LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-07-2004, 08:17 PM   #1
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Rep: Reputation: 15
iptables and nmap


I'm confused.
If I dont specifically tell iptables to REJECT port 40000, how come it shows up as CLOSED when I nmap it from a foreign IP?
Basically, I have it setup like this:
"
ipt=/sbin/iptables
$ipt -A INPUT -p tcp --dport 1:21 -j REJECT
$ipt -A INPUT -p tcp --dport 23:79 -j REJECT
$ipt -A INPUT -p tcp --dport 81:112 -j REJECT
$ipt -A INPUT -p tcp --dport 114:1000 -j REJECT
"
The ports in between (22,80,113) I ofcourse want opened.
Anyways, as you can see, I dont really close any ports above 1000.

If I nmap myself from an internet IP, the result in nmap becomes enormous. It shows every port there is as CLOSED, besides the ones I just specified of course.
Here's the funny part; If I remove the REJECT rules, the nmap result turns back those that are open, and nothing else.
Can someone tell me why this is?
Hopefully this explanation was good enough.

Last edited by dekket; 02-08-2004 at 06:51 AM.
 
Old 02-07-2004, 10:30 PM   #2
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Do you have anything (service/program) that is running that is listening to port 40000? If nothing is listening on that port then it will be closed.

You should consider changing your rules to something more like this....
Code:
iptables -P INPUT DROP

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
ect.....
It is more manageable this way and it could possibly help fix some of the unexplainable behavior.

Last edited by benjithegreat98; 02-07-2004 at 10:50 PM.
 
Old 02-08-2004, 06:49 AM   #3
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Original Poster
Rep: Reputation: 15
No, there is no service running on that port, but as i said before its not that port specifically, its every port above 1000 ( 1001-> ).
I've tried setting the default policy to DROP or REJECT, but that makes my glftpd server deny passive connections, which I'm no fan of. glftpd aint on all the time, and I have the port filtered to certain IPs, thats why I decided not to include it in the explanation above.
 
Old 02-08-2004, 08:11 AM   #4
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Quote:
"If I remove the REJECT rules, the nmap result turns back those that are open, and nothing else."
Does the screen output say anything about the other x number of ports being filtered or closed without specifying what the ports are? Or does it report what's open and that's it...

Example:
Interesting ports on 176.16.1.1:
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
.....



Have you considered trying a different ftp server? Vsftpd maybe? http://freshmeat.net/projects/vsftpd/ If plftpd is rejecting the connections then a different ftp server may help the situation. Or it could be that your firewall is rejecting the connection.
 
Old 02-09-2004, 02:41 AM   #5
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Original Poster
Rep: Reputation: 15
benjithegreat98, it shows like in your example...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 01:08 AM
iptables, nmap and active ftp connections Bug Linux - Security 3 06-14-2004 01:14 PM
nmap im1crazyassmofo Linux - Security 4 01-14-2003 05:28 PM
checking iptables with nmap jetfreggel Linux - Networking 28 11-23-2002 05:32 PM
Nmap MikeeX Linux - Security 3 05-22-2002 06:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration