I have configured my fireall to let only EMAIL, HTTP/HTTPS and SSH traffic let through to the web server. I used the following rule
-A FORWARD -s 0/0 -i eth1 -d 192.168.1.10 -o eth0 -p TCP -m multiport --dports 80,443,110,22 -j ACCEPT
-A FORWARD -d 0/0 -o eth1 -s 192.168.1.10 -i eth0 -p TCP -m state --state ESTABLISHED -j ACCEPT
That is working fine. But when i scanned my 192.168.1.10 computer through some other machine from outside netowkr say (192.168.2.10) through nmap following command
nmap -sS -O 192.168.1.10
it showed me 2-3 extra ports which are opened i.e.
I don't know why 111, 514 are open. Can someone explain this?