I have a RedHat 9 server acting as a firewall for our network. The server is connected via a router to a T1 line on the Wan side.
SSHD and Sendmail are the only services installed and running on the server and there are no user accounts. Iptables is set up to only allow ssh, and smtp. Default policy is drop for all chains nat and mangle tables are not used currently no forward rules defined (defined rules are at bottom of message) Problem: We used three seperate port scanners to verify this. When the server is scanned on the external interface it shows three tcp ports are open. ssh port 22 smtp port 25 pop port 110 telneting into port 22 or 25 with any external system will give the correct connection data (ie. openssh version/220 mail ESMTP Sendmail... ) telneting into 110 with a linux/unix system will get the message: unable to connect to remote host: connection timed out telneting into 110 with a windows system will get a bank window with a flashing cursor -- typing produces no result -- escape characters ^] or ^c do nothing -- after about a minute if enter is pressed the dos prompt comes back The iptables logs show any attempted connection to port 110 is dropped. Any ideas why when no services are running to monitor the port, all three port scanners show 110 as an open port? Defined external interface rules: INPUT RULES: # SSH # accept ssh connection to $HOST port 22 iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p tcp --sport 1024:65535 --dport 22 -j ACCEPT # SMTP # accept smtp connection to $HOST port 25 iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p tcp --sport 1024:65535 --dport 25 -j ACCEPT # accept connection from exterior host port 25 in reply to smtp from $HOST iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p tcp -m state --state ESTABLISHED --sport 25 --dport 1024:65535 -j ACCEPT # IDENTD # reject identd requests to avoid lengthy timeouts iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p tcp --sport 1024:65535 --dport 113 -j REJECT --reject-with tcp-reset # allow identd responses to my identd requests iptables -A INPUT -i $INTERNET -s 0/0 -d $IPADDRESS -p tcp -m state --state ESTABLISHED --sport 113 --dport 1024:65535 -j ACCEPT # OUTPUT rules # SSH # accept $HOST ssh replies to established connections by external host port 22 iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 -m state --state ESTABLISHED -p tcp --sport 22 -j ACCEPT # SMTP iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 -m state --state ESTABLISHED -p tcp --sport 25 -j ACCEPT # accept $HOST smtp connection to external host port 25 iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 -p tcp --dport 25 -j ACCEPT # IDENTD # allow outgoing identd/AUTH requests iptables -A OUTPUT -o $INTERNET -s $IPADDRESS -d 0/0 -p tcp --dport 113 -j ACCEPT __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
