Your default policy on the FORWARD chain is accept. On Thu, 2004-02-26 at 14:24, Sasa Stupar wrote: > I have scanned from another machine. Yes, I allow ICMP packets. I have > droped them and rescanned the machine but still the same issue. > My current ruleset is: > --------------------- > # Generated by webmin > *filter > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :INPUT DROP [0:0] > # Loopback > -A OUTPUT -o lo -j ACCEPT > # Allow self access by loopback interface > -A INPUT -i lo -j ACCEPT > # Accept established connections > -A INPUT -m state -i eth0 --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with tcp-reset > # FTP > -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT > # Telnet > -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT > # SMTP > -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT > # NTP > -A INPUT -p tcp -m tcp --dport 37 -j ACCEPT > # DNS > -A INPUT -p udp -m udp -s 192.168.10.111 -d 0/0 --sport 53 -j ACCEPT > # HTTP > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --syn > # POP3 > -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT > # Samba > -A INPUT -p udp -m udp --dport 137 -j ACCEPT > # Samba > -A INPUT -p udp -m udp --dport 138 -j ACCEPT > # Samba > -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT --syn > # HTTPS > -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT > # SMTP-SSL > -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT > # POP3-SSL > -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT > # Squid Proxy > -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT > # Xmail CtrlClnt > -A INPUT -p tcp -m tcp --dport 6017 -j ACCEPT > # XQM agent > -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT > # Webmin > -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT > # Drop all other connection attempts > -A INPUT -j DROP > COMMIT > # Generated by webmin > *mangle > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > COMMIT > # Completed > # Generated by webmin > *nat > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > COMMIT > # Completed > ------------------------ > > As you can see I have made this rules with webmin. > Any hints what is wrong here? BTW I am very very new at firewall. > > Sasa > > > Sven-Ake Larsson pravi: > > >How did you make scan, from the machine itself or from another machine on > >the outside? Some rulesets doesn't really work when you are at the same > >machine. > >Do you allow any ICMP packets? If so, try to drop them too and scan the > >machine again. > >What is your current ruleset? It helps a lot if you can add it to the list. > > > >I believe you'll have the masters answers soon... ;-) > > > >Regards, > >S > > > >-----Ursprungligt meddelande----- > >Fran: netfilter-admin@xxxxxxxxxxxxxxxxxxx > >[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]För Sasa Stupar > >Skickat: den 25 februari 2004 18:01 > >Till: netfilter@xxxxxxxxxxxxxxxxxxx > >Ämne: Ports opened without request > > > > > >Hi! > > > >I have linux RH8 with kernel 2.4.20-28.8, iptables v1.2.8. I have setup > >a firewall with some tcp ports opened (21,25,80,110,443) for servers. > >Then I have ran a port scan and scanned all 65535 tcp and udp ports. I > >was suprised that 3 ports were opened even if I didn't opened them in > >the configuration. These ports are tcp 389,1002 and 1720. > >I have tried to block them manually by entering a drop command for these > >three ports but no success-they are still open. > >What am I missing here? Is this some problem with iptables? > > > >Sasa > > > > > > > > > > > > > -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
