HI,
Something isn't clear , i didn't find in the doc/faq a list of needed open ports for a basic virtualmin installation; I mean, i'm making my iptables rules, so in webmin->server->linux firewall , i made some rules;
When i run nmap , i saw some ports are open but they don't figure in my iptables rules..
For exemple
port 21 is close in my iptables rules but nmap says open
nmap says also :
port 445/tcp filtered microsoft-ds , 111 rpcbind open ,587 submission open.
So questions : i never open or add rules for port 445 , 111 , 587 in my iptables rules..So if first politic is DROP , how is possible ?
Is vitualmin open thoses ports somewhere or in different place of iptables ? ( i use /etc/iptables.up.rules )
Whats the first rules -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT in default up.rules , i never use that before
Thanks , Jess
Howdy,
What rules do you see if you run the command "iptables -L -n"? Those are the rules setup on your system now, do you see any that you didn't add?
If not, it may be that another system between where you ran the nmap, and your server, is causing the results you're seeing.
For example, it's possible that your ISP is doing some kind of blocking with port 445, and maybe redirecting port 587 to their own mail server.
-Eric
output of iptables -L -n respect my rules and seems correct , but when i run on my personal desktop : nmap IP OF MY SERVER , result is strange, says my port 21 is open , 445/tcp filtered microsoft-ds , 111 rpcbind open ,587 submission open;
i attached my output iptables and the output of nmap scan
Is it possible the nmap scan says wrong ?!
the the first rules -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT in default up.rules isn't essencial right ?! i never use thise rule before
thanks for help, Jess
Please put shell outputs in
[code]
[/code] tags, otherwise they lose linebreaks and become unreadable.i edited my post and attach files to be more clear and readable,scuse
To verify that what nmap claims, namely that your server listens on some port while they should be blocked by the firewall, you can run
tcpdump tcp port N
on your server, replace N with the port number. Then you'll see if those packets are answered by your server or if the firewall drops/rejects them.If they get rejected, you should see something like this:
This means the IP 1.2.3.4 tried to connect to your server on 5.6.7.8 (the first packet with flags S meaning SYN), and the server rejected in the second packet (flags REJECT ACK).
If you get only one line, the SYN one, it means that the firewall dropped the packet.
(tcpdump sees packets before the firewall, that's why they will show up there, if they arrive at the server, even if iptables drops them.)
If you don't see those packets arrive at all, but nmap still says "port open", the connections are processed elsewhere on the routing path.
it help me to resolve the pb , there was some misconfiguration of my part..
thanks , jess
Related documentation at http://webmin.com/firewall.html
- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community