• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Firewall module issues

S

sinbad

Guest
Hi all,
I have been using the Plesk firewall module for a while and thought everything is cool with it.
recently my PCI company sent me an email that all my ports are open on my DV.

When I try nmap the box locally from the shell I get 986 ports closed.
when I try nmap the server IP from remote computer I get 968 ports closed.

this is the output of my local nmap scan
Code: 
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
106/tcp  open  pop3pw
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
783/tcp  open  spamassassin
993/tcp  open  imaps
995/tcp  open  pop3s
1500/tcp open  vlsi-lm
3306/tcp open  mysql
8443/tcp open  https-alt
which match the rule I have set in the firewall module.

however when scanned from my home I get this
Code: 
Not shown: 968 closed ports
PORT     STATE SERVICE
1/tcp    open  tcpmux
21/tcp   open  ftp
22/tcp   open  ssh
24/tcp   open  priv-mail
25/tcp   open  smtp
30/tcp   open  unknown
43/tcp   open  whois
80/tcp   open  http
110/tcp  open  pop3
113/tcp  open  auth
125/tcp  open  locus-map
143/tcp  open  imap
199/tcp  open  smux
256/tcp  open  fw1-secureremote
301/tcp  open  unknown
311/tcp  open  asip-webadmin
417/tcp  open  onmux
443/tcp  open  https
481/tcp  open  dvs
512/tcp  open  exec
541/tcp  open  uucp-rlogin
554/tcp  open  rtsp
667/tcp  open  unknown
720/tcp  open  unknown
722/tcp  open  unknown
873/tcp  open  rsync
993/tcp  open  imaps
995/tcp  open  pop3s
1025/tcp open  NFS-or-IIS
1723/tcp open  pptp
3389/tcp open  ms-term-serv
8080/tcp open  http-proxy
There are many ports open here that I never allowed in the firewall module.
I have a 'Block all other incoming traffic' rule so I expected to have much less open ports in the scan.

this is what I have under plesk firewall
Code: 
 ssh_custom	Allow incoming from all on port 1500/tcp	 
Plesk administrative interface	Allow incoming from all
WWW server	Allow incoming from all
FTP server	Allow incoming from all
SSH (secure shell) server	Deny incoming from all
SMTP (submission port) server	Allow incoming from all
SMTP (mail sending) server	Allow incoming from all
POP3 (mail retrieval) server	Allow incoming from all
IMAP (mail retrieval) server	Allow incoming from all
Mail password change service	Deny incoming from all
MySQL server	Allow incoming from xx.xx.xx.xx, 127.0.0.1
Deny incoming from all others
PostgreSQL server	Allow incoming from xx.xx.xx.xx, 127.0.0.1
Deny incoming from all others
Tomcat administrative interface	Deny incoming from all
Samba (file sharing in Windows networks)	Deny incoming from all
Plesk VPN	Allow incoming from all
Domain name server	Allow incoming from all
Ping service	Deny incoming from all
System policy for incoming traffic	Deny all other incoming traffic
mailOut	Allow outgoing to all on ports 143/tcp, 465/tcp	 
System policy for outgoing traffic	Deny all other outgoing traffic
System policy for forwarding of traffic	Deny forwarding of all other traffic
Anyone can explain why do I get 2 different results and why do I have listed 986 closed ports where they all suppose to be closed except the few rules I allowed?

Will appreciate any response...
 
You must log in or register to reply here.

Similar threads

N
Resolved Plesk Firewall Import create double entries
Replies
1
Views
215
NormanHuth
N
K
Resolved no incoming mail
Replies
6
Views
1K
Martin Dias
Martin Dias
G
Issue Unable to send Mail
Replies
3
Views
862
Peter Debik
P
Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
798
Liwindo
Liwindo
S
Question NTP port
Replies
0
Views
516
stevenm
S
Back
Top