HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Problem opening firewall port (http://www.howtoforge.com/forums/showthread.php?t=199)

weedguy 5th August 2005 20:02

Problem opening firewall port
 
I have ISPConfig installed on a Fedora Core 4 box. ISPConfig is working perfectly. However, I also want to use my computer as a samba file server. I need to open up a few firewall ports to do this. I used the ISPConfig control panel and tried to open port 137. I restarted the firewall using the control panel. Before and after I did this, I ran nmap and got the following output:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-05 13:54 EDT
Interesting ports on ddnsserver1.hopto.org (192.168.0.10):
(The 1644 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
734/tcp open unknown
761/tcp open kpasswd
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
3306/tcp open mysql
32770/tcp open sometimes-rpc3

Nmap finished: 1 IP address (1 host up) scanned in 0.253 seconds

As the listing shows, port 137 is not open. How can I open up port 137?

till 6th August 2005 11:31

Quote:

Originally Posted by weedguy
I have ISPConfig installed on a Fedora Core 4 box. ISPConfig is working perfectly. However, I also want to use my computer as a samba file server. I need to open up a few firewall ports to do this. I used the ISPConfig control panel and tried to open port 137. I restarted the firewall using the control panel. Before and after I did this, I ran nmap and got the following output:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-05 13:54 EDT
Interesting ports on ddnsserver1.hopto.org (192.168.0.10):
(The 1644 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
734/tcp open unknown
761/tcp open kpasswd
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
3306/tcp open mysql
32770/tcp open sometimes-rpc3

Nmap finished: 1 IP address (1 host up) scanned in 0.253 seconds

As the listing shows, port 137 is not open. How can I open up port 137?


Have you installed SAMBA and started it?

falko 6th August 2005 13:45

Quote:

Have you installed SAMBA and started it?
Yes, you have to start Samba. You can run

Code:

iptables -L
to see which ports are open in the firewall.

weedguy 7th August 2005 00:41

Samba is running
 
Samba is running and working correctly. Also, I am aware of the command iptables -L listing the ports but the installation instructions for ISPConfig instructed me to turn the firewall off. This is why I used the command nmap to show the ports that are actually open.

till 7th August 2005 11:28

Quote:

Originally Posted by weedguy
Samba is running and working correctly. Also, I am aware of the command iptables -L listing the ports but the installation instructions for ISPConfig instructed me to turn the firewall off. This is why I used the command nmap to show the ports that are actually open.

The ISPConfig firewall is a IPTables firewall.

falko 7th August 2005 14:33

Quote:

Originally Posted by till
The ISPConfig firewall is a IPTables firewall.

Yes, I was thinking that you were running the ISPConfig firewall... ;)

weedguy 7th August 2005 23:39

Could this be an installation problem?
 
I was wondering if this could be an installation problem. I followed the installation instructions for Fedora Core 4. However, instead of selecting the indicated packages to install, I selected everything. Is it possible that selecting everything to install is adding something that is setting up the firewall?

falko 8th August 2005 00:57

Quote:

Originally Posted by weedguy
Is it possible that selecting everything to install is adding something that is setting up the firewall?

Maybe. Can you post the output of
Code:

iptables -L
here?

weedguy 8th August 2005 15:02

iptables output
 
I executed /etc/init.d/iptables and got: Firewall is stopped.

The output for iptables -L is:

[root@ddnsserver1 servadmin]# /sbin/iptables -L
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain PAROLE (10 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
PAROLE tcp -- anywhere anywhere tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

falko 8th August 2005 15:17

This looks like the ISPConfig firewall is running. You can control it from the web interface: Management -> Server -> Services.


All times are GMT +2. The time now is 02:54.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.