nmap and iptables - Linux

This is a discussion on nmap and iptables - Linux ; Does a port being shown open in nmap always mean that connections to those ports will get through my firewall? Or does it simply mean that the port is open, but connections still has not reached the firewall. Just trying ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: nmap and iptables

  1. nmap and iptables

    Does a port being shown open in nmap always mean that connections to
    those ports will get through my firewall?

    Or does it simply mean that the port is open, but connections still has not reached
    the firewall.

    Just trying to figure out why imap connectios are failing.

    Thanks

  2. Re: nmap and iptables

    In article , Tommy M wrote:
    >Does a port being shown open in nmap always mean that connections to
    >those ports will get through my firewall?


    Nowhere _NEAR_ enough information, A port being reported as open
    means that _something_ responded - but you don't tell enough to say
    what that might have been. Where did you run namp from? Where is the
    imap server? How many systems between the two? Is the imap server
    directly reachable from where you are testing, or is there some form of
    port forwarding involved? 'nmap' comes with a heck of a lot of very
    useful documentation - and the man page tells quite a lot about what
    nmap is reporting.

    >Or does it simply mean that the port is open, but connections still has not
    >reached the firewall.


    Not enough information. Go grab a copy of tcptraceroute if your
    unidentified distribution doesn't have it. You can find that at
    http://michael.toren.net/code/tcptraceroute/ and read the man page
    that comes with it. Briefly, from whereever you are testing, use it
    like traceroute, but tell it you want to connect to port 143.

    >Just trying to figure out why imap connections are failing.


    1. What are you using to poll the imap server?
    2. What error message do you get?
    3. Can you view the logs of the imap server? What do they say?
    4. Use tcptraceroute to see if you can reach the imap server.
    5. Use tcpdump -s 1500 and see what the packets are saying. The
    dialog between the client and server should be human readable.
    6. What is in the firewall ruleset? What logging have you set up?
    What is in the firewall log?

    Please remember, we're not looking over your shoulder. so you are
    only going to get useful answers if you provide useful information.

    Old guy

  3. Re: nmap and iptables

    On Sat, 16 Oct 2004 22:19:56 -0500, Moe Trin wrote:

    >
    > Nowhere _NEAR_ enough information,


    You are correct. My appologies

    I was trying to figure out why I was having trouble setting up an imap
    server on my system
    --------------------------------------------------------------------
    Linux lugh.boley.org 2.4.20-6 #1 Thu Feb 27 10:06:59 EST 2003 i686 i686
    i386 GNU/Linux
    Redhat 9
    -----------------------------------------------------------------------
    I was not able to connect. My first thought was firewall issue or port
    being closed. nmap showed the port #143 open I posted to see if that
    really meant the port was accessible. After my post, I developed a little
    intellegence. I shut down the firewall and found I could connect just
    fine.
    So being open in nmap did not mean much.
    I rewrote the the firewall rules to allow access on 143
    ACCEPT tcp -- anywhere anywhere tcp dpt:imap flags:SYN,RST,ACK/SYN

    This is in the input chain. I don't think I need an OUTPUT rule, but I
    may be wrong.

    Still having problems though.
    I tested imap locally and off a remote shell account using some standard
    commands

    telnet host 143
    a0001 login user passwd (one only hopes the real imap incrypts the
    password)
    a0002 select mailbox
    a0003 fetch 1 body[text]
    a0004 close
    a0005 logout

    This all worked fine.
    A friend tested using his mailer (microsoft outlook express) yuck
    He could read but not send and got this error code

    "0x80042109 outlook is unable to connect to outgoing mailserver"

    My research indicates that this means he did not set his mailer to
    Authenticate to the smtp for outgoing mail and my system rejected it
    because of that.
    That is good and means I set up postfix correctly. No spammers today thank
    you.
    I will walk him through setting up authentication. I hope outlook does
    this I really don't know.

    Finally I tried setting the Ximam (evolution) mailer to connect to the imap server,
    which is on the the same machine. I used the full name not localhost.
    It connects but does not read the folders or mail under /var/spool/mail.
    Instead after a really long time it lists some of the files in my home
    directory. Very odd.
    I shut it down and and did it again this time runing strace on the pid
    for evolution-mail hoping to see what the problem was. This was a bit
    ambitious since I am not a programmer.

    gettimeofday({1098072097, 587854}, NULL) = 0
    poll([{fd=3, events=POLLIN}, {fd=9, events=POLLIN}, {fd=16, events=POLLIN}, {fd=18, events=POLLIN}, {fd=20, events=POLLIN}, {fd=22, events=POLLIN}], 6, 0) = 0
    ioctl(3, FIONREAD, [0]) = 0
    write(3, "5\30\4\0\311\3\300\2V\3\300\2\17\0\26\0F\0\5\0\311 \3\300"..., 248) = 248
    gettimeofday({1098072097, 588495}, NULL) = 0
    write(3, "5\30\4\0\312\3\300\0027\3\300\2\17\0m\0F\0\5\0\312 \3\300"..., 92) = 92
    ioctl(3, FIONREAD, [0]) = 0
    poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=9, events=POLLIN}, {fd=16, events=POLLIN}, {fd=18, events=POLLIN}, {fd=20, events=POLLIN}, {fd=22, events=POLLIN}, {fd=8, events=POLLIN}, {fd=11, events=POLLIN}, {fd=12, events=POLLIN}, {fd=13, events=POLLIN}, {fd=14, events=POLLIN}, {fd=15, events=POLLIN}, {fd=25, events=POLLIN}, {fd=26, events=POLLIN}, {fd=27, events=POLLIN}, {fd=28, events=POLLIN}, {fd=29, events=POLLIN}], 17, 9150) = 1
    gettimeofday({1098072097, 594672}, NULL) = 0
    ioctl(3, FIONREAD, [32]) = 0
    read(3, "\226\235\376\26\22\2\300\2\22\2\300\2\0\0\0\0\0\0\ 0\0\346"..., 32) = 32
    write(3, "(\30\4\0\22\2\300\2@\0\0\0\0\0\0\0", 16) = 16
    read(3, 0xbfffe1b0, 32) = -1 EAGAIN ( Resource temporarily unavailable)

    select(4, [3], NULL, NULL, NULL) = 1 (in [3])
    read(3, "\1\1\377\26\0\0\0\0h\220\340\0\210\0\307\0\0\0\0\0 \0\0"..., 32) = 32
    gettimeofday({1098072097, 595698}, NULL) = 0
    ioctl(3, FIONREAD, [0]) = 0
    poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=9, events=POLLIN}, {fd=16, events=POLLIN}, {fd=18, events=POLLIN}, {fd=20, events=POLLIN}, {fd=22, events=POLLIN}, {fd=8, events=POLLIN}, {fd=11, events=POLLIN}, {fd=12, events=POLLIN}, {fd=13, events=POLLIN}, {fd=14, events=POLLIN}, {fd=15, events=POLLIN}, {fd=25, events=POLLIN}, {fd=26, events=POLLIN}, {fd=27, events=POLLIN}, {fd=28, events=POLLIN}, {fd=29, events=POLLIN}], 17, 9142) = 1
    gettimeofday({1098072098, 976586}, NULL) = 0
    ioctl(3, FIONREAD, [96]) = 0
    read(3, "\17\320\377\26\\\3\300\2\1\2\0\0\210\340\212\0\334 \1\0"..., 96) = 96
    ioctl(3, FIONREAD, [0]) = 0
    gettimeofday({1098072098, 986161}, NULL) = 0
    ioctl(3, FIONREAD, [0]) = 0

    This seems to be stuck in some sort of loop. But that Resource temporarily
    unavailable error looks promising. Could be a bug in the mailer, or just
    some fundimental problem with checking imap mail when you are actually on
    the server.

    Not sure what my next steps are other than
    1. fix outlood problem for friend.
    2. have other people test different mailers
    3. Check for known evolution bugs

    Any suggestions are quite welcome.
    Thanks
    Tommy


  4. Re: nmap and iptables

    In article , Tommy M wrote:

    >I was not able to connect. My first thought was firewall issue or port
    >being closed. nmap showed the port #143 open I posted to see if that
    >really meant the port was accessible. After my post, I developed a little
    >intellegence. I shut down the firewall and found I could connect just
    >fine.
    >So being open in nmap did not mean much.


    "That depends" Open means _something_ is listening, and did not slam
    the door on nmap.

    >I tested imap locally and off a remote shell account using some standard
    >commands
    >
    >telnet host 143
    >a0001 login user passwd (one only hopes the real imap incrypts the
    >password)


    RFC2660 para 6.2.2 exerpt:

    The LOGIN command identifies the client to the server and carries
    the plaintext password authenticating this user.

    >This all worked fine.
    >A friend tested using his mailer (microsoft outlook express) yuck
    >He could read but not send and got this error code
    >
    >"0x80042109 outlook is unable to connect to outgoing mailserver"


    Can't help there - don't use IMAP.

    >My research indicates that this means he did not set his mailer to
    >Authenticate to the smtp for outgoing mail and my system rejected it
    >because of that.
    >That is good and means I set up postfix correctly. No spammers today thank
    >you.


    You may also want to check with your ISP (they may not want you running
    a mail server), and check that the reverse DNS for your host isn't
    showing some dynamic address - many people refuse mail from those addresses.

    >I will walk him through setting up authentication. I hope outlook does
    >this I really don't know.


    Can't help there either - the last time I used windoze (1992), microsoft
    hadn't invented networking yet, nevermind Outhouse.

    >Finally I tried setting the Ximam (evolution) mailer to connect to the imap
    >server, which is on the the same machine. I used the full name not localhost.
    >It connects but does not read the folders or mail under /var/spool/mail.
    >Instead after a really long time it lists some of the files in my home
    >directory. Very odd.


    The long delay could be your firewall, are you blocking port 113? It
    could also be a hostname resolution - see that the _full_ name is
    resolvable, and that the IP also resolves to the full name. Often this
    can be set using the /etc/hosts file.

    >I shut it down and and did it again this time runing strace on the pid
    >for evolution-mail hoping to see what the problem was. This was a bit
    >ambitious since I am not a programmer.


    Neither am I. but the output doesn't look familiar. I usually use
    strace with the -eopen flag, and do so with command line stuff.

    >This seems to be stuck in some sort of loop. But that Resource temporarily
    >unavailable error looks promising. Could be a bug in the mailer, or just
    >some fundimental problem with checking imap mail when you are actually on
    >the server.


    I'm wondering if its a local configuration on the server. Have you tried
    to use the client to connect to another server (does your ISP use IMAP?).

    >Not sure what my next steps are other than


    Why not pop over to comp.mail.imap (try a google search first).

    Old guy


+ Reply to Thread