nmap shows port filtered, but iptables/ipchains not running

Greetings all,

I ran an nmap of a machine that I am trying make an NFS server, and the
results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
bunch of "X11" ports are all filtered. The odd thing is that this
machine's ipchains service is turned off (and, regardless, all of the
chains are empty).

How else can ports be filtered in Linux, if the iptables/ipchains service
is not running?

Thanks,

Jeff

--
Add an underscore between 'd' and 's' and remove the first three
letters of the alphabet for email.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Jeff Krimmel <(E-Mail Removed)> suggested:
> Greetings all,

> I ran an nmap of a machine that I am trying make an NFS server, and the
> results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
> bunch of "X11" ports are all filtered. The odd thing is that this

You could try using 'rpcinfo/showmount' (man rpcinfo), which is
suited for this task.

> machine's ipchains service is turned off (and, regardless, all of the
> chains are empty).

> How else can ports be filtered in Linux, if the iptables/ipchains service
> is not running?

Perhaps:

man 5 hosts_access

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA3sgbAkPEju3Se5QRAl4HAKDKNVm+vwIdAZ0nOd+lsX bNnOlGRQCgiMwe
oLNW99tv8kDMjHr/7DsaRcM=
=epsn
-----END PGP SIGNATURE-----

On Sun, 27 Jun 2004 13:14:04 +0000, Michael Heiming wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> In comp.os.linux.networking Jeff Krimmel <(E-Mail Removed)>
> suggested:
>> Greetings all,
>
>> I ran an nmap of a machine that I am trying make an NFS server, and the
>> results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
>> bunch of "X11" ports are all filtered. The odd thing is that this
>
> You could try using 'rpcinfo/showmount' (man rpcinfo), which is suited
> for this task.

Both of these show an RPC error, even though the portmapper is running on
both machines.

>> machine's ipchains service is turned off (and, regardless, all of the
>> chains are empty).
>
>> How else can ports be filtered in Linux, if the iptables/ipchains
>> service is not running?
>
> Perhaps:
>
> man 5 hosts_access

Thanks, and the /etc/hosts.allow and /etc/hosts.deny files are both set up
to allow the appropriate connections.

Any other ideas?

Jeff

--
Add an underscore between 'd' and 's' and remove the first three
letters of the alphabet for email.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Jeff Krimmel <(E-Mail Removed)> suggested:
> On Sun, 27 Jun 2004 13:14:04 +0000, Michael Heiming wrote:
>> In comp.os.linux.networking Jeff Krimmel <(E-Mail Removed)>
>> suggested:
[..]
>> You could try using 'rpcinfo/showmount' (man rpcinfo), which is suited
>> for this task.

> Both of these show an RPC error, even though the portmapper is running on
> both machines.

Would you mind showing us the exact error message (cut&paste),
what does happen if you try 'rpcinfo -p localhost' on the nfs
server?

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA3x/LAkPEju3Se5QRAjq0AJ9gHNjoV+xBh3k9J+TptANmRM5zHACdH X4S
abX3BJ0SlQXFVFY+O/GT14A=
=2Vke
-----END PGP SIGNATURE-----