Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 05 Dec 2016 08:31:19 +0800
From:      Ernie Luzar <luzar722@gmail.com>
To:        marcel <marcel.plouf@gmail.com>
Cc:        jail@freebsd.org
Subject:   Re: Closing ports in jail with ipfw
Message-ID:  <5844B557.7050304@gmail.com>
In-Reply-To: <20161117233607.3430afd4@marcel-laptop.lan>
References:  <20161117233607.3430afd4@marcel-laptop.lan>

next in thread | previous in thread | raw e-mail | index | archive | help
marcel wrote:
> Hi there,
> 
> I've created a jail and when I do a nmap on his IP, I can see that port
> 25 and 22 are open but I don't want. So i've tried to create an IPFW
> rule by adding 'ipwf -q add 00290 deny all from router to jail' to my
> host ipfw conf file and applied it but ports jail are still open. How
> can I close or open the ports of my jail ?
> 
> Thanks !

You can not run nmap on the host targeting the jails ip. Doing so only 
shows you open ports on the host. You have to run nmap from a computer 
on a different public ip address targeting the public ip address 
assigned to the jail. If jail is using a non-routeable ip address, nmap 
is useless in looking for jail open ports.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5844B557.7050304>