LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-06-2006, 04:59 AM   #1
usg
LQ Newbie
 
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17

Rep: Reputation: 0
Configuring servers (apache, sshd) - strange nmap results


I'm trying to set up my Apache 2 and SSH servers so I can access them from outside (via a DynDNS address). On my localhost, they work perfectly. Nmap sees these open ports:

(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
8080/tcp open http-proxy

which looks good to me. However, when I ran nmap on my address from a computer in my university's network, I received this rather unexpected result:

(The 1654 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
113/tcp closed auth
135/tcp closed msrpc
411/tcp closed rmt
412/tcp closed synoptics-trap
1214/tcp closed fasttrack
1412/tcp closed innosys
1421/tcp closed gandalf-lm
1720/tcp open H.323/Q.931
4660/tcp closed mosmig
4672/tcp closed rfa
6346/tcp closed gnutella
12345/tcp closed NetBus
27374/tcp closed subseven
31337/tcp closed Elite

I've got no idea what to make of this. Any help would be appreciated.
 
Old 07-06-2006, 05:31 AM   #2
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Look at your firewall (iptables) settings. Many setups block potentially vulnerable services, such as http, mysql, ssh, smtp, http-proxy. Nmap confirms it.
 
Old 07-06-2006, 11:17 AM   #3
usg
LQ Newbie
 
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17

Original Poster
Rep: Reputation: 0
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I think that means there are no filter rules defined. (There isn't even a rc.firewall file on my system.)
 
Old 07-06-2006, 01:17 PM   #4
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Maybe your provider is kind enough to leave unprotected ports needed by typical-user applications (gnutella) and protect the ports where many users bind something highly vulnerable (like apache when improperly configured). Maybe you can use gnutella and fasttrack ports (for ssh or authenticated SSL proxy - to pass all the services through such a pipe). Or - don't know - maybe you have chances to ask ISP to open port 22 at least.
 
Old 07-07-2006, 04:20 PM   #5
usg
LQ Newbie
 
Registered: Oct 2005
Location: Aachen, DE
Distribution: Mandriva 2009
Posts: 17

Original Poster
Rep: Reputation: 0
I don't know for sure, but I talked to someone else and he said my ISP should not close any ports. Might be worth investigating though.

I tried moving sshd to port 1214, but still could not connect from outside. When nmapping, I found that the first message I got was

Note: Host seems down. If it is really up, but blocking our ping probes, try -P0

Sure enough, nmap -P0 then yielded the list of ports I posted above.

Still clueless
 
Old 07-08-2006, 01:34 AM   #6
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Can you run wireshark (or tcpdump at least) while trying to ssh to port 22 and to port 1214? And post what have you seen. You probably will see 'connection prohibited' ICMP packet, what is the source of it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Different nmap results Andriy Linux - Security 3 06-01-2006 09:22 AM
nmap scan results ! dimgr Linux - Security 3 01-21-2005 01:39 PM
nmap scan results juanb Linux - Security 5 11-16-2004 03:31 AM
nmap results djcomplex Linux - Software 3 03-20-2004 02:46 PM
nmap results richlawson Linux - Security 6 12-16-2003 04:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration