On Tuesday 28 May 2002 7:42 pm, George Georgalis wrote: > Hi All, > > Why does this nmap scan show these ports filtered, not closed? > > 50420/tcp filtered unknown > 50421/tcp filtered unknown > 50422/tcp open unknown > 50423/tcp filtered unknown > 50424/tcp filtered unknown
It's because nmap can get (at least) three different responses when it tries to connect to a TCP port with a SYN packet: 1. A SYN-ACK response: this means the port is open and accepting connections 2. An ICMP 'port unreachable' mening the port is closed and not accepting connections. 3. Nothing at all, which tells nmap that something is blocking access, because a normal TCP/IP stack would respond with one or other of the above. (There are other possibilities such as ICMP redirect, TCP RST etc: I'm not sure what nmap tells you when it gets one of these) If you think about it, the description "filtered" is actually quite correct - your packet filtering firewall is blocking access to the ports which nmap is scanning and reporting as filtered :-) > Also, I was wondering why a connect from the LAN port 50422 (to the > firewall) does nat to 192.168.0.1:22? It works from the internet.... Er, I don't quite understand the question, but if it's the usual one, which is "my firewall is DNATting external address A to internal address B, and it works when I connect to A from the outside, but it doesn't work when I connect to A from the inside (although it does work if I connect to B from the inside)", then the answer is routing. Put simply, to repond to an external client, B has to reply through the firewall, so "it works". To repond to an internal client, though, B does not route the reply through the firewall, so it doesn't work. If that wasn't the question, or you don't understand the answer, please repost with a bit more information. Regards, Antony.
