I monitored iptables on the scanner host and found it did NOT make ANY packets to probe the requested ports in the port list when scanning over VPN. So it's not the firewall that filters packets, but openvas NOT make them. But if scanning locally, it did make.
Anyone knows what occurred to the scanner? Thanks a lot! On Mon, Nov 23, 2015 at 2:00 PM, Eero Volotinen <[email protected]> wrote: > Sound like wrong routing table or poorly configured firewall. > 23.11.2015 9.34 ip. "Tianyi Yang" <[email protected]> kirjoitti: > >> I tested wget from scanner side to retrieve web page running on the >> scanned host. The packets on tcp port 80 were seen (and not discarded) by >> the kernel of the scanned. So it appears the scanned host can receive >> packets on port 80, and the scanner host can send packets to port 80 over >> the VPN. Does this indicate the firewalls do not block communications for >> http server? >> >> TY >> >> On Mon, Nov 23, 2015 at 12:26 PM, Eero Volotinen <[email protected]> >> wrote: >> >>> >>> >>> 2015-11-23 20:21 GMT+02:00 Tianyi Yang <[email protected]>: >>> >>>> The VPN connection seems ok. It's tested to be up after the scan job. >>>> And when the scan was running, I monitored on the scanned device side and >>>> saw packet incoming from and outgoing to the scanner. >>>> >>>> Could you provide more guidance about how the firewall (iptable) should >>>> be set up on the scanned host to allow scanning over VPN? It seems to be >>>> not banning all probes from VPN, e.g. ICMP, TCP 22 and UDP 69 are seen. An >>>> example kernel log is as follows: >>>> >>>> >>> Well, no. Please contact your network administrator team to help with >>> firewall settings. >>> >>> -- >>> Eero >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> >> >>
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
