understanding open ports with virtualmin

8 posts / 0 new
Last post
#1 Fri, 03/14/2014 - 09:34
guistack

understanding open ports with virtualmin

HI,

Something isn't clear , i didn't find in the doc/faq a list of needed open ports for a basic virtualmin installation; I mean, i'm making my iptables rules, so in webmin->server->linux firewall , i made some rules;

When i run nmap , i saw some ports are open but they don't figure in my iptables rules..

For exemple
port 21 is close in my iptables rules but nmap says open nmap says also : port 445/tcp filtered microsoft-ds , 111 rpcbind open ,587 submission open.

So questions : i never open or add rules for port 445 , 111 , 587 in my iptables rules..So if first politic is DROP , how is possible ?

Is vitualmin open thoses ports somewhere or in different place of iptables ? ( i use /etc/iptables.up.rules )

Whats the first rules -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT in default up.rules , i never use that before

Thanks , Jess

Fri, 03/14/2014 - 10:23
andreychek

Howdy,

What rules do you see if you run the command "iptables -L -n"? Those are the rules setup on your system now, do you see any that you didn't add?

If not, it may be that another system between where you ran the nmap, and your server, is causing the results you're seeing.

For example, it's possible that your ISP is doing some kind of blocking with port 445, and maybe redirecting port 587 to their own mail server.

-Eric

Fri, 03/14/2014 - 11:59
guistack

output of iptables -L -n respect my rules and seems correct , but when i run on my personal desktop : nmap IP OF MY SERVER , result is strange, says my port 21 is open , 445/tcp filtered microsoft-ds , 111 rpcbind open ,587 submission open;

i attached my output iptables and the output of nmap scan

Is it possible the nmap scan says wrong ?!

the the first rules -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT in default up.rules isn't essencial right ?! i never use thise rule before

thanks for help, Jess

Fri, 03/14/2014 - 11:58
Locutus

Please put shell outputs in [code][/code] tags, otherwise they lose linebreaks and become unreadable.

Fri, 03/14/2014 - 12:02 (Reply to #4)
guistack

i edited my post and attach files to be more clear and readable,scuse

Fri, 03/14/2014 - 12:22
Locutus

To verify that what nmap claims, namely that your server listens on some port while they should be blocked by the firewall, you can run tcpdump tcp port N on your server, replace N with the port number. Then you'll see if those packets are answered by your server or if the firewall drops/rejects them.

If they get rejected, you should see something like this:

17:43:17.998198 IP 1.2.3.4.57532 > 5.6.7.8.26: Flags [S], seq 3514051051, win 8192, options [mss 1347,nop,wscale 2,nop,nop,sackOK], length 0 17:43:17.998256 IP 5.6.7.8.26 > 1.2.3.4.57532: Flags [R.], seq 0, ack 3514051052, win 0, length 0

This means the IP 1.2.3.4 tried to connect to your server on 5.6.7.8 (the first packet with flags S meaning SYN), and the server rejected in the second packet (flags REJECT ACK).

If you get only one line, the SYN one, it means that the firewall dropped the packet.

(tcpdump sees packets before the firewall, that's why they will show up there, if they arrive at the server, even if iptables drops them.)

If you don't see those packets arrive at all, but nmap still says "port open", the connections are processed elsewhere on the routing path.

Sat, 03/15/2014 - 09:37
guistack

it help me to resolve the pb , there was some misconfiguration of my part..

thanks , jess

Sat, 10/05/2019 - 21:44
Francewhoa
Francewhoa's picture
Something isn't clear , i didn't find in the doc/faq a list of needed open ports for a basic virtualmin installation;

Related documentation at http://webmin.com/firewall.html

- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community