My problem seems to be solved :P Guess I didn't have a problem to start ;) It seems my office machine, running Windows XP is malfunctioning :(
Because iptables returned the same tcp-reset packets for port 25 and 199, iptables could not be the problem. So I fired up my RedHat box and run nmap, port 25 and 110 were nicely closed :) Look... scanning for port 25 running windows xp seems to be the same as scanning port 80 :duh: --- windump snippet --- 23:54:41.278782 IP ws001.mydomain.local > 10.0.0.4: icmp 8: echo request seq 58397 23:54:41.278959 IP ws001.mydomain.local.57485 > 10.0.0.4.80: . ack 2311551262 win 4096 23:54:42.162474 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50 23:54:43.662460 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50 23:54:45.162853 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50 23:54:47.283179 IP ws001.mydomain.local > 10.0.0.4: icmp 8: echo request seq 58653 23:54:47.283239 IP ws001.mydomain.local.57486 > 10.0.0.4.80: . ack 1531410782 win 1024 --- // --- Thanx everyone, especially Raffaela D'Elia. I learned a lot from this. Ronald -----Original Message----- From: Raffaele D'Elia [mailto:[EMAIL PROTECTED] Sent: maandag 26 januari 2004 22:51 To: Ronald Laarman; [email protected] Subject: RE: Iptables can't close port 25 and 110 But nmap recognize port 25 opened and 199 closed. What kind of scan are you doing? Try tcpdump on the sender host too. The packets looks the same? May be the sending host is mangling the packets somwhere in the path from the server to the client. Radel ************************************************************************ ** Questo messaggio puo' contenere informazioni di carattere estremamente riservato e confidenziale. Qualora non foste i destinatari, vogliate immediatamente informarci con lo stesso mezzo ed eliminare il messaggio, con gli eventuali allegati, senza trattenerne copia. Qualsivoglia utilizzo non autorizzato del contenuto di questo messaggio costituisce violazione dell'obbligo di non prendere cognizione della corrispondenza tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile alle relative conseguenze civili e penali. This message is being sent from Starcom Italia Srl and may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. Any unauthorized use of the content of this message is a breach of your duty to respect the confidentiality of the correspondence between other persons and can expose the responsible party to civil and/or criminal penalties, and may constitute a more serious offense. ************************************************************************ **
