yast FIREWALL configuration

erik100 · September 11, 2009, 4:56pm

Hello,

In yast I have setup/open ports
22 (ssh)
25 (smtp)
53 (dns)
80 (http)
443 (https)
465 (smtps)
993 (imaps)
10000 (webmin)

Problem is that I can’t access server/webmin from internet by typing https://my_ip_address:10000 …
I can only access webmin on port 10000 if accessed from local network. All the ports in my router are opened and pointing to internal ip address of a server. However, I find it strange that I can easy connect to port 22 (ssh) from internet but not to port 10000?

Also if I run command nmap -v -sS -O 127.0.0.1 from konsole I get the following output:

Starting Nmap 4.75 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-09-11 23:51 JST
Initiating SYN Stealth Scan at 23:51
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 111/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Completed SYN Stealth Scan at 23:51, 0.03s elapsed (1000 total ports)
Initiating OS detection (try #1) against localhost (127.0.0.1)
Host localhost (127.0.0.1) appears to be up … good.
Interesting ports on localhost (127.0.0.1):
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.25
Uptime guess: 0.073 days (since Fri Sep 11 22:06:46 2009)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros

Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .
Nmap done: 1 IP address (1 host up) scanned in 1.60 seconds
Raw packets sent: 1019 (45.598KB) | Rcvd: 2045 (87.076KB)

How come there are open ports (111, 631) in my fresh installation if they are not shown as open in yast firewal configuration.
Most important is why port 10000 is not showing/opened as configured in yast firewal?

Thanks

erik100 · September 11, 2009, 5:17pm

and here is the output of iptables which shows different output …

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0 state RELATED
input_ext all – 0.0.0.0/0 0.0.0.0/0
input_ext all – 0.0.0.0/0 0.0.0.0/0
input_ext all – 0.0.0.0/0 0.0.0.0/0
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN- ILL-TARGET ’
DROP all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD -ILL-ROUTING ’

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT -ERROR ’

Chain forward_ext (0 references)
target prot opt source destination

Chain input_ext (3 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0 icmp type 8
LOG tcp – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:10000 flags:0x17/0x02 LOG fl ags 6 level 4 prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:993 flags:0x17/0x02 LOG flag s 6 level 4 prefix SFW2-INext-ACC-TCP ’
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
LOG tcp – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:80 flags:0x17/0x02 LOG flags 6 level 4 prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:443 flags:0x17/0x02 LOG flag s 6 level 4 prefix SFW2-INext-ACC-TCP ’
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
LOG tcp – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:53 flags:0x17/0x02 LOG flags 6 level 4 prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:25 flags:0x17/0x02 LOG flags 6 level 4 prefix SFW2-INext-ACC-TCP ’
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
LOG tcp – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:465 flags:0x17/0x02 LOG flag s 6 level 4 prefix SFW2-INext-ACC-TCP ' ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix SFW2-INext-ACC-TCP ’
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:80
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:443
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:53
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 leve l 4 prefix SFW2-INext-DROP-DEFLT ' DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 leve l 4 prefix SFW2-INext-DROP-DEFLT ’
LOG icmp – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix SFW2-INe xt-DROP-DEFLT ' LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix SFW2-INe xt-DROP-DEFLT ’
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 pr efix `SFW2-INext-DROP-DEFLT-INV ’
DROP all – 0.0.0.0/0 0.0.0.0/0

Chain reject_func (0 references)
target prot opt source destination
REJECT tcp – 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT udp – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable

erik100 · September 11, 2009, 5:47pm

This if /var/log/firewall output when trying to connect from internet to port 10000

Sep 12 00:38:42 linux-pinguin kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=----------------------------------------- SRC=85.25.130.90 DST=192.168.0.10 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=41642 DF PROTO=TCP SPT=2100 DPT=10000 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055801010402)
Sep 12 00:38:43 linux-pinguin kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=----------------------------------------- SRC=85.25.130.90 DST=192.168.0.10 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=41645 DF PROTO=TCP SPT=2100 DPT=10000 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055801010402)
Sep 12 00:38:44 linux-pinguin kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=----------------------------------------- SRC=85.25.130.90 DST=192.168.0.10 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=41647 DF PROTO=TCP SPT=2100 DPT=10000 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055801010402)

swerdna · September 11, 2009, 10:30pm

This is well beyond me but here’s a drive by thought: try turning off iptables or maybe just su then “rcSuSEfirewall2 stop” to see if the routing and port forwarding works (maybe it’s not the firewall).

And this is a bit interesting too: webmin port 10000 not going through - LinuxQuestions.org

erik100 · September 11, 2009, 10:37pm

@swerdna,

thank you for your reply, however I have already found the problem, there was a problem because webmin was blocking all IPs except local ones. I have just added extra IP and restarted webmin.