On Fri, 2003-06-06 at 09:01, adrianne keller wrote: > I have a RedHat 9 server acting as a firewall for our > network. The server is connected via a router to a T1 > line on the Wan side. > > SSHD and Sendmail are the only services installed and > running on the server and there are no user accounts. > > Iptables is set up to only allow ssh, and smtp. > > Default policy is drop for all chains > nat and mangle tables are not used currently > no forward rules defined > (defined rules are at bottom of message) > > Problem: > > We used three seperate port scanners to verify this. > > When the server is scanned on the external interface > it shows three tcp ports are open. > > ssh port 22 > smtp port 25 > pop port 110 > > telneting into port 22 or 25 with any external system > will give the correct connection data > (ie. openssh version/220 mail ESMTP Sendmail... ) > > telneting into 110 with a linux/unix system will get > the message: unable to connect to remote host: > connection timed out > > telneting into 110 with a windows system will get a > bank window with a flashing cursor -- typing produces > no result -- escape characters ^] or ^c do nothing -- > after about a minute if enter is pressed the dos > prompt comes back > > The iptables logs show any attempted connection to > port 110 is dropped. > > Any ideas why when no services are running to monitor > the port, all three port scanners show 110 as an open > port? > > > Defined external interface rules: > INPUT RULES: > # SSH > # accept ssh connection to $HOST port 22 > iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p > tcp --sport 1024:65535 --dport 22 -j ACCEPT > > # SMTP > # accept smtp connection to $HOST port 25 > iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p > tcp --sport 1024:65535 --dport 25 -j ACCEPT > # accept connection from exterior host port 25 in > reply to smtp from $HOST > iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p > tcp -m state --state ESTABLISHED --sport 25 --dport > 1024:65535 -j ACCEPT > > # IDENTD > # reject identd requests to avoid lengthy timeouts > iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p > tcp --sport 1024:65535 --dport 113 -j REJECT > --reject-with tcp-reset > # allow identd responses to my identd requests > iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p > tcp -m state --state ESTABLISHED --sport 113 --dport > 1024:65535 -j ACCEPT > > # OUTPUT rules > # SSH > # accept $HOST ssh replies to established connections > by external host port 22 > iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 > -m state --state ESTABLISHED -p tcp --sport 22 -j > ACCEPT > > # SMTP > iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 > -m state --state ESTABLISHED -p tcp --sport 25 -j > ACCEPT > # accept $HOST smtp connection to external host port > 25 > iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 > -p tcp --dport 25 -j ACCEPT > > # IDENTD > # allow outgoing identd/AUTH requests > iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 > -p tcp --dport 113 -j ACCEPT
It impossible to help you because you did not include the entire script. It sounds like a normal fw scripting problem though... -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
