Re: iptables and nmap
On 6/7/07, Joan Hérisson <herisson@epigenomique.genopole.fr> wrote:
Hello,
Config:
- Debian 2.4.18
- iptables with many rules
Problems:
- I have installed a tomcat 5.5 server. The server is unreachable
(connection failed from locahost or another host on my local network).
Tries:
- I have to open port 8080. I have this rule in /etc/init.d.firewal-start :
"iptables -A tcp_packets -p TCP -i eth0 -s 0/0 --dport 80 -j
allowed"
Well, i don't know what iptables version are you using, but, AFAIK is
not "allowed" is "ACCEPT" what you need.
Another thing you can take in mind is upgrade your kernel, unless you
are (still) using woody, 'cause Sarge has become old-stable branch of
Debian distribution.
where eth0 is the way toward the internet.
So I added this rule :
"iptables -A tcp_packets -p TCP -i eth1 -s 0/0 --dport 8080 -j
allowed"
where eth1 is the way toward my local network
Results:
- The server is still unreachable.
- When I do nmap localhost, I have port 80 open but not 8080.
- When I comment out the line for port 80 in firewall-start and I restart
firewall, I do nmap localhost, port 80 is still open.
man nmap:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
And if you have port 80 "OPEN" that's because you have some webserver
running in your machine (maybe apache?)
I do not find the link between iptables rules and nmap.
Some ideas ?
Thank you,
Joan
ps: sorry for my english.
Your english is not so bad, if you compare with mine :-)
_________________
Post-doc GENNETEC
Programme d'Épigénomique, Genopole(r)
Tour Évry2, 10č étage
523 Terrasses de l'Agora
91034 ÉVRY cedex
Tél : +33 (0)1 69 47 44 34
Fax : +33 (0)1 69 47 44 37
Web :
http://www.epigenomique.genopole.fr/opencms/opencms/epigenomique/en/perso/joe/
________________________________________________________________________
--
Manuel Garcia a.k.a "mannyto"
Administrador de redes y servidores
Consultor independiente
Debian GNU/Linux Testing codename "Lenny"
Reply to: