)
Then, from another Linux machine on the Internet, type the following:
# nmap 323.45.67.89
Starting nmap 4.11 ( http:// www.insecure.org/nmap/ ) at 2007-11-16 14:56 CDT
Interesting ports on 323.45.67.89:
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
113/tcp open auth
4000/tcp open remoteanything
MAC Address: 00:0D:61:22:D3:11 (Giga-Byte Technology Co.)
Nmap run completed -- 1 IP address (1 host up) scanned in 72.951 seconds
The output shows that 1653 ports scanned on this address were closed (blocked from access)
and 6 were open. Services not filtered include TCP ports 21, 22, 53, 80, 113, and 4000 (which
you made available when you set up the firewall earlier). The seven services shown as open in the
example all have servers running currently and listening on the open ports.
It??™s possible that you won??™t have access to a Linux machine on the Internet to test outside access
to your computer. If you have another computer on your LAN, try running nmap from that computer.
If you have only Windows machines, you can always run a bootable Linux and try nmap
from that.
Using iptables to Do SNAT or IP Masquerading
You can use Source Network Address Translation (SNAT) or IP Masquerading (MASQUERADE) to
allow computers on your LAN with private IP addresses to access the Internet through your iptables
firewall.
Pages:
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935