LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables - what are ports 111 and 514? (http://www.linuxquestions.org/questions/linux-security-4/iptables-what-are-ports-111-and-514-a-813200/)

alee 06-09-2010 02:03 PM

iptables - what are ports 111 and 514?
 
I have configured my fireall to let only EMAIL, HTTP/HTTPS and SSH traffic let through to the web server. I used the following rule

Code:

-A FORWARD -s 0/0 -i eth1 -d 192.168.1.10 -o eth0 -p TCP -m multiport --dports 80,443,110,22 -j ACCEPT

-A FORWARD -d 0/0 -o eth1 -s 192.168.1.10 -i eth0 -p TCP -m state --state ESTABLISHED -j ACCEPT

That is working fine. But when i scanned my 192.168.1.10 computer through some other machine from outside netowkr say (192.168.2.10) through nmap following command
Code:

nmap -sS -O 192.168.1.10
it showed me 2-3 extra ports which are opened i.e.
Code:

22
80
111
443
514

I don't know why 111, 514 are open. Can someone explain this?

unixfool 06-09-2010 02:17 PM

I think it would depend on what rules you bind to your machine's interfaces. Your rules mention eth1. What about the other interfaces (if there are any)? I'd look at the services running on those ports and turn them off (they're obviously running).

anomie 06-09-2010 03:01 PM

Quote:

Originally Posted by alee
what are ports 111 and 514?

For future reference, you can always check on the IANA-registered port numbers / services in /etc/services.

(Interestingly, nmap(1) does not actually query this file, though. It comes with its own list of port num / service mappings.)

unixfool 06-09-2010 03:20 PM

Quote:

Originally Posted by anomie (Post 3998205)
For future reference, you can always check on the IANA-registered port numbers / services in /etc/services.

(Interestingly, nmap(1) does not actually query this file, though. It comes with its own list of port num / service mappings.)

Yeah, that's what I did when I saw the post. To be frank, nmap's list is probably more accurate (although anyone can edit their /etc/services file to accurately reflect the proper services).

alee 06-10-2010 12:12 AM

hey, thanks guys. that helped. I realized that there were few services already running. i looked for these ports on the given reference.
thanks a lot


All times are GMT -5. The time now is 11:50 PM.