Maybe you should try to connect some of these ports with telnet. So you can see if where something went wrong. e.g. telnet <IP-of-your-machine> 21 should give something like that among other messages: 220 ProFTPD 1.2.2 Server (powered by SuSE Linux) where telnet <IP-of-your-machine> 13 should be rejected telnet: connect to address <IP-address>: Connection refused when you are not running a daytime-service... You should especially check the ports you definitivly run services on! And maybe you should look at your process status (ps -fax) which services do run on the machine? -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 On Wed, 27 Nov 2002, Volker Spies wrote:
Hallo,
I have problems with my ipchains firewall.
When I run a portscan with nmapwin to my linux box form the internet it shows me the following ports as open:
7/tcp open echo 9/tcp open discard [many lines deleted...]
The only services that are running to the outside
Sshd Httpd Ftpd
There are other services but not reachable form outside:
Smtp Imap Squid Webmin
The rest is definitely blocked by the firewall rules (only to outside interface). The firewall log shows that the ports are blocked. I see the portscan and I see that, for example, Port 25 is denied.
Wired: On Port 10000 i've webmin running only reachable from the inside. Why does nmap show snet-sensor-mgmt ???? It's only a table (e.g. /etc/services)... and ports >1023 are more or less free to use.
Why shows nmapwin (and other port scanners) that so many ports are in the state OPEN???
By the way when I start nmap locally on the firewall then it shows the correct ports open
Sshd Httpd Ftpd Smtp Imap Squid webmin