[SOLVED] iptables

alee · 06-09-2010, 02:03 PM

I have configured my fireall to let only EMAIL, HTTP/HTTPS and SSH traffic let through to the web server. I used the following rule

Code:

-A FORWARD -s 0/0 -i eth1 -d 192.168.1.10 -o eth0 -p TCP -m multiport --dports 80,443,110,22 -j ACCEPT

-A FORWARD -d 0/0 -o eth1 -s 192.168.1.10 -i eth0 -p TCP -m state --state ESTABLISHED -j ACCEPT

That is working fine. But when i scanned my 192.168.1.10 computer through some other machine from outside netowkr say (192.168.2.10) through nmap following command

Code:

nmap -sS -O 192.168.1.10

it showed me 2-3 extra ports which are opened i.e.

Code:

I don't know why 111, 514 are open. Can someone explain this?

unixfool · 06-09-2010, 02:17 PM

I think it would depend on what rules you bind to your machine's interfaces. Your rules mention eth1. What about the other interfaces (if there are any)? I'd look at the services running on those ports and turn them off (they're obviously running).

anomie · 06-09-2010, 03:01 PM

Quote:

Originally Posted by alee

what are ports 111 and 514?

For future reference, you can always check on the IANA-registered port numbers / services in /etc/services.

(Interestingly, nmap(1) does not actually query this file, though. It comes with its own list of port num / service mappings.)

unixfool · 06-09-2010, 03:20 PM

Quote:

Originally Posted by anomie

For future reference, you can always check on the IANA-registered port numbers / services in /etc/services.

(Interestingly, nmap(1) does not actually query this file, though. It comes with its own list of port num / service mappings.)

Yeah, that's what I did when I saw the post. To be frank, nmap's list is probably more accurate (although anyone can edit their /etc/services file to accurately reflect the proper services).

alee · 06-10-2010, 12:12 AM

hey, thanks guys. that helped. I realized that there were few services already running. i looked for these ports on the given reference.
thanks a lot