12

[ubuntu] Ports open even though they should be closed

view full story
linux-howto

http://ubuntuforums.org – Hey guys, I don't understand whats going on with my rootserver... I have reset iptables and just opened the port for ssh. Now suddenly over night I see that there are a various of ports open: 21,80, 135, 139, 445, 3128 Could it be that vsftpd for example put rules in automatically to allow input on port 21? I also tried disabling iptables with this command: Code: # iptables -X # iptables -t nat -F # iptables -t nat -X # iptables -t mangle -F # iptables -t mangle -X # iptables -P INPUT ACCEPT # iptables -P FORWARD ACCEPT # iptables -P OUTPUT ACCEPT after this i did a port scan with ip (Hardware)

xskl's picture
Submitted by xskl on 03/12/2012 – Made popular on 03/12/2012

Stories similar to [ubuntu] Ports open even though they should be closed

I used an online tool to create an iptables firewall. Basically I just need port 22 and 1194 open to the outside world. But I noticed this bash script has input, forward and output chains as accept by default. Is it blocking all traffic but those two ports? Thanks.

I'm trying to find out why changing my default iptables policy is affecting what nmap sees when it scans my host.

Consider the following iptables setup:

iptables -F iptables -A INPUT -p tcp -s 10.1.0.0/20 --dport 22 -j ACCEPT

iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j AC

I am running a server which needs UDP ports 1000:11000 opened, as well as TCP 10011 and 30033 open to function.

I have a set of iptables rules set to allow SSH and those ports, and intentionally left out 2010 as I am getting attacked on that port. The server does not block the incoming IP even when told to do so.

I'm setting marks with iptables like this

iptables -t mangle -A POSTROUTING -d 192.168.1.143 -j MARK --set-mark 10

if I want to clear what I do is remove all with

iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT

instead of removing all the rules to clear thi

How do I use iptables to reject all traffic to localhost port 80 but allow the one that comes from local machine?

Here is my current solution that doesn't seems to block the traffic. the ip, the the ip of the local machine.

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

Iptables bash script 20 weeks 5 days ago

i'd like to basically drop all packets, but still allow port 22, 80 and 52533. ATM this firewall doesn't allow pinging, or for me to use yum update. How can I add that? Thanks for advice. Also is there an easier way to open port 80?

I have these drop rules:

iptables -t mangle -P FORWARD DROP iptables -P FORWARD DROP

iptables -t mangle -P INPUT DROP iptables -P INPUT DROP

iptables -t mangle -P OUTPUT DROP iptables -t nat -P OUTPUT DROP iptables -P OUTPUT DROP

iptables -t nat -P PREROUTING DROP iptables -t mangle -P PREROUTING DROP

iptables -t nat -P POSTROUTING DROP iptables -t mangl

Possible Duplicate: iptables: forward port 80 to port 8080

I'd like to forward port 80 to 8080. So I tried to edit /etc/syscongfig/iptables:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But got:

# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK