[Leaplist] port inquiry fedora 5 boxen

William A. Mahaffey III wam at HiWAAY.net
Fri Mar 2 16:21:41 EST 2007 

doug jones wrote:

>all,
>
>I've been given access to a headless fedora box at a customer site with which
>to experiement with from my office (via ssh).  It's fedora 5 and I don't know
>details of install other than it would have been a simple one (firewall would
>have one of their simple settings {low/medium/high, on/off} ).  
>
>I'm playing with C code examples of sending and receiving udp packets.  I've
>got my receiving code running on the fedora in question and transmitting code on
>another remote box.  The remote box transmits a udp packet and I'm hoping to the
>receive the udp packet at the fedora box in question.  I'm using remote boxes
>for both ends because they both have static IPs and I can use hardcoded
>IPs in the C code and not have to figure out DHCP stuff yet.
>
>I can tell by using tcpdump that the udp packet gets to the fedora box but
>it doesn't make it to the user space code (or even if I compile and run it
>as root).  Since I know the packet makes it to the destination, I figure I
>have a firewall issue.  
>
>My question is, how do I determine what ports are allowed by whatever firewall
>may exist on the fedora box.  I'll be doing whatever tweaking thru a ssh login
>so no gui tools.  Also, I remembered something about nmap from long ago 
>experiements and see that nmap is NOT on the fedora box (and I don't know how
>to use YUM yet).  Are there other command line tools to determine if a 
>particular port is usable?
>
>I guess a very good thing to know is whether or not tcpdump is _after_ the 
>firewall.  If it is, then I've probably just got a code problem.
>
>Doug Jones
>  
>

The default FC5/6 rules just silently lose what they drop. You could add 
a rule to log what it is dropping (before actually dropping it) to help 
verify that it is the firewall & not something else (SELinux, for 
example) that's snagging you. For example, replace the default last rule 
in your (presumably otherwise box-stock :-) ) /etc/sysconfig/iptables 
file with:

-A INPUT -j LOG --log-prefix "FWDROP:" --log-level 5
-A INPUT -j DROP

& restart iptables. You will probably get a torrent of stuff in your 
syslog file from other services on the LAN (timed, various M$FT 
services, etc.), but it can help chase down this type of traffic ....

$0.02, no more, no less.

-- 

	William A. Mahaffey III

 ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                           -- Gen. George S. Patton Jr.

More information about the Leaplist mailing list