RE: Iptables can't close port 25 and 110
I know the difference between 'rejecting' and 'dropping' packages but
how come iptables -P INPUT DROP will close of port 80.
Ronald
-----Original Message-----
From: Raffaele D'Elia [mailto:R.DElia@starcomitalia.com]
Sent: maandag 26 januari 2004 13:04
To: debian-firewall@lists.debian.org
Subject: Re: Iptables can't close port 25 and 110
-----Original Message-----
From: "Ronald Laarman" <ronald@laarman.xs4all.nl>
To: <debian-firewall@lists.debian.org>
Date: Mon, 26 Jan 2004 10:49:51 +0100
Subject: Iptables can't close port 25 and 110
> Hi,
>
> I'm running a debain server (3.0 Woody) with iptables. I'm using
> 'Arno's IPTABLES Firewall Script' to make life a little easier
> (http://freshmeat.net/projects/iptables-firewall/?topic_id=151).
>
> I can open and close port very easy using this script, but for some
> strange reason I cant close ports 25 and 110. First I thought this
> script was the problem, so I removed this script and configured
> iptables by hand and discovered the following:
>
> Even if I drop all incomming traffic (iptables -P INPUT DROP) a
> remotely run portscan will detect port 25, but it doesn't show what is
> listening on that port (exim).
>
> I have exim configured to only handle local-delivery, but even if I
> remove exim (apt-get remove exim) the ports stay open. So even if I
> don't have anyting listening on port 25 or 110, a remotely run
> portscan wil detect ports 25 and 110.
>
> I hope someone could help me get rid of this strang problem.
An unused port reject incoming connection sending back with a rst to the
sender.
If you drop incoming connection to port 110, nothing will return from
your host. No rst packet. So I know you have filtered the incoming
packet.
Moreover if you filters only syn packets I can test in other ways your
box.
Bye. Radel
************************************************************************
**
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale. Qualora non foste i destinatari, vogliate
immediatamente informarci con lo stesso mezzo ed eliminare il messaggio,
con gli eventuali allegati, senza trattenerne copia. Qualsivoglia
utilizzo non autorizzato del contenuto di questo messaggio costituisce
violazione dell'obbligo di non prendere cognizione della corrispondenza
tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile
alle relative conseguenze civili e penali.
This message is being sent from Starcom Italia Srl and may contain
information which is confidential or privileged. If you are not the
intended recipient, please advise the sender immediately by reply e-mail
and delete this message and any attachments without retaining a copy.
Any unauthorized use of the content of this message is a breach of your
duty to respect the confidentiality of the correspondence between other
persons and can expose the responsible party to civil and/or criminal
penalties, and may constitute a more serious offense.
************************************************************************
**
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: