> So, I've put
> ipchains -I input 1 ! -i lo -d 0/0 mysql -p tcp -j REJECT
> on a term and launched the mysql server, performed my tests on mysql on
> localhost and then I've shut it down but I've got this:
>
> [root@depht ddclient-3.4.2]# nmap -sS 10.0.0.10 -P0 -p3306
>
> Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] (
> www.insecure.org/nmap/ )
> Interesting ports on (10.0.0.10):
> Port State Service
> 3306/tcp filtered mysql
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>
> This port doesn't appear in `netstat -ln` command. Have you an idea ?
>
Well, it's probably because the Linux kernel is responding differently than
if the socket wasn't filtered with ipchains. I'd thought ipchains' REJECT
response was the ICMP message 'port unreachable' and therefore the same as
that of a box with no process listening to the port concerned, but it could
well be different. Or there are subtle responses that nmap uses to figure
out the difference between a closed and a filtered port.
You could use tcpdump to capture the ICMP traffic on the interface concerned
and try and find a difference between ipchains and non-ipchains 'mode'.
HTH
Tobias
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
