[Gllug] Port filtering question

salsaman at xs4all.nl salsaman at xs4all.nl
Fri Oct 1 11:08:15 UTC 2010 

On Wed, September 29, 2010 05:32, Walter Stanish wrote:
>> I have been struggling with this for a few days now. I am trying to set
>> up
>> an icecast server on my desktop machine. Everything seems to be working
>> fine, except that nobody can connect to the port.
>>
>> ....
>>
>> I am not running any kind of firewall or packet filtering firewall
>> software on the PC as far as I can tell, as I generally use the router
>> as
>> the firewall. So is this a bug in the router, an ISP issue or is there
>> something on the desktop machine doing this ?
>
> One way to find out which part of your network infrastructure filters a
> port
> is to run a traceroute with that port selected.  Whilst traceroute is a
> cool
> hack, and old versions tended not to use TCP, modern implementations
> such as that in recent versions of nmap will allow you to specify UDP or
> TCP ports, along with a host of other options.
>
> For a simple example, you could use:
>  nmap --traceroute -PT -p80 your.target.host.com
>
> I seem to remember that icecast doesn't normally run on port 80 by
> default, a quick google suggests '8000'.
>
> - Walter
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>




OK, this is starting to dirve me nuts now !

Yesterday, I was setting up apache - which was working, so I thought, on
port 80.

I put some jpeg images in the document root, but every time I tried to
download one via the external IP address, wget was hanging after
retrieving exactly 4048 bytes. Same for every image.


Then, since I had a spare router (Netgear dg834g), I thought I would try
with that instead. Unfortunately the results were no better. Now I am
seeing some very curious things:

1) netstat -an shows the following ports listening:

tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:44125         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:49220         0.0.0.0:*               LISTEN


81 is apache (I will explain why not 80 below), 22 is ssh and 631 is cupsd.

However I have no idea what is running on the other ports.




2) my external IP address is currently 186.212.103.8.
nmap shows:
PORT      STATE SERVICE
80/tcp    open  http
1863/tcp  open  msnp
1864/tcp  open  paradym-31
4443/tcp  open  pharos
5190/tcp  open  aol
5566/tcp  open  unknown
49152/tcp open  unknown

now as far as I know I am not running anything on any of the ports shown.




3) Going to http://www.canyouseeme.org/, tells me that port 22 is open,
yet when I try to ssh to 186.212.103.8 I get "connection refused". For 80,
it tells me !connection refused". For all the other ports (81, etc) it
says connection timed out.



4) If I try to open the external IP address in a browser, it takes me to
the router password prompt ! This happens regardless of whether I have
port 80 set to forward or not.
So it seems like the firewall part may be working, but something is
strange with NAT.



Any suggestions greatfully received....


Salsaman.




-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list