nemapuji se vnejsi porty
Michal Vymazal
gandalf na mbox.vol.cz
Sobota Prosinec 29 11:36:51 CET 2001
jhajas wrote:
> Mam vazny problem. Vubec nevim proc ale najednou z niceho nic se mi na
> mem domacim serveru, ktery pouzivam zaroven jako firewall nemapuji porty
> na vnejsi interface. Je tam jen samba, ketra ma ale stejne zakazane v
> smb.conf prijimat pozadavky z eth0. Firewallovacima pravidlama by to byt
> nemelo. Postupne jsem povolil vsechny tcp porty a stejne nic. Pritom
> kdyz zkontroluju nstat -ln tak to vypada ze demoni poslouchaji spravne.
> Omlouvam se jestli je to neco jednuducheho ale vazne jsem uz zoufaly,
> nevim jak dal a potrebuju do zitra donutit minimalne to sshcko aby bylo
> dostupne zvenku.
>
> Vypada to takhle:
>
> # nmap nax.hn.org
>
> Starting nmap V. 2.12 by Fyodor (fyodor na dhp.com, www.insecure.org/nmap/)
> sendto in send_tcp_raw: sendto(3, packet, 40, 0, 62.24.91.166, 16) =>
> Operation not permitted
> Interesting ports on www.nax.hn.org (62.24.91.166):
> Port State Protocol Service
> 139 open tcp netbios-ssn
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 19 seconds
> [naxsite:/home/nax 11:49:24 Fri Dec 28]
> # nmap localhost
>
> Starting nmap V. 2.12 by Fyodor (fyodor na dhp.com, www.insecure.org/nmap/)
> sendto in send_tcp_raw: sendto(3, packet, 40, 0, 127.0.0.1, 16) =>
> Operation not permitted
> Interesting ports on localhost (127.0.0.1):
> Port State Protocol Service
> 21 open tcp ftp
> 22 open tcp ssh
> 111 open tcp sunrpc
> 139 open tcp netbios-ssn
> 826 open tcp unknown
> 904 open tcp unknown
> 2049 open tcp nfs
> 2401 open tcp cvspserver
> 3306 open tcp mysql
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
> [naxsite:/home/nax 11:49:32 Fri Dec 28]
> # nmap 192.168.1.1
>
> Starting nmap V. 2.12 by Fyodor (fyodor na dhp.com, www.insecure.org/nmap/)
> sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.1.1, 16) =>
> Operation not permitted
> Interesting ports on (192.168.1.1):
> Port State Protocol Service
> 21 open tcp ftp
> 22 open tcp ssh
> 111 open tcp sunrpc
> 139 open tcp netbios-ssn
> 826 open tcp unknown
> 904 open tcp unknown
> 2049 open tcp nfs
> 2401 open tcp cvspserver
> 3306 open tcp mysql
>
> # netstat -ln
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:2401 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:904 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:826 0.0.0.0:* LISTEN
> udp 0 0 0.0.0.0:2049 0.0.0.0:*
> udp 0 0 0.0.0.0:901 0.0.0.0:*
> udp 0 0 192.168.1.1:137 0.0.0.0:*
> udp 0 0 0.0.0.0:137 0.0.0.0:*
> udp 0 0 192.168.1.1:138 0.0.0.0:*
> udp 0 0 0.0.0.0:138 0.0.0.0:*
> udp 0 0 0.0.0.0:824 0.0.0.0:*
> udp 0 0 0.0.0.0:111 0.0.0.0:*
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node Path
> unix 2 [ ACC ] STREAM LISTENING 565
> /var/run/mysqld/mysqld.sock
> unix 2 [ ACC ] STREAM LISTENING 600
> /tmp/.font-unix/fs7100
> unix 2 [ ACC ] STREAM LISTENING 47 /var/run/pump.sock
> unix 2 [ ACC ] STREAM LISTENING 336 /dev/log
> unix 2 [ ACC ] STREAM LISTENING 535 /dev/gpmctl
>
A copak mate nastaveno v /etc/hosts.deny a /etc/hosts.allow?
--
Michal Vymazal
gandalf na mbox.vol.cz
Home Computer
Další informace o konferenci Linux