Re: iptables and nmap

To: debian-security@lists.debian.org
Subject: Re: iptables and nmap
From: Andreas Kreuzinger <andy@skater.priv.at>
Date: Fri, 8 Jun 2007 22:05:48 +0200
Message-id: <[🔎] 20070608200548.GH9492@skater.priv.at>
In-reply-to: <[🔎] fafa13d10706070701h28c46319ybec2ad50c97bb8ed@mail.gmail.com>
References: <[🔎] 110BB7CD-4EEC-4063-834F-B4CCEC9A53C7@epigenomique.genopole.fr> <[🔎] fafa13d10706070701h28c46319ybec2ad50c97bb8ed@mail.gmail.com>

Hi !

* Manuel García <mannyto@gmail.com> [2007-06-07 10:01]:
> On 6/7/07, Joan Hérisson <herisson@epigenomique.genopole.fr> wrote:
[...snip...]
> > Results:
> > - The server is still unreachable.
> > - When I do nmap localhost, I have port 80 open but not 8080.
> > - When I comment out the line for port 80 in firewall-start and I restart
> >firewall, I do nmap localhost, port 80 is still open.
> 
> man nmap:
> -p <port ranges>: Only scan specified ports
>           Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
> And if you have port 80 "OPEN" that's because you have some webserver
> running in your machine (maybe apache?)
[...snip...]

If you are not sure that tomcat is listening on the port you expect, run
"lsof -i :$PORT" on the server.
In your case, just run
lsof -i :80
lsof -i :8080

This should give you an output like this:
# lsof -i :80
COMMAND   PID     USER   FD   TYPE   DEVICE SIZE NODE NAME
apache2  7497 www-data    3u  IPv6 15254670       TCP *:www (LISTEN)
apache2  8408 www-data    3u  IPv6 15254670       TCP *:www (LISTEN)
apache2  8409 www-data    3u  IPv6 15254670       TCP *:www (LISTEN)
apache2  8428 www-data    3u  IPv6 15254670       TCP *:www (LISTEN)
apache2 11194 www-data    3u  IPv6 15254670       TCP *:www (LISTEN)

In that case, apache2 with five instaces (different PIDs) running under
the user www-data is listening on port 80 on all available interfaces.

If you don't get back anything for port 8080, then nothing is listening
on this port and you won't get any connection. (That's not completely
true, you could for example redirect ports in iptables, but I assume
that your iptables-script is not doing something like that.)

BTW: As others already wrote, you should not use the iptables script if
you don't understand what it really does. Otherwise you'll end up with
problems and can't say if it's normal (because the script is doing it)
or if you have a problem somewhere else. Write the rules by yourself,
there are a lot of HOWTOs, tutorials and explained example scripts on
the net.
A good start might be http://netfilter.org/documentation/index.html

mfg @ndy
-- 
personal web site:  http://skater.priv.at/~andy/
Nachtskaten / Friday Night Skating Vienna:  http://night.skater.priv.at/
CCC Wien (CCC Erfa-Kreis Wien):  http://metalab.at/wiki/Groups:CCC_Wien
Verein fuer Internet-BEnutzer Oesterreichs (.AT)  http://www.vibe.at/

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- iptables and nmap
  - From: Joan Hérisson <herisson@epigenomique.genopole.fr>
- Re: iptables and nmap
  - From: "Manuel García" <mannyto@gmail.com>

Prev by Date: Re: Package management and security
Next by Date: Re: iptables and nmap
Previous by thread: Re: iptables and nmap
Next by thread: Re: iptables and nmap
Index(es):
- Date
- Thread