I'm not running NAT or TOS, the nat and mangle modules aren't loaded, so I guess the tables don't exist either. It's a single homed server.
Iptables is configures as followed: Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination When running NMAP to scan port 25, tcpdump generates the following output: 21:09:51.034830 10.0.0.13.4873 > 10.0.0.4.smtp: S 29225080:29225080(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 21:09:51.034891 10.0.0.4 > 10.0.0.13: icmp: 10.0.0.4 tcp port smtp unreachable [tos 0xc0] 21:09:51.035143 10.0.0.4.34627 > SpeedTouch.lan.domain: 44052+ PTR? 13.0.0.10.in-addr.arpa. (40) (DF) 21:09:51.035888 SpeedTouch.lan.domain > 10.0.0.4.34627: 44052 0/0/0 (40) The following output is generated when I scan port 199 (I added a reject rule offcourse): 21:25:02.267951 10.0.0.13.4907 > 10.0.0.4.smux: S 259491857:259491857(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 21:25:02.268013 10.0.0.4 > 10.0.0.13: icmp: 10.0.0.4 tcp port smux unreachable [tos 0xc0] Ronald -----Original Message----- From: Raffaele D'Elia [mailto:[EMAIL PROTECTED] Sent: maandag 26 januari 2004 18:50 To: Ronald Laarman; [email protected] Subject: RE: Iptables can't close port 25 and 110 mmh Have you flushed also the nat and the mangle tables? I'm thinking about a redirect. If the syn packet sent to the port 25 is redirected to another port nmap cannot know it: it tells "port 25 open" do you have tcpdump or a similar tool installed? i think we have to see what's happening! Radel
