IPTABLES and Ports [solved]

mich04 · 2013-11-17 02:12:39

Hello, I was wondering if someone could help me with seeing what ports are open in iptables and which are closed. I tried iptables -L but the way it looks to me I can not see the ports. I was trying to open ports for samba originaly. So I found

https://wiki.archlinux.org/index.php/Sa … a_Security

I than proceded to type in the commands thinking I had throughly read the wiki. I did not see the part where it said replace INPUT with the correspondent TCP and UDP chains. The commands went in without error, I just want to make sur my configuration is still clean. Thanks I hope this all makes sense.

Last edited by mich04 (2013-11-17 23:21:20)

cfr · 2013-11-17 02:16:15

Do you plan on sharing your config or do you want us to guess?

brebs · 2013-11-17 02:19:25

An example:

netstat -tulpn

mich04 · 2013-11-17 03:41:30

I thought people could just access it or read my mind.

iptables

  GNU nano 2.2.6                                 File: /etc/iptables/iptables.rules                                                                          

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4:2253]
:TCP - [0:0]
:UDP - [0:0]
:logdrop - [0:0]
-A logdrop -j DROP
-A logdrop -m limit --limit 5/m --limit-burst 10 -j LOG
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A INPUT -m state --state INVALID -j logdrop
COMMIT

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      843/smbd            
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      256/perl            
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      202/vsftpd          
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      843/smbd            
tcp6       0      0 :::139                  :::*                    LISTEN      843/smbd            
tcp6       0      0 :::445                  :::*                    LISTEN      843/smbd            
udp        0      0 0.0.0.0:10000           0.0.0.0:*                           256/perl

cfr · 2013-11-17 22:21:20

Well you are jumping to chains which seem to have no rules in them e.g. TCP, UDP. Mind you, I'm not sure what my own rules are doing, either.

mich04 · 2013-11-17 22:50:41

orginaly I followed

https://wiki.archlinux.org/index.php/Si … NPUT_chain

And I was trying to add onto what I had did there.

mich04 · 2013-11-17 23:21:02

I see and understand the iptables more now. I needed to review the wiki I missed a lot on the bottom where it talks about the different attacks and rules to add to those two chains. I also understand the ports better, it is just hard to see. A graphical map would be easier, but I see them now. Thanks

https://wiki.archlinux.org/index.php/Si … UDP_chains

cfr · 2013-11-17 23:48:18

Yes. BSDs firewall is a lot easier. I am never really sure what my iptables config is, or is not, doing.

Also, the wiki page has changed in ways which now imply that the previous instructions set up a lot of things which would never actually get used. I suppose I should sit down with it again at some point and work through the new and hopefully improved instructions!

mich04 · 2013-11-21 04:35:19

I am updating this post with new information, To see ports more clearly one needs to install nmap and than run zenmap

pacman -S nmap
zenmap

in zenmap put your target network ip and just do a quick scan, which will tell you all the ports that are open on the hosts of your network.

BluMongoose · 2013-11-21 18:31:35

Another way to show them with iptables would be

iptables -nvL

*Edit: My apologies, I didn't notice this thread was solved.

Last edited by BluMongoose (2013-11-21 18:33:23)

Arch Linux

#1 2013-11-17 02:12:39

IPTABLES and Ports [solved]

#2 2013-11-17 02:16:15

Re: IPTABLES and Ports [solved]

#3 2013-11-17 02:19:25

Re: IPTABLES and Ports [solved]

#4 2013-11-17 03:41:30

Re: IPTABLES and Ports [solved]

#5 2013-11-17 22:21:20

Re: IPTABLES and Ports [solved]

#6 2013-11-17 22:50:41

Re: IPTABLES and Ports [solved]

#7 2013-11-17 23:21:02

Re: IPTABLES and Ports [solved]

#8 2013-11-17 23:48:18

Re: IPTABLES and Ports [solved]

#9 2013-11-21 04:35:19

Re: IPTABLES and Ports [solved]

#10 2013-11-21 18:31:35

Re: IPTABLES and Ports [solved]

Board footer