Michael A Peters: >> You are probably using iptables to block an external IP address and >> using nmap on an internal IP address. >> >> Try running nmap from a different machine. Strong: > THank You, but is there a way I can inspect my open ports from within > my machine? To see what outsiders can access, you really do want to test from an outside address (there are websites that provide probing services). Even running a test from another PC inside your network is only a test for that situation (it doesn't represent what an outsider can do). Internally, a machine has at least two addresses. The internal 127.0.0.1 local loopback, which *only* works internally to the same machine. And any interfaces to the outside world. Running a test on the box doesn't test the hardware, if you try scanning an ethernet port, you only test the internal networking, it doesn't actually go through the hardware. You can see what ports are in use and open with netstat, but that doesn't show what's available/blocked to outsiders. And any other networking hardware between your PC and the outside world plays a role in testing what ports are accessible. > More over, I set in iptables simply reject all - why it matters which > address (internal/external)? If you truly rejected all, you'd find a lot of things wouldn't work, like X. The local display runs through the network, even if it's the 127.0.0.1 one. If you're creating firewall rules you certainly do want to make a differentiation between internal and external. You don't want to be a spammer's pet mail server, for instance. Nor do you want to expose CUPS or X to the WWW. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
