IPFilter and Nmap

Toan Hoang ignorabimus2002 at hotmail.com
Tue Sep 23 14:46:10 PDT 2003 

>From: Mark Woodson <mwoodson at sricrm.com>
>But you had IPFILTER_BLOCK_DEFAULT listed, so you'll need to replace
>it with IPFILTER_DEFAULT_BLOCK and recompile.

all done, just typing error since i'm using the windows machine to write 
email

>If you don't have another box sitting behind that box (it's not a
>gateway machine) then you do not need ipnat_enable.  There's no point
>in doing network address translation for a single box.

removed ipnat_enable for now (this gonna be a gateway/server box)

>Yes.  You had the wrong configuration bit in your kernel.

Actually not, I just typed wrong

>A question I should have asked.  You compiled and installed your
>kernel correct?  Rebooted after that?

Copied GENERIC to my own.
did
/usr/sbin/config -g FIREWALL
cd ../../compile/FIREWALL
make depend
make
make
install

is that correct? I've updated then from 4.8-STABLE to 4.9PRERELEASE


>To see the rules that are currently loaded for the input side:
>ipfstat -i

block in quick on fxp0 from 0.0.0.0/32 to any
block in quick on fxp0 from 255.255.255.255/32 to any
block in quick on fxp0 from 127.0.0.0/8 to any
block in quick on fxp0 from 192.168.0.0/16 to any
block in quick on fxp0 from 172.16.0.0/12 to any
block in quick on fxp0 from 10.0.0.0/8 to any
block in on fxp0 proto tcp from any to any flags S/SA
block in from any to any
pass in quick on fxp0 proto tcp from any to any port = 80 flags S/SA keep 
state
pass in quick on fxp0 proto udp from x.x.x.x/32 to any port = 68 keep state
block return-rst in log quick on fxp0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on fxp0 proto udp from any 
to any
block in log quick on fxp0 from any to any
block in quick on dc0 from any to any
pass in quick on lo0 from any to any

>For the output side
>ipfstat -o

block out on fxp0 proto tcp from any to any flags SA/SA
pass out quick on fxp0 proto tcp from any to any keep state
pass out quick on fxp0 proto udp from any to any keep state
pass out quick on fxp0 proto icmp from any to any keep state
block out quick on fxp0 from any to any
block out quick on dc0 from any to any
pass out quick on lo0 from any to any

with nmap -v -sS [ip] I get
(The 1656 ports scanned but not shown below are in state: closed)
PORT   STATE SERVICE
80/tcp open  http

Nmap run completed -- 1 IP address (1 host up) scanned in 1.781 seconds

with nmap -v -sT [ip] I get
(The 1647 ports scanned but not shown below are in state: filtered)
PORT     STATE SERVICE
25/tcp   open  smtp
80/tcp   open  http
81/tcp   open  hosts2-ns
82/tcp   open  xfer
83/tcp   open  mit-ml-dev
110/tcp  open  pop-3
119/tcp  open  nntp
1080/tcp open  socks
5190/tcp open  aol
8080/tcp open  http-proxy

Nmap run completed -- 1 IP address (1 host up) scanned in 430.313 seconds



any ideas??

regards Toan

_________________________________________________________________
Hotmail snakker ditt språk! 
http://www.hotmail.msn.com/cgi-bin/sbox?rru=dasp/lang.asp - Få Hotmail på 
norsk i dag

More information about the freebsd-stable mailing list