Phill wrote:
I know this isn't RHEL support, but I thought I'd ask this question anyways, see if you gurus know what might be going on. I have a rhel 5 web/ftp server. I'm using iptables to filter all ports except 21 and 80. Yet if I do an nmap of the server, this is the output I get.
-------------------------------
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
1720/tcp open H.323/Q.931
FYI: http://www.packetizer.com/ipmc/h323/papers/primer/
VOIP, do you run Vonage or Skype? In any case the port is open, but nothing is
listening (at the time you ran the probe).
6000/tcp closed X11
6001/tcp closed X11:1
6002/tcp closed X11:2
6003/tcp closed X11:3
6004/tcp closed X11:4
6005/tcp closed X11:5
6006/tcp closed X11:6
6007/tcp closed X11:7
6008/tcp closed X11:8
6009/tcp closed X11:9
6017/tcp closed xmail-ctrl
6050/tcp closed arcserve
I *think* this is one of those cases where the port generates a REJECT vs. DROP
in iptables, meaning that instead of ignoring packets it returns a "go away"
ICMP packet of some kind.
---------------------------------
Note the listening port 1720, netstat shows no service listening
Should be irrelevant since the only traffic I'm accepting is port 21 and port 80, and related established. Shouldn't this output just show me port 21 and port 80 open and nothing else?
Related discussion: I wish I could return a "host unreachable" packet which made
it look as if there was no computer on the net. AFAIK you can't, because the
source IP is that of the host which can't be reached, and most ISPs get unhappy
if you SNAT the packet to appear to come from their router. At least mine do, I
tried, and one called me while the other dropped the packet.
In any case you're protected.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines