state NEW -j REJECT The first rule says "pass any traffic that is related to an existing connection or part of an existing connection The second says "pass any traffic that is destined for the web server port (80)" The third says "pass any traffic destined for port 443" The fourth says "reject any incoming connection attempt" (but since we've already passed 80 and 443 and any established connections, those packets should continue to be passed through). |
What does
netstat -taup show? Does netstat think there are open ports? Does it know anything about the programs that are supposedly holding them open? |
plpl303, netstat -taup shows only 10 or so of the processes listening to ports - the ones that i know are supposed to be there, like pop3, ssh, plesk, and all of those. it doesn't show, or mention, any of the hundreds that nmap shows as "open". i don't know why the rules don't work, since i am basically modifying plesk's standard rules by commenting out a few incoming ones that are allowed...
|
I take it you only have one NIC on this machine?
|
ahhh. i am kinda a newbie when it comes to networking, and retarded when it comes to security. what is nic? the machine that this is hosted on is a dedicated virtual on mediatemple host... i have no idea what they have.
|
All times are GMT -5. The time now is 04:05 AM. |