Linux OpenSuse42.3 – port status

birdflow asked:

I am redirecting this question from another site as I have a problem, which I hope somebody can point me to the right direction.

Problem >>>

A) Our external provider (connects via VPN) needs to access "OpenSuse42.3" to specific ports, which
"nmap" or "ncat" tools shows as "filtered" or "refused".

B) No services are listening on these ports.

C) No firewall is running on this server.

D) Security team opened these ports on firewall with evidence that connection get reset by server
"OpenSuse42.3".

Test runs from "10.10.10.2" to "10.10.10.1" (problem server) from provider VPN connection (from my computer)

Example 1 : from "10.10.10.2"

nmap -sT -p1101,3050 10.10.10.1

 PORT     STATE    SERVICE
 1101/tcp filtered pt2-discover
 3050/tcp filtered gds_db

Example 2 : from "10.10.10.2"

nc -z -v 10.10.10.1 1101

  Ncat: Version 7.50 ( https://nmap.org/ncat )
  Ncat: Connection refused.

nc -z -v 10.10.10.1 3050

  Ncat: Version 7.50 ( https://nmap.org/ncat )
  Ncat: Connection refused.

Example 3: on server "10.10.10.1"

tcpdump -n -i eth0 port 1101 or port 3050 -v

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

13:00:28.940582 IP (tos 0x0, ttl 64, id 32383, offset 0, flags [DF], proto TCP (6), length 60) 
10.10.10.2.58000 > 10.10.10.1.1101: Flags [S], cksum 0xa3fc (correct), seq 3906215335, win 29200, 
options [mss 1460,sackOK,TS val 1388733400 ecr 0,nop,wscale 7], length 0

13:00:28.940662 IP (tos 0x0, ttl 64, id 40440, offset 0, flags [DF], proto TCP (6), length 40) 
10.10.10.1.1101 > 10.10.10.2.58000: Flags [R.], cksum 0x347b (correct), seq 0, ack 3906215336, win 0, 
length 0

13:00:31.263502 IP (tos 0x0, ttl 64, id 60627, offset 0, flags [DF], proto TCP (6), length 60) 
10.10.10.2.40830 > 10.10.10.1.3050: Flags [S], cksum 0x8bc2 (correct), seq 3504308280, win 29200, 
options [mss 1460,sackOK,TS val 1388735723 ecr 0,nop,wscale 7], length 0

13:00:31.263569 IP (tos 0x0, ttl 64, id 40888, offset 0, flags [DF], proto TCP (6), length 40) 
10.10.10.1.3050 > 10.10.10.2.40830: Flags [R.], cksum 0x2554 (correct), seq 0, ack 3504308281, win 0, 
length 0

BUT

As soon as I put something on the server like – "nc -l 1101" or "nc -l 3050" problem disappears, which makes sense. To my knowledge "nmap" tool usually shows port status as "closed" if port is not firewalled and service is not running and "open" if service is running on this port.

Question

Are ports opened or closed ??? I think that I am correct and ports ARE OPEN. What else do I check, because provider keep insisting that ports are closed on "10.10.10.1" and he cannot continue his work. He uses test as – "telnet 10.10.10.1 1101".

Please let me know if something is unclear in this situation and I will respond.

Appreciate it !!!!

My answer:


The ports are obviously closed, because no service is listening on them, and they return an RST in response to a SYN. They can’t be open, because no service is listening. You even demonstrated this yourself with nc -l.

You seem to be confusing open vs. closed (whether a service listens on the port) with allowed vs. denied (whether the port is firewalled). The ports are clearly not firewalled either.

If a service is supposed to be listening on that port, you need to start that service.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.