port 5432 open nmap online but closed status with firewalld and local nmap scan
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
port 5432 open nmap online but closed status with firewalld and local nmap scan
hi-
The online scanners are showing port 5432 open.
My firewalld lissing of all zones, scan of 10.x.x.x for private network, and nmap scan all show it is not open. I get 2 different results from online nmap and local nmap with gui.
Is there a way I can force my computer to recognize that I want 5432 closed?
The most likely case is that the port is open, but something is blocking that port on your end. The online Nmap scan is run from a different network, so it does not have the same restriction.
I might have figured out part of this. I am scanning for viruses now. The modem is connected to my computer. The modem may have some kind of firewall on it. I imagine the port is open on that modem. I don't have the router hooked up yet because I want to be more certain I scan for malware before resetting it. My software firewall is blocking 5432. I had router malware (FBI) on my machine. Trying to get rid of it.
-p port
Specifies the TCP/IP port or local Unix domain socket file extension on which postgres is to listen for connections from client applications. Defaults to the value of the PGPORT environment variable, or if PGPORT is not set, then defaults to the value established during compilation (normally 5432). If you specify a port other than the default port, then all client applications must specify the same port using either command-line options or PGPORT.
If the scan says your port is open then it must be because it is returning a response to the scanner. It is unlikely something other than your server software returning a response.
Here's a scan of my server from pentest-tools.com. Only ports detected open are those I have chosen to be open from the iptables:
Quote:
Starting Nmap ( https://nmap.org ) at 2018-06-02 00:10 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [4 ports]
Completed Ping Scan at 00:10, 0.20s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [100 ports]
Discovered open port 53/tcp on xx.xxx.xxx.xx
Discovered open port 443/tcp on xx.xxx.xxx.xx
Discovered open port 25/tcp on xx.xxx.xxx.xx
Discovered open port 80/tcp on xx.xxx.xxx.xx
Completed SYN Stealth Scan at 00:10, 2.37s elapsed (100 total ports)
Initiating Service scan at 00:10
Scanning 4 services on xxxxxxxxxx.com (xx.xxx.xxx.xx)
Completed Service scan at 00:10, 13.98s elapsed (4 services on 1 host)
NSE: Script scanning xx.xxx.xxx.xx.
Initiating NSE at 00:10
Completed NSE at 00:10, 0.88s elapsed
Initiating NSE at 00:10
Completed NSE at 00:10, 0.00s elapsed
Nmap scan report for xxxxxxxxxx.com (xx.xxx.xxx.xx)
Host is up (0.097s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.9.4
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6)
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
Service Info: OS: Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.15 seconds
Raw packets sent: 196 (8.600KB) | Rcvd: 15 (880B)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.