[Gllug] Port filtering question

Jan Henkins jan at henkins.za.net
Fri Oct 1 13:34:51 UTC 2010 

  Hello Salsaman,

On 01/10/10 12:08, salsaman at xs4all.nl wrote:
>
> OK, this is starting to dirve me nuts now !
>
> Yesterday, I was setting up apache - which was working, so I thought, on
> port 80.
>
> I put some jpeg images in the document root, but every time I tried to
> download one via the external IP address, wget was hanging after
> retrieving exactly 4048 bytes. Same for every image.
>
>
> Then, since I had a spare router (Netgear dg834g), I thought I would try
> with that instead. Unfortunately the results were no better. Now I am
> seeing some very curious things:
>
> 1) netstat -an shows the following ports listening:
>
> tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN
> tcp        0      0 127.0.0.1:44125         0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN
> tcp        0      0 127.0.0.1:49220         0.0.0.0:*               LISTEN
>
>
> 81 is apache (I will explain why not 80 below), 22 is ssh and 631 is cupsd.
>
> However I have no idea what is running on the other ports.
>
>
>
>
> 2) my external IP address is currently 186.212.103.8.
> nmap shows:
> PORT      STATE SERVICE
> 80/tcp    open  http
> 1863/tcp  open  msnp
> 1864/tcp  open  paradym-31
> 4443/tcp  open  pharos
> 5190/tcp  open  aol
> 5566/tcp  open  unknown
> 49152/tcp open  unknown
>
> now as far as I know I am not running anything on any of the ports shown.
>
>
>
>
> 3) Going to http://www.canyouseeme.org/, tells me that port 22 is open,
> yet when I try to ssh to 186.212.103.8 I get "connection refused". For 80,
> it tells me !connection refused". For all the other ports (81, etc) it
> says connection timed out.
>
>
>
> 4) If I try to open the external IP address in a browser, it takes me to
> the router password prompt ! This happens regardless of whether I have
> port 80 set to forward or not.
> So it seems like the firewall part may be working, but something is
> strange with NAT.
>
>
>
> Any suggestions greatfully received....

If you don't mind, check two things:

* iptables (check if you block stuff from other machines)
* See if you have SELinux enabled or not. SELinux can seriously kick you 
about if you don't know how to set it up. If it is enabled, disable it 
and run your tests again.



-- 
Regards,
Jan Henkins

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list