CentOS - Feb 2006 - nmap showing lots of ports open that shouldn't be

I have a  CentOS 4.2 machine. lokkit shows that a firewall is  
enabled, and it is customized to allow SSH, Web, and DNS traffic only.

But if I run nmap against the server IP (from my home machine,  
outside the local network) it shows over 1000 open ports. Am I not  
understanding nmap, or is there something seriously wrong here?

Here is a small snip of the nmap output (I can include it all if that  
is helpful, but it is quite long):

(The 202 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
1/tcp     open  tcpmux
2/tcp     open  compressnet
3/tcp     open  compressnet
4/tcp     open  unknown
5/tcp     open  rje
6/tcp     open  unknown
7/tcp     open  echo
8/tcp     open  unknown
9/tcp     open  discard
11/tcp    open  systat
12/tcp    open  unknown
13/tcp    open  daytime
14/tcp    open  unknown
15/tcp    open  netstat
16/tcp    open  unknown
17/tcp    open  qotd
20/tcp    open  ftp-data
22/tcp    open  ssh
24/tcp    open  priv-mail
25/tcp    open  smtp
26/tcp    open  unknown

On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com
wrote:
> I have a  CentOS 4.2 machine. lokkit shows that a firewall is  
> enabled, and it is customized to allow SSH, Web, and DNS traffic only.
> 
> But if I run nmap against the server IP (from my home machine,  
> outside the local network) it shows over 1000 open ports. Am I not  
> understanding nmap, or is there something seriously wrong here?
> 
> Here is a small snip of the nmap output (I can include it all if that  
> is helpful, but it is quite long):
> 
> (The 202 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 1/tcp     open  tcpmux
> 2/tcp     open  compressnet
> 3/tcp     open  compressnet
> 4/tcp     open  unknown
> 5/tcp     open  rje
> 6/tcp     open  unknown
> 7/tcp     open  echo
> 8/tcp     open  unknown
> 9/tcp     open  discard
> 11/tcp    open  systat
> 12/tcp    open  unknown
> 13/tcp    open  daytime
> 14/tcp    open  unknown
> 15/tcp    open  netstat
> 16/tcp    open  unknown
> 17/tcp    open  qotd
> 20/tcp    open  ftp-data
> 22/tcp    open  ssh
> 24/tcp    open  priv-mail
> 25/tcp    open  smtp
> 26/tcp    open  unknown
----
might as well get a root shell and type...

iptables -L

and see what's up with that.

Craig