Hi J, Thanks for the guidance. There's definitely no DNATing/PREROUTING currently set up in the iptables firewall. So, I guess the only thing that could explain port 21 and/or 23 is there must be an ftp daemon using those ports. As for port 80, I wonder if it's got anything to do with Apache running the intranet webserver inside the LAN. I don't believe I've got apache even installed on the routerbox. Well, enough guessing. I'll try some netstat research and see what percolates to the surface. Best regards. Mike On Mon, 13 Sep 2004 08:53:07 -0400, Jason Opperisano <opie@xxxxxxxxxxx> wrote: > > you need to keep in mind that if your netfilter box is performing > MASQ/SNAT for your LAN machines--the IP being scanned by grc.com is the > public IP of the netfilter box. > > unless your doing some DNATs to machines on your LAN--you should focus > your efforts on the netfilter machine itself. > > "netstat -lntu" would be a good place to start. > > i've always questioned the output of web-based scanners like grc.com; > however, i just went to grc.com and tried it out, and achieved a > *perfect* "TruStealth" rating...which must mean i'm super l33t like > stevie... :-P > > -j > > -- > Jason Opperisano <opie@xxxxxxxxxxx> > >
