Aleksey Tsalolikhin
2011-May-17 18:13 UTC
[CentOS] Why is iptables configured to accept packets on ports 50 and 51?
[root at hwdltsaloli ~]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT [root at hwdltsaloli ~]# lsof -i:50 [root at hwdltsaloli ~]# lsof -i:51 [root at hwdltsaloli ~]# /etc/services says: re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol la-maint 51/tcp # la-maint 51/udp # IMP Logical Address Maintenance Google turns up RMCP is a simple lightweight DP protocol for checking if you have mail on a server A quick Google search failed to turn up what is "IMP Logical Address Maintenance" Why is this in the default iptables configuration? Thanks, Aleksey
Eero Volotinen
2011-May-17 18:18 UTC
[CentOS] Why is iptables configured to accept packets on ports 50 and 51?
2011/5/17 Aleksey Tsalolikhin <atsaloli.tech at gmail.com>:> [root at hwdltsaloli ~]# cat /etc/sysconfig/iptables > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIThttp://en.wikipedia.org/wiki/IPsec ? -- Eero
Stephen Harris
2011-May-17 18:20 UTC
[CentOS] Why is iptables configured to accept packets on ports 50 and 51?
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPTThat's _protocol_ 50 and 51; not ports 50 and 51 % grep '5[01]' /etc/protocols esp 50 ESP # Encap Security Payload ah 51 AH # Authentication Header IPSec traffic. -- rgds Stephen
Michel van Deventer
2011-May-17 18:25 UTC
[CentOS] Why is iptables configured to accept packets on ports 50 and 51?
Hi, On Tue, 2011-05-17 at 11:13 -0700, Aleksey Tsalolikhin wrote:> [root at hwdltsaloli ~]# cat /etc/sysconfig/iptables > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > [root at hwdltsaloli ~]# lsof -i:50 > [root at hwdltsaloli ~]# lsof -i:51 > [root at hwdltsaloli ~]# > > > /etc/services says: > > re-mail-ck 50/tcp # Remote Mail Checking Protocol > re-mail-ck 50/udp # Remote Mail Checking Protocol > > la-maint 51/tcp # > la-maint 51/udp # IMP Logical Address > Maintenance > > Google turns up RMCP is a simple lightweight DP protocol for checking > if you have mail on a server > > A quick Google search failed to turn up what is "IMP Logical Address > Maintenance"The -p you are referring to is NOT a port, but a protocol (number), 50 and 51 stand for IPSEC protocols (AH and ESP). [michel at deltaflyer ~]$ cat /etc/protocols | grep 51 ah 51 AH # Authentication Header ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 (not in official list) [michel at deltaflyer ~]$ cat /etc/protocols | grep 50 esp 50 ESP # Encap Security Payload ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 (not in official list) Please read 'man iptables' :) Regards, Michel
Seemingly Similar Threads
- Re: how to install BackupPC on CentOS 5.2 -- how do I use Test repository?
- rsync 2.6.9 uses a lot of memory; has that changed in rsync 3.0.3 ?
- Installing yesterday's CentOS (or how to install the patch/package set from 3 weeks ago)
- how to submit corrections for virt-bridge-errors page?
- BackupPC 3.1.0 on CentOS 5.2 triggers SE Linux denial