LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page IP Tables shows port open, nmap shows port closed
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-09-2014, 12:25 PM   #1
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Rep: Reputation: 0
IP Tables shows port open, nmap shows port closed

On my machine I have the following in iptables :

Code:
[root@new-dev conf.modules.d]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:5000 state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
But nmap is showing :

Code:
[ta@tom-ws01 ~]$ nmap -sT new-dev

Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-09 10:18 PDT
Nmap scan report for new-dev (10.0.38.20)
Host is up (0.0032s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds
[ta@tom-ws01 ~]$ nmap -sT new-dev -p 8000

Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-09 10:21 PDT
Nmap scan report for new-dev (10.0.38.20)
Host is up (0.0015s latency).
PORT     STATE  SERVICE
8000/tcp closed http-alt

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Not sure what is going on? Thoughts?

Thanks!
 
Old 09-09-2014, 03:46 PM   #2
tkinsella
Member
 
Registered: Dec 2005
Distribution: CentOS 6.5
Posts: 45

Original Poster
Rep: Reputation: 0
UPDATE:

I've disabled IP Tables.

netstat -tulpn shows the port is LISTEN

nmap shows port is closed still
 
Old 09-09-2014, 08:09 PM   #3
es0teric
Member
 
Registered: Apr 2007
Distribution: Ubuntu
Posts: 105

Rep: Reputation: 19
Can you telnet to whatever service is listening on port 8000?
 
Old 09-12-2014, 02:36 AM   #4
yzT!
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 168

Rep: Reputation: 2
maybe is it a local service? do a nmap -sT localhost -p 8000 to see whether it reports it as open
 
Old 09-12-2014, 02:43 AM   #5
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 91
Your iptables configuration does not block anything. To block any incoming packets, you need INPUT-rules with targets DROP/REJECT or (even better) an INPUT policy DROP. From iptables' view, everything is open.

For a port to be really open, you need a program listening to that port. As yzT! suggested, maybe your program does only listen to the loopback interface. What is the exact output of the netstat command:

Code:
netstat -tlpn
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP port shows as closed, but no firewall jnojr Linux - Newbie 3 02-18-2010 07:16 PM
Tried to open a port, but nmap says it is still closed ErrorBound Debian 2 06-06-2007 06:41 AM
nmap shows port 80 open on WAN IP scan. NuxIT Linux - Security 10 06-24-2006 01:21 AM
nmap shows port 21 open, but no ftp service running ? epoo Linux - Networking 3 12-21-2003 08:16 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:34 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration