1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk firewall module issues

Discussion in 'Plesk for Linux - 8.x and Older' started by sinbad, Feb 6, 2010.

  1. sinbad

    sinbad Guest

    0
     
    Hi all,
    I have been using the Plesk firewall module for a while and thought everything is cool with it.
    recently my PCI company sent me an email that all my ports are open on my VPS.

    When I try nmap the box locally from the shell I get 986 ports closed.
    when I try nmap the server IP from remote computer I get 968 ports closed.
    There are many ports open here that I never allowed in the firewall module.
    I have a 'Block all other incoming traffic' rule so I expected to have much less open ports in the scan.

    this is the output of my local nmap scan
    Code:
    21/tcp   open  ftp
    25/tcp   open  smtp
    80/tcp   open  http
    106/tcp  open  pop3pw
    110/tcp  open  pop3
    143/tcp  open  imap
    443/tcp  open  https
    465/tcp  open  smtps
    783/tcp  open  spamassassin
    993/tcp  open  imaps
    995/tcp  open  pop3s
    1500/tcp open  vlsi-lm
    3306/tcp open  mysql
    8443/tcp open  https-alt
    which match the rule I have set in the firewall module.

    however when scanned from my home I get this
    Code:
    Not shown: 968 closed ports
    PORT     STATE SERVICE
    1/tcp    open  tcpmux
    21/tcp   open  ftp
    22/tcp   open  ssh
    24/tcp   open  priv-mail
    25/tcp   open  smtp
    30/tcp   open  unknown
    43/tcp   open  whois
    80/tcp   open  http
    110/tcp  open  pop3
    113/tcp  open  auth
    125/tcp  open  locus-map
    143/tcp  open  imap
    199/tcp  open  smux
    256/tcp  open  fw1-secureremote
    301/tcp  open  unknown
    311/tcp  open  asip-webadmin
    417/tcp  open  onmux
    443/tcp  open  https
    481/tcp  open  dvs
    512/tcp  open  exec
    541/tcp  open  uucp-rlogin
    554/tcp  open  rtsp
    667/tcp  open  unknown
    720/tcp  open  unknown
    722/tcp  open  unknown
    873/tcp  open  rsync
    993/tcp  open  imaps
    995/tcp  open  pop3s
    1025/tcp open  NFS-or-IIS
    1723/tcp open  pptp
    3389/tcp open  ms-term-serv
    8080/tcp open  http-proxy

    this is what I have under plesk firewall
    Code:
     ssh_custom	Allow incoming from all on port 1500/tcp	 
    Plesk administrative interface	Allow incoming from all
    WWW server	Allow incoming from all
    FTP server	Allow incoming from all
    SSH (secure shell) server	Deny incoming from all
    SMTP (submission port) server	Allow incoming from all
    SMTP (mail sending) server	Allow incoming from all
    POP3 (mail retrieval) server	Allow incoming from all
    IMAP (mail retrieval) server	Allow incoming from all
    Mail password change service	Deny incoming from all
    MySQL server	Allow incoming from xx.xx.xx.xx, 127.0.0.1
    Deny incoming from all others
    PostgreSQL server	Allow incoming from xx.xx.xx.xx, 127.0.0.1
    Deny incoming from all others
    Tomcat administrative interface	Deny incoming from all
    Samba (file sharing in Windows networks)	Deny incoming from all
    Plesk VPN	Allow incoming from all
    Domain name server	Allow incoming from all
    Ping service	Deny incoming from all
    System policy for incoming traffic	Deny all other incoming traffic
    mailOut	Allow outgoing to all on ports 143/tcp, 465/tcp	 
    System policy for outgoing traffic	Deny all other outgoing traffic
    System policy for forwarding of traffic	Deny forwarding of all other traffic
    Anyone can explain why do I get 2 different results and why do I have listed 986 closed ports where they all suppose to be closed except the few rules I allowed?

    Will appreciate any response...
     
Loading...