[WBEL-users] More on iptables
Daniel T. Gynn
dan.gynn@essensys.com
Fri, 06 Aug 2004 14:45:30 -0400
--=-wfGs3UFg6NoXWTMFsU0i
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
How does mx get to heresy? Does it NAT through there? If so, then that
would be why it gets through. Also, is 207.13.247.19 assigned to eth0?
On Fri, 2004-08-06 at 13:37, Ed Morrison wrote:
> Hey everyone,
>=20
> I have changed my iptables to what I have pasted below. The policy is
> set to drop all packets except for what I explicitly allow. Yet, when I
> run nmap against this box I am showing all these ports as open (see
> below). Shouldn't they show as closed? Where am I going wrong?
>=20
>=20
> Thanks,
>=20
> Ed
>=20
>=20
> Iptables:
>=20
> [root@heresy sysconfig]# iptables -L -v
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination =20
> 0 0 DROP all -- any any 24.20.253.108
> anywhere =20
> 0 0 DROP all -- any any 69.145.105.154
> anywhere =20
> 0 0 DROP all -- any any 4.11.196.79
> anywhere =20
> 0 0 DROP all -- any any 80.202.20.7
> anywhere =20
> 0 0 DROP all -- any any 137.164.158.14
> anywhere =20
> 0 0 DROP all -- any any 201.129.85.142
> anywhere =20
> 0 0 DROP all -- any any 24.19.7.146
> anywhere =20
> 0 0 DROP all -- any any 66.44.140.103
> anywhere =20
> 0 0 DROP all -- any any 12.205.157.201
> anywhere =20
> 0 0 DROP all -- any any 201.129.85.95
> anywhere =20
> 0 0 DROP all -- any any 219.103.193.130
> anywhere =20
> 0 0 DROP all -- any any 130.120.81.14
> anywhere =20
> 0 0 DROP all -- any any 207.3.145.251
> anywhere =20
> 0 0 DROP all -- any any 131.234.66.101
> anywhere =20
> 0 0 DROP all -- any any 12.109.164.254
> anywhere =20
> 0 0 DROP all -- any any 12.109.164.25
> anywhere =20
> 0 0 DROP all -- any any 219.120.54.178
> anywhere =20
> 0 0 DROP all -- any any 219.120.54.1
> anywhere =20
> 0 0 DROP all -- any any 201.129.85.221
> anywhere =20
> 0 0 DROP all -- any any 69.145.104.154
> anywhere =20
> 0 0 DROP all -- any any 208.19.107.78
> anywhere =20
> 0 0 DROP all -- any any 210.92.210.67
> anywhere =20
> 0 0 DROP all -- any any 219.120.54.178
> anywhere =20
> 0 0 DROP all -- any any 62.3.209.74
> anywhere =20
> 0 0 DROP all -- any any 62.3.209.74
> anywhere =20
> 0 0 DROP all -- any any 202.141.1.28
> anywhere =20
> 0 0 DROP all -- any any 216.97.110.1
> anywhere =20
> 0 0 DROP all -- any any 203.123.11.21
> anywhere =20
> 0 0 DROP all -- any any 211.252.6.194
> anywhere =20
> 0 0 DROP all -- any any 61.187.92.210
> anywhere =20
> 0 0 DROP all -- any any 61.187.94.210
> anywhere =20
> 0 0 DROP all -- any any 195.247.24.11
> anywhere =20
> 0 0 DROP all -- any any 24.119.57.93
> anywhere =20
> 0 0 DROP all -- any any 220.99.76.139
> anywhere =20
> 0 0 DROP all -- any any 66.78.26.26
> anywhere =20
> 170 18765 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:http=20
> 2698 159K ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:ssh=20
> 0 0 ACCEPT all -- any any
> heresy.northcentralcounties.org anywhere =20
> 2184 322K DROP all -- eth0 any anywhere
> anywhere =20
>=20
>=20
>=20
> nmap scan:
>=20
> [root@mx1 sysconfig]# nmap -sO 207.13.247.19
>=20
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting protocols on heresy.northcentralcounties.org
> (207.13.247.19):
> Protocol State Name
> 1 open icmp =20
> 2 open igmp =20
> 3 open ggp =20
> 4 open ip =20
> 5 open st =20
> 6 open tcp =20
> 7 open cbt =20
> 8 open egp =20
> 9 open igp =20
> 10 open bbn-rcc-mon =20
> 11 open nvp-ii =20
> 12 open pup =20
> 13 open argus =20
> 14 open emcon =20
> 15 open xnet =20
> 16 open chaos =20
> 17 open udp =20
> 18 open mux =20
> 19 open dcn-meas =20
> 20 open hmp =20
> 21 open prm =20
> 22 open xns-idp =20
> 23 open trunk-1 =20
> 24 open trunk-2 =20
> 25 open leaf-1 =20
> 26 open leaf-2 =20
> 27 open rdp =20
> 28 open irtp =20
> 29 open iso-tp4 =20
> 30 open netblt =20
> 31 open mfe-nsp =20
> 32 open merit-inp =20
> 33 open sep =20
> 34 open 3pc =20
> 35 open idpr =20
> 36 open xtp =20
> 37 open ddp =20
> 38 open idpr-cmtp =20
> 39 open tp++ =20
> 40 open il =20
> 41 open ipv6 =20
> 42 open sdrp =20
> 43 open ipv6-route =20
> 44 open ipv6-frag =20
> 45 open idrp =20
> 46 open rsvp =20
> 47 open gre =20
> 48 open mhrp =20
> 49 open bna =20
> 50 open esp =20
> 51 open ah =20
> 52 open i-nlsp =20
> 53 open swipe =20
> 54 open narp =20
> 55 open mobile =20
> 56 open tlsp =20
> 57 open skip =20
> 58 open ipv6-icmp =20
> 59 open ipv6-nonxt =20
> 60 open ipv6-opts =20
> 61 open unknown =20
> 62 open cftp =20
> 63 open unknown =20
> 64 open sat-expak =20
> 65 open kryptolan =20
> 66 open rvd =20
> 67 open ippc =20
> 68 open unknown =20
> 69 open sat-mon =20
> 70 open visa =20
> 71 open ipcv =20
> 72 open cpnx =20
> 73 open cphb =20
> 74 open wsn =20
> 75 open pvp =20
> 76 open br-sat-mon =20
> 77 open sun-nd =20
> 78 open wb-mon =20
> 79 open wb-expak =20
> 80 open iso-ip =20
> 81 open vmtp =20
> 82 open secure-vmtp =20
> 83 open vines =20
> 84 open ttp =20
> 85 open nsfnet-igp =20
> 86 open dgp =20
> 87 open tcf =20
> 88 open eigrp =20
> 89 open ospfigp =20
> 90 open sprite-rpc =20
> 91 open larp =20
> 92 open mtp =20
> 93 open ax.25 =20
> 94 open ipip =20
> 95 open micp =20
> 96 open scc-SP =20
> 97 open etherip =20
> 98 open encap =20
> 99 open unknown =20
> 100 open gmtp =20
> 101 open ifmp =20
> 102 open pnni =20
> 103 open pim =20
> 104 open aris =20
> 105 open scps =20
> 106 open qnx =20
> 107 open a/n =20
> 108 open ipcomp =20
> 109 open snp =20
> 110 open compaq-peer =20
> 111 open ipx-in-ip =20
> 112 open vrrp =20
> 113 open pgm =20
> 114 open unknown =20
> 115 open l2tp =20
> 116 open ddx =20
> 117 open iatp =20
> 118 open stp =20
> 119 open srp =20
> 120 open uti =20
> 121 open smp =20
> 122 open sm =20
> 123 open ptp =20
> 124 open isis-over-ipv4 =20
> 125 open fire =20
> 126 open crtp =20
> 127 open crudp =20
> 128 open sscopmce =20
> 129 open iplt =20
> 130 open sps =20
> 131 open pipe =20
> 132 open sctp =20
> 133 open fc =20
> 134 open unknown =20
> 135 open unknown =20
> 136 open unknown =20
> 137 open unknown =20
> 138 open unknown =20
> 139 open unknown =20
> 140 open unknown =20
> 141 open unknown =20
> 142 open unknown =20
> 143 open unknown =20
> 144 open unknown =20
> 145 open unknown =20
> 146 open unknown =20
> 147 open unknown =20
> 148 open unknown =20
> 149 open unknown =20
> 150 open unknown =20
> 151 open unknown =20
> 152 open unknown =20
> 153 open unknown =20
> 154 open unknown =20
> 155 open unknown =20
> 156 open unknown =20
> 157 open unknown =20
> 158 open unknown =20
> 159 open unknown =20
> 160 open unknown =20
> 161 open unknown =20
> 162 open unknown =20
> 163 open unknown =20
> 164 open unknown =20
> 165 open unknown =20
> 166 open unknown =20
> 167 open unknown =20
> 168 open unknown =20
> 169 open unknown =20
> 170 open unknown =20
> 171 open unknown =20
> 172 open unknown =20
> 173 open unknown =20
> 174 open unknown =20
> 175 open unknown =20
> 176 open unknown =20
> 177 open unknown =20
> 178 open unknown =20
> 179 open unknown =20
> 180 open unknown =20
> 181 open unknown =20
> 182 open unknown =20
> 183 open unknown =20
> 184 open unknown =20
> 185 open unknown =20
> 186 open unknown =20
> 187 open unknown =20
> 188 open unknown =20
> 189 open unknown =20
> 190 open unknown =20
> 191 open unknown =20
> 192 open unknown =20
> 193 open unknown =20
> 194 open unknown =20
> 195 open unknown =20
> 196 open unknown =20
> 197 open unknown =20
> 198 open unknown =20
> 199 open unknown =20
> 200 open unknown =20
> 201 open unknown =20
> 202 open unknown =20
> 203 open unknown =20
> 204 open unknown =20
> 205 open unknown =20
> 206 open unknown =20
> 207 open unknown =20
> 208 open unknown =20
> 209 open unknown =20
> 210 open unknown =20
> 211 open unknown =20
> 212 open unknown =20
> 213 open unknown =20
> 214 open unknown =20
> 215 open unknown =20
> 216 open unknown =20
> 217 open unknown =20
> 218 open unknown =20
> 219 open unknown =20
> 220 open unknown =20
> 221 open unknown =20
> 222 open unknown =20
> 223 open unknown =20
> 224 open unknown =20
> 225 open unknown =20
> 226 open unknown =20
> 227 open unknown =20
> 228 open unknown =20
> 229 open unknown =20
> 230 open unknown =20
> 231 open unknown =20
> 232 open unknown =20
> 233 open unknown =20
> 234 open unknown =20
> 235 open unknown =20
> 236 open unknown =20
> 237 open unknown =20
> 238 open unknown =20
> 239 open unknown =20
> 240 open unknown =20
> 241 open unknown =20
> 242 open unknown =20
> 243 open unknown =20
> 244 open unknown =20
> 245 open unknown =20
> 246 open unknown =20
> 247 open unknown =20
> 248 open unknown =20
> 249 open unknown =20
> 250 open unknown =20
> 251 open unknown =20
> 252 open unknown =20
> 253 open unknown =20
> 254 open unknown =20
>=20
> Nmap run completed -- 1 IP address (1 host up) scanned in 202 seconds
>=20
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users
--=20
-----------------------
Daniel T. Gynn
RHCE #806200978201621
Essential Systems, Inc.
412-931-5403 ext. 1
fax: 412-931-5425
dan.gynn@essensys.com
GnuPG Key http://www.essensys.com/~dan/gpgring.asc
Fingerprint: 0979 73B8 847A 349E 7363 66F4 6A79 DD72 495D CD60
--=-wfGs3UFg6NoXWTMFsU0i
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQBBE9HHanndckldzWARAnD4AKCPO6xlVQ6Xy5C4knNWkhnSQGB/2ACfWQmx
j7CRgx6rbbzAAqCFz6fphic=
=ppVV
-----END PGP SIGNATURE-----
--=-wfGs3UFg6NoXWTMFsU0i--