Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-06-2006, 04:59 AM
|
#1
|
LQ Newbie
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17
Rep:
|
Configuring servers (apache, sshd) - strange nmap results
I'm trying to set up my Apache 2 and SSH servers so I can access them from outside (via a DynDNS address). On my localhost, they work perfectly. Nmap sees these open ports:
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
8080/tcp open http-proxy
which looks good to me. However, when I ran nmap on my address from a computer in my university's network, I received this rather unexpected result:
(The 1654 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
113/tcp closed auth
135/tcp closed msrpc
411/tcp closed rmt
412/tcp closed synoptics-trap
1214/tcp closed fasttrack
1412/tcp closed innosys
1421/tcp closed gandalf-lm
1720/tcp open H.323/Q.931
4660/tcp closed mosmig
4672/tcp closed rfa
6346/tcp closed gnutella
12345/tcp closed NetBus
27374/tcp closed subseven
31337/tcp closed Elite
I've got no idea what to make of this. Any help would be appreciated.
|
|
|
07-06-2006, 05:31 AM
|
#2
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Look at your firewall (iptables) settings. Many setups block potentially vulnerable services, such as http, mysql, ssh, smtp, http-proxy. Nmap confirms it.
|
|
|
07-06-2006, 11:17 AM
|
#3
|
LQ Newbie
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17
Original Poster
Rep:
|
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I think that means there are no filter rules defined. (There isn't even a rc.firewall file on my system.)
|
|
|
07-06-2006, 01:17 PM
|
#4
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Maybe your provider is kind enough to leave unprotected ports needed by typical-user applications (gnutella) and protect the ports where many users bind something highly vulnerable (like apache when improperly configured). Maybe you can use gnutella and fasttrack ports (for ssh or authenticated SSL proxy - to pass all the services through such a pipe). Or - don't know - maybe you have chances to ask ISP to open port 22 at least.
|
|
|
07-07-2006, 04:20 PM
|
#5
|
LQ Newbie
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17
Original Poster
Rep:
|
I don't know for sure, but I talked to someone else and he said my ISP should not close any ports. Might be worth investigating though.
I tried moving sshd to port 1214, but still could not connect from outside. When nmapping, I found that the first message I got was
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Sure enough, nmap -P0 then yielded the list of ports I posted above.
Still clueless
|
|
|
07-08-2006, 01:34 AM
|
#6
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Can you run wireshark (or tcpdump at least) while trying to ssh to port 22 and to port 1214? And post what have you seen. You probably will see 'connection prohibited' ICMP packet, what is the source of it?
|
|
|
All times are GMT -5. The time now is 02:26 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|