[Gllug] Port filtering question
Jan Henkins
jan at henkins.za.net
Fri Oct 1 13:34:51 UTC 2010
Hello Salsaman,
On 01/10/10 12:08, salsaman at xs4all.nl wrote:
>
> OK, this is starting to dirve me nuts now !
>
> Yesterday, I was setting up apache - which was working, so I thought, on
> port 80.
>
> I put some jpeg images in the document root, but every time I tried to
> download one via the external IP address, wget was hanging after
> retrieving exactly 4048 bytes. Same for every image.
>
>
> Then, since I had a spare router (Netgear dg834g), I thought I would try
> with that instead. Unfortunately the results were no better. Now I am
> seeing some very curious things:
>
> 1) netstat -an shows the following ports listening:
>
> tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:44125 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:49220 0.0.0.0:* LISTEN
>
>
> 81 is apache (I will explain why not 80 below), 22 is ssh and 631 is cupsd.
>
> However I have no idea what is running on the other ports.
>
>
>
>
> 2) my external IP address is currently 186.212.103.8.
> nmap shows:
> PORT STATE SERVICE
> 80/tcp open http
> 1863/tcp open msnp
> 1864/tcp open paradym-31
> 4443/tcp open pharos
> 5190/tcp open aol
> 5566/tcp open unknown
> 49152/tcp open unknown
>
> now as far as I know I am not running anything on any of the ports shown.
>
>
>
>
> 3) Going to http://www.canyouseeme.org/, tells me that port 22 is open,
> yet when I try to ssh to 186.212.103.8 I get "connection refused". For 80,
> it tells me !connection refused". For all the other ports (81, etc) it
> says connection timed out.
>
>
>
> 4) If I try to open the external IP address in a browser, it takes me to
> the router password prompt ! This happens regardless of whether I have
> port 80 set to forward or not.
> So it seems like the firewall part may be working, but something is
> strange with NAT.
>
>
>
> Any suggestions greatfully received....
If you don't mind, check two things:
* iptables (check if you block stuff from other machines)
* See if you have SELinux enabled or not. SELinux can seriously kick you
about if you don't know how to set it up. If it is enabled, disable it
and run your tests again.
--
Regards,
Jan Henkins
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list