LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-24-2004, 10:21 PM   #1
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Rep: Reputation: 15
Filtered port with no firewall


Sorry guys, i admit, i am new to Linux, and can't get this to work for the life of me. My router is forwarding requests for ports 80 and 21 (for now) to my server. I have apache2 and proFTPD both running. And from other computers on the internal network i can connect to both of them, and they work just fine. However, any connections from an external IP address don't work. When running nmap to scan for open ports, i see 443 and 3306 (Mysql is installed and running) both open, but the rest as "filtered" which leads me to believe a firewall is intercepting the packets...

I have tried killing the firewall via the GUI, and have tried manually adding iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT (when the firewall is running), but neither leave the port open...

Some background: running Fedora Core2, using Gnome...
any suggestions?
 
Old 06-24-2004, 10:33 PM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Can you please post the output of

#iptables -nvL // I seem addicted to this command ... I seem to type this on each post that I respond to
 
Old 06-24-2004, 10:38 PM   #3
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
sorry about that, when I have the firewall on, -nvL outputs the following:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited


Side note (this is my linux newbness kicking in): Is there a way to turn on/off the firewall easily?
Until now ive been going into the Fedora GUI and hitting "off" or "on"
 
Old 06-24-2004, 10:46 PM   #4
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
And this is after a few min, a port scan, and an attemp to pull up the http from externally....
(and loading this page a few times):
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3474 707K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1926 packets, 246K bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
20 1294 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
2387 654K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1067 51629 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
 
Old 06-24-2004, 11:04 PM   #5
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
To turn off iptables,

#service iptables stop.
 
Old 06-24-2004, 11:44 PM   #6
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
figured it was something simple =P
any answer to my original question anyone?
 
Old 06-25-2004, 12:08 AM   #7
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
After turning off iptables, are you able to connect to your webserver from an external address?
 
Old 06-25-2004, 12:32 AM   #8
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
nope, no connection from externally after running the command "#service iptables stop"
port scan shows port 80 and 21 as "filtered" (nmap) (actually it shows NO ports, and justs says "the ports not listed are "filtered"")
 
Old 06-25-2004, 03:45 AM   #9
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
does your router do any kind of filtering
 
Old 06-25-2004, 11:51 AM   #10
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
that was what i thought the problem was originally, but I have it doing port forwarding, and have tried DMZ..
I've also called Belkin about it, and I can get it to port forward just fine to my main comp (WinXP).. So the guy at belkin said it wouldn't be a router problem (router should forward to any type of comp just fine... as all packets are the same)...
I believed him...
Make sense...
any other ideas?
 
Old 06-25-2004, 11:55 AM   #11
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Where does the gateway on your linux box point to?

#route -nv

or

#netstat -nr
 
Old 06-25-2004, 02:39 PM   #12
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
nothing... with iptables off and on, neither of those commands produce anything....
this good or bad?
 
Old 06-25-2004, 03:48 PM   #13
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
ok
im going to go through what i did on this server, and you guys tell me if i missed something, or did something wrong someplace..
Installed Fedora Core 2 (No Firewall) No server components (Only server admin tools)
Installed Mysql using 4 RPMs (Server, Client, Libraries, Dynamic Libraries)
Installed Apache2 using --enable-so
Installed PHP4.3.7 using --with-apxs2=.................. and --with-mysql
Installed ProFTPd with no extra tags...
Config'd the .conf files to how i needed them (added PHP in the apache conf, and set up the proftpd one the way i wanted it)

And now im here...
 
Old 06-25-2004, 10:30 PM   #14
ImpactDNI
Member
 
Registered: Jun 2004
Posts: 124

Original Poster
Rep: Reputation: 15
any ideas anyone?
 
Old 06-26-2004, 02:37 AM   #15
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
please post the output of

#netstat -nr

and

#/sbin/ifconfig -a


Perhaps your default gateway is not set.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port closed/filtered? name_in_use450 Linux - Security 3 09-06-2004 05:52 PM
port 80 filtered but y bladrag Linux - Networking 1 02-19-2004 10:28 AM
filtered port juanb Linux - Security 1 01-29-2004 08:39 PM
Filtered FTP Port chrisk5527 Linux - General 1 01-05-2004 05:59 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration