Hi. > On Sat, 2004-09-11 at 19:09, Mike wrote: > > Hi Group: > > > > I've tested for open ports from all the LAN clients behind my linux > > box router/gateway/firewall and all of them come up with the same > > results: port 21, 23, and 80 are open according to the results of the > > Steve Gibson Shields Up test. > > > > I can't figure out how this can be happening. > > I've run a full nmap -P0 (that's a zero) on all my local ip addresses > > - 192.168.169.* > > you need to keep in mind that if your netfilter box is performing > MASQ/SNAT for your LAN machines--the IP being scanned by grc.com is the > public IP of the netfilter box. > > unless your doing some DNATs to machines on your LAN--you should focus > your efforts on the netfilter machine itself. > > "netstat -lntu" would be a good place to start. > > i've always questioned the output of web-based scanners like grc.com; > however, i just went to grc.com and tried it out, and achieved a > *perfect* "TruStealth" rating...which must mean i'm super l33t like > stevie... :-P For whatever it may be worth: I have linux 2.6.0 running on my firewall machine, and 2.6.9-rc1 running on a machine behind it, and I get (and have always gotten) a *perfect* TruStealth result relative to both machines. jbh
