> Port scans run from the same subnet as you are scanning always show more > ports open than there actually are. For a true evaluation, run the scan > from outside the subnet. Um...no. Port scans run from the same *machine* can be misleading, as many ports that are open on the localhost are blocked by iptables (the line with " -i lo -j ACCEPT" accepts any input from the local machine). In other words, the services shown by "netstat -tap" as listening to ports are often blocked by iptables so that other hosts may not access them. So, nmap scans from other hosts on the same subnet won't be any different from nmap scans from any other host on the internet, unless there is another firewall blocking the path. Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
