So after some battling and struggling with the firewall, i see that I may be doing something or the firewall isnt responding correctly there is has a port filter that is blocking certain ports.
Okay, here is what I did:
I made some changes to my iptables file, giving me endless issues and so I restored the iptables.old file
contents of iptables.old:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
after iptables.old restore(back to stock), nmap scan shows:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:54 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.014s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
113/tcp closed ident
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 4.95 seconds
if I append rule: (to accept all tcp ports incoming to server on interface eth0)
iptables -A INPUT -i eth0 -m tcp -j ACCEPT
nmap output:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:58 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.017s latency).
Not shown: 858 filtered ports, 139 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 3.77 seconds
*notice it allows and opens port 443 but no other ports, and it removes port 113...?
removing previous rule and
if I append rule: (allow and open port 80 incoming to server on interface eth0)
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
nmap output:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:01 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.014s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
113/tcp closed ident
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 5.12 seconds
*notice it removes port 443 and allows 80 but is closed
without removing previous rule and
if I append rule: (allow and open port 1723 incoming to server on interface eth0)
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT
nmap output:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:05 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.015s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
113/tcp closed ident
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds
*notice no change in ports opened or closed???
after removing rules:
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT
nmap output:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.015s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
113/tcp closed ident
Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds
and returning rule: (to accept all tcp ports incoming to server on interface eth0)
iptables -A INPUT -i eth0 -m tcp -j ACCEPT
nmap output:
nmap [server ip]
Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST
Nmap scan report for server.address.net ([server ip])
Host is up (0.017s latency).
Not shown: 858 filtered ports, 139 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 3.87 seconds
notice the eth0 changes the 999 filtered ports to 858 filtered ports, 139 closed ports
QUESTION:
why cant I allow and/or open a specific port, eg. I want to allow and open port 443, it doesnt allow it, or even 1723 for pptp, why am I not able to???
sorry for the layout, the editor was give issues (aswell... sigh)
No comments:
Post a Comment