Problem opening firewall port

Discussion in 'General' started by weedguy, Aug 5, 2005.

  1. weedguy

    weedguy New Member

    I have ISPConfig installed on a Fedora Core 4 box. ISPConfig is working perfectly. However, I also want to use my computer as a samba file server. I need to open up a few firewall ports to do this. I used the ISPConfig control panel and tried to open port 137. I restarted the firewall using the control panel. Before and after I did this, I ran nmap and got the following output:

    Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-05 13:54 EDT
    Interesting ports on ddnsserver1.hopto.org (192.168.0.10):
    (The 1644 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    81/tcp open hosts2-ns
    110/tcp open pop3
    111/tcp open rpcbind
    139/tcp open netbios-ssn
    143/tcp open imap
    443/tcp open https
    445/tcp open microsoft-ds
    734/tcp open unknown
    761/tcp open kpasswd
    993/tcp open imaps
    995/tcp open pop3s
    2049/tcp open nfs
    3306/tcp open mysql
    32770/tcp open sometimes-rpc3

    Nmap finished: 1 IP address (1 host up) scanned in 0.253 seconds

    As the listing shows, port 137 is not open. How can I open up port 137?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer


    Have you installed SAMBA and started it?
     
  3. falko

    falko Super Moderator Howtoforge Staff

    Yes, you have to start Samba. You can run

    Code:
    iptables -L
    to see which ports are open in the firewall.
     
  4. weedguy

    weedguy New Member

    Samba is running

    Samba is running and working correctly. Also, I am aware of the command iptables -L listing the ports but the installation instructions for ISPConfig instructed me to turn the firewall off. This is why I used the command nmap to show the ports that are actually open.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The ISPConfig firewall is a IPTables firewall.
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Yes, I was thinking that you were running the ISPConfig firewall... ;)
     
  7. weedguy

    weedguy New Member

    Could this be an installation problem?

    I was wondering if this could be an installation problem. I followed the installation instructions for Fedora Core 4. However, instead of selecting the indicated packages to install, I selected everything. Is it possible that selecting everything to install is adding something that is setting up the firewall?
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Maybe. Can you post the output of
    Code:
    iptables -L
    here?
     
  9. weedguy

    weedguy New Member

    iptables output

    I executed /etc/init.d/iptables and got: Firewall is stopped.

    The output for iptables -L is:

    [root@ddnsserver1 servadmin]# /sbin/iptables -L
    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- anywhere 127.0.0.0/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain PAROLE (10 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (3 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:ssh
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:domain
    PAROLE tcp -- anywhere anywhere tcp dpt:http
    PAROLE tcp -- anywhere anywhere tcp dpt:81
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3
    PAROLE tcp -- anywhere anywhere tcp dpt:https
    PAROLE tcp -- anywhere anywhere tcp dpt:10000
    PAROLE tcp -- anywhere anywhere tcp dpt:netbios-ns
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (3 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
     
  10. falko

    falko Super Moderator Howtoforge Staff

    This looks like the ISPConfig firewall is running. You can control it from the web interface: Management -> Server -> Services.
     
  11. weedguy

    weedguy New Member

    The ISPConfig control panel was used

    I used the ISPConfig control panel at Management->Server->Services to try and open port 137. After I tried to open the port I ran the nmap command. The nmap command shows that port 137 is still closed. This thread is asking if anyone knows why port 137 is still closed even though the ISPConfig control panel was used to open port 137.
     
  12. falko

    falko Super Moderator Howtoforge Staff

    Did you start Samba? And as far as I know you should also open the ports 138 and 139 for Samba.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    If i remeber correctly, it is Port 137 - 139 TCP and UDP.
     
  14. weedguy

    weedguy New Member

    Problem appears to be solved

    The answer to the question, "why does nmap show that ports are closed when the ISPConfig says that they are open" is, don't trust nmap.

    I used ISPConfig to open the following ports:

    Samba 137 udp yes
    Samba 138 udp yes
    Samba 139 udp yes
    Samba 445 udp yes
    Samba 137 tcp yes
    Samba 138 tcp yes
    Samba 139 tcp yes
    Samba 445 tcp yes

    The nmap command shows that the ports are closed. However, I got on my Windows XP machine and my file share worked perfectly. The conclusion, therefore, seems to be, don't trust nmap to tell you what is actually open.
     
    Last edited: Aug 9, 2005
  15. KenMcGinnis

    KenMcGinnis New Member

    port 139 and Gaelicum.a virus

    many of the EXE files on my web sites keep getting infected with this virus. I tried to turn the ispconfig firewall on and block the port but now I can't even access the ispconfig admin web site.

    1. How do I stop the ispconfig firewall from the commnad line?
    2. How can I access the ispconfig admin screen without going through a browser?
     
  16. falko

    falko Super Moderator Howtoforge Staff

    Code:
    /etc/init.d/bastille-firewall stop
    You cannot access it at all then...
    You cannot block the ports 81 (ISPConfig) and 22 (SSH) from the ISPConfig web interface, so something weird must be going on on your system.
     

Share This Page