On Feb 12, 2006, at 3:22 PM, Craig White wrote: > On Sun, 2006-02-12 at 15:17 -0500, jim@xxxxxxxxxxxxxx wrote: >> I have a CentOS 4.2 machine. lokkit shows that a firewall is >> enabled, and it is customized to allow SSH, Web, and DNS traffic >> only. >> >> But if I run nmap against the server IP (from my home machine, >> outside the local network) it shows over 1000 open ports. Am I not >> understanding nmap, or is there something seriously wrong here? >> >> Here is a small snip of the nmap output (I can include it all if that >> is helpful, but it is quite long): >> >> (The 202 ports scanned but not shown below are in state: closed) >> PORT STATE SERVICE >> 1/tcp open tcpmux >> 2/tcp open compressnet >> 3/tcp open compressnet >> 4/tcp open unknown >> 5/tcp open rje >> 6/tcp open unknown >> 7/tcp open echo >> 8/tcp open unknown >> 9/tcp open discard >> 11/tcp open systat >> 12/tcp open unknown >> 13/tcp open daytime >> 14/tcp open unknown >> 15/tcp open netstat >> 16/tcp open unknown >> 17/tcp open qotd >> 20/tcp open ftp-data >> 22/tcp open ssh >> 24/tcp open priv-mail >> 25/tcp open smtp >> 26/tcp open unknown > ---- > might as well get a root shell and type... > > iptables -L > > and see what's up with that. > > Craig > Thanks for the response. Any advice on understanding this is appreciated. [root@ash ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt: 5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject- with icmp-host-prohibited