Re: Redhat 7.3 firewall issues

From: Wes Ream (wream@radiantdata.com)
Date: 10/11/02


From: wream@radiantdata.com (Wes Ream)
Date: 11 Oct 2002 11:27:23 -0700


> What do you mean "doesn't accept"? Is there an error message?
> If so, what is it?

In this case, I am not getting error messages at all. My firewall
script loads up just fine, however when I run nmap to check the ports,
it's as if it wasn't ever loaded

> What does "iptables --list" tell you? Do you see your rules there?

Yes, I see my rules there. Here is the output of iptables --list:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
ACCEPT tcp -- anywhere anywhere tcp
dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp
dpt:pop3s

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
ACCEPT tcp -- anywhere anywhere tcp
dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp
dpt:pop3s

> Well, are you actually running any servers on those ports? I'm not
> exactly sure how nmap works, but I'd guess if you're not running any
> servers on those ports it won't see anything. Check your xinetd
> configuration files.
>
> On your linux box, tcpdump on the interface in question. Then from
> somewhere else telnet to your linux box, specifying the ports you are
> interested in. (most telnet implementations will let you use any port
> number you want) What do you see on the tcpdump?

When I try to telnet to port 80 for example I get this:

Connecting To XX.XX.XX.XX...Could not open connection to the host, on
port 80
.
No connection could be made because the target machine actively
refused it.

I don't see anything in the output of tcpdump. It's almost as if
there is a firewall-type thing already running on this box but I can't
find it. /etc/sysconfig/iptables is non-exsistent and I know it's not
being done by ipchains because ipchains and iptables can't co-exsist
in the kernel at the same time and I would see error messages when I
load my firewall script that would say sometihng to that affect.

Regards,

Wes



Relevant Pages

  • Cannot telnet to Exchange 2003 smtp remotely
    ... server which I'm trying to debug using Telnet to ports 110 and 25. ... telnet error 'could not open a connection to mail.xx.com'. ... I'd say the firewall is blocking these ports, but even if I bring the ... If there are other restrictions in place under the Exchange 2003 SMTP ...
    (microsoft.public.exchange.connectivity)
  • Re: Cannot telnet to Exchange 2003 smtp remotely
    ... Can you successfully telnet on the public IP address to ports 25 and 110? ... Jim Mapes wrote: ... If connected remotely using a dialup connection ...
    (microsoft.public.exchange.connectivity)
  • Re: error message for MSN messenger games (i have nowhere else to go!)
    ... The error messages in Messenger, ... zone.com when a launch fails due to ports, you get a failed to connect, ... the following MS KB page related to zone ports is gone. ... >> downloaded and installed) but the msn messenger games ...
    (microsoft.public.games.zone)
  • Compiling skype on free 7
    ... I'm compiling skype (by ports) and received a lot of ... error messages like this: ... => Couldn't fetch it - please try to retrieve this ...
    (freebsd-questions)
  • Re: iwi-firmware
    ... >> you updated your ports tree. ... Previously, I was using the iwi-firmware port rather successfully, ... the help files for the error messages states the the error message ... When I did the searching, ...
    (freebsd-questions)