Ray Leach pravi:
Your default policy on the FORWARD chain is accept.
On Thu, 2004-02-26 at 14:24, Sasa Stupar wrote:
I have scanned from another machine. Yes, I allow ICMP packets. I have droped them and rescanned the machine but still the same issue. My current ruleset is: --------------------- # Generated by webmin *filter :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :INPUT DROP [0:0] # Loopback -A OUTPUT -o lo -j ACCEPT # Allow self access by loopback interface -A INPUT -i lo -j ACCEPT # Accept established connections -A INPUT -m state -i eth0 --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with tcp-reset # FTP -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT # Telnet -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT # SMTP -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT # NTP -A INPUT -p tcp -m tcp --dport 37 -j ACCEPT # DNS -A INPUT -p udp -m udp -s 192.168.10.111 -d 0/0 --sport 53 -j ACCEPT # HTTP -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --syn # POP3 -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT # Samba -A INPUT -p udp -m udp --dport 137 -j ACCEPT # Samba -A INPUT -p udp -m udp --dport 138 -j ACCEPT # Samba -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT --syn # HTTPS -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # SMTP-SSL -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT # POP3-SSL -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT # Squid Proxy -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT # Xmail CtrlClnt -A INPUT -p tcp -m tcp --dport 6017 -j ACCEPT # XQM agent -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT # Webmin -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT # Drop all other connection attempts -A INPUT -j DROP COMMIT # Generated by webmin *mangle :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] COMMIT # Completed ------------------------
As you can see I have made this rules with webmin. Any hints what is wrong here? BTW I am very very new at firewall.
Sasa
Sven-Ake Larsson pravi:
How did you make scan, from the machine itself or from another machine on the outside? Some rulesets doesn't really work when you are at the same machine. Do you allow any ICMP packets? If so, try to drop them too and scan the machine again. What is your current ruleset? It helps a lot if you can add it to the list.
I believe you'll have the masters answers soon... ;-)
Regards, S
-----Ursprungligt meddelande----- Fran: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]För Sasa Stupar Skickat: den 25 februari 2004 18:01 Till: netfilter@xxxxxxxxxxxxxxxxxxx Ämne: Ports opened without request
Hi!
I have linux RH8 with kernel 2.4.20-28.8, iptables v1.2.8. I have setup a firewall with some tcp ports opened (21,25,80,110,443) for servers. Then I have ran a port scan and scanned all 65535 tcp and udp ports. I was suprised that 3 ports were opened even if I didn't opened them in the configuration. These ports are tcp 389,1002 and 1720. I have tried to block them manually by entering a drop command for these three ports but no success-they are still open. What am I missing here? Is this some problem with iptables?
Sasa
