Date: Wed, 14 Dec 2016 11:42:39 +0100 From: marcel <marcel.plouf@gmail.com> To: Ernie Luzar <luzar722@gmail.com> Cc: jail@freebsd.org Subject: Re: Closing ports in jail with ipfw Message-ID: <20161214114239.60b7fb48@marcel-laptop.lan> In-Reply-To: <5844B557.7050304@gmail.com> References: <20161117233607.3430afd4@marcel-laptop.lan> <5844B557.7050304@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Mon, 05 Dec 2016 08:31:19 +0800, Ernie Luzar <luzar722@gmail.com> a =C3=A9crit : > marcel wrote: > > Hi there, > >=20 > > I've created a jail and when I do a nmap on his IP, I can see that > > port 25 and 22 are open but I don't want. So i've tried to create > > an IPFW rule by adding 'ipwf -q add 00290 deny all from router to > > jail' to my host ipfw conf file and applied it but ports jail are > > still open. How can I close or open the ports of my jail ? > >=20 > > Thanks ! =20 >=20 > You can not run nmap on the host targeting the jails ip. Doing so > only shows you open ports on the host. You have to run nmap from a > computer on a different public ip address targeting the public ip > address assigned to the jail. If jail is using a non-routeable ip > address, nmap is useless in looking for jail open ports. Hi ! Sorry for silence, I was not able to answer. Yeah I understand, maybe netstat -an in jail is more useful ? When I do that I see port 25 and 514 are open but if I haven't looked yet what is this port 514 I imagine both of these ports are not closable (or it's not advised)=20 isnt'it ?=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161214114239.60b7fb48>