Hi,
I installed OpenSuse 11 and configured one of server’s NIC to external zone right after finish installation. And disconnected all the others NICs. Then I allow ssh to be public to external zone, save the settings and restart the Linux box.
So theoretically, only port 22 is visible to outside world.
However, when I use nmap to port scan the brand-new Suse11 box, the tcp port 21 was open. I ran the port scanning again and confirmed the port was opened. However, in iptables, the rule for accept “tcp 21” doesn’t exist.
Guys, I just figured out what’s happening.
The root cause is my ISP has a dummy ftp in front of my server. - not yet sure it’s for eavesdropping or mistakenly configured. Thanks for your time reading my question.
If your server install vsftpd, so after installation it will show in vsftpd server in the drop down menu of Allow Services.
Let’s follow: type command FTPServer:~# yast2 > Security and Users > Firewall > Allow Services > choose External Zone > and in the Service to Allow choose vsftpd Server (it lists at the bottom, you may not mention)> Click Add > after add select vsftpd Server in the field and then click on Advanced > modify TCP to port 20 or 21 > Ok > Ok
FTPServer:~# rcSuSEfirewall2 start