Ubuntu port scanning and opening

Source: Internet
Author: User
Tags ftp access

Before scanning:


Nmap Scan Report for 192.168.0.39

Host is up (0.00029s latency).

All scanned ports on 192.168.0.39 is filtered

MAC Address:00:0c:29:ef:80:d6 (VMware)


After opening:

Nmap Scan Report for 192.168.0.39

Host is up (0.00038s latency).

Not shown:997 filtered ports

PORT State SERVICE

22/TCP closed SSH

80/TCP closed HTTP

8080/TCP closed Http-proxy

MAC Address:00:0c:29:ef:80:d6 (VMware)


The process is as follows:

1. Scan Port

With Ubuntu's own network tools in the port scan is not strong enough, the scan results may not be complete, recommended to use nmap, hackers commonly used port scanning Tool! Installation method: sudo apt-get install nmap, want to scan the port nmap plus domain name or IP. Scan the local port below: nmap localhost

2. View the port process

Command: sudo lsof-i:p ort (port changed to the one you want to query);

Command: sudo netstat-nap|grep port (the last line shows the process number)

3. Start | stop | Restart port

There are roughly three different ways

(1) such as Apache2, MySQL port, direct sudo service apache2 stop (|start|restart) can

(2) Some ports cannot be closed with the service, you can consider Sudo/etc/init.d/service Start|stop|restart

(3) If you can't turn it off, try killing the process: sudo kill pid,pid is the port service process number, and the command to view the process number is described above.

Open mouth Ubuntu use

Use UFW in Ubuntu to see if it is installed and enabled:

sudo dpkg--get-selections | grep UFW

sudo apt-get install UFW

You should check to see if the UFW is already running

sudo UFW status

If you find the status is: inactive, meaning is not activated or does not work.

Enable:

sudo UFW enable

Disable:

Sudo

UFW Disable

After the firewall is activated, you can add your own rules to the inside. If you want to see the default rules, you can enter

sudo ufw status verbose

Status:active

Logging:on (Low)

Default:deny (incoming), allow (outgoing)

New Profiles:skip

$

By default, all external access connections are not allowed. If you want to connect your machine remotely, you have to open the appropriate port. For example, you want to use SSH to connect, here is the command added


sudo ufw allow ssh or Nikki SSH configuration is which port directly sudo UFW allow 22 (the default is 22, the path looks:

sudo UFW status

To Action from

--      -----------         ------

Allow Anywhere

Allow Anywhere (V6)

If you have many rules and want to quickly add an ordinal number to each rule, use the numbered parameter.

sudo UFW status numbered

The first rule means that all TCP or UDP packets that access the machine via the 22 port are allowed. What if you want to allow only TCP packet access? You can add a TCP parameter after the service port. The following example and the corresponding output.

sudo ufw allow ssh/tcp or UFW allow 22/tcp

Adding a Deny rule is the same trick. Let's say you want to deny FTP access, you just type

sudo UFW deny FTP

Add a specific port

Sometimes, we customize a port instead of using the standard provided. Let's try to change the 22 port of SSH on the machine into 2290 port and then allow access from 2290 port, we add it like this:


sudo ufw allow 2290

You can also add the port range into the rules. If we want to open a port from 2290 to 2300 for use by the TCP protocol, the command looks like this:

sudo ufw allow 2290:2300/tcp

If you want to use UDP, do the following.

sudo ufw allow 2290:2300/udp

Please note that you have to explicitly specify ' TCP ' or ' UDP ', otherwise there will be an error message similar to the one below.

Error:must specify ' TCP ' or ' UDP ' with multiple ports

Add a specific IP

The rules we added earlier are based on the service program or port, and UFW can also add rules based on IP addresses. Here is a sample command.


sudo ufw allow from 192.168.0.104

You can also use a subnet mask to widen the range.

sudo ufw allow form 192.168.0.0/24

You can also use a subnet mask to widen the range.

sudo ufw allow form 192.168.0.0/24

To Action from

--      -----------         ------

Anywhere Allow 192.168.0.104

Anywhere Allow 192.168.0.0/24

As you can see, the from parameter only restricts the source of the connection, and the purpose (represented by the to column) is everywhere

sudo ufw allow to any port 22

The above command allows access to port 22 from anywhere and from any protocol.

Combination parameters

For more specific rules, you can also combine IP addresses, protocols, and ports. We want to create a rule that restricts only the IP from 192.168.0.104, and only uses the TCP protocol and accesses the local resources via Port 22. We can use the command shown below.


sudo ufw allow from 192.168.0.104 Proto TCP to any port 22

The command to create a deny rule is similar to the allowed rule, so you only need to change the Allow parameter to the deny parameter.

Delete Rule

sudo ufw delete Allow FTP

Method Two:

sudo ufw delete allow SSH

Or

sudo ufw delete Allow 22/tcp

Some of the errors that appear are as follows:

Could Not delete non-existent rule

Could Not delete non-existent rule (V6)

We have another trick. As mentioned above, you can sequence numbers instead of the rules you want to delete. Let's try.

sudo UFW status numbered

Then we remove the first rule that is in use. Pressing "Y" will permanently delete this rule.

sudo UFW Delete 1

Deleting:

Allow from 192.168.0.104 to any port proto TCP

Proceed with Operation (y|n)? Y

From these usages you can see the difference between them. Method 2 requires user confirmation before deletion, and Method 1 does not.

Reset All Rules


sudo ufw reset

Resetting all rules to installed defaults. Proceed with Operation (y|n)? Y

If you enter "Y", UFW will back up all existing rules before resetting your UFW, and then reset. Resetting the operation also puts your firewall in an unusable state if you want to use it again to enable it.


Advanced Features


As I said above, UFW firewall can do everything iptables can do. This is done through a few rules files, they are just iptables-restore of the corresponding text file. Whether the UFW command can be used to fine-tune UFW and/or logic to add iptables commands is actually a matter of editing several text files.


/ETC/DEFAULT/UFW: The master configuration file for the default policy, supporting IPV6 and kernel modules.


/etc/ufw/before[6].rules: The rules that exist before adding rules through the UFW command are evaluated first.


/etc/ufw/after[6].rules: rules that exist after adding rules through the UFW command are calculated.


/ETC/UFW/SYSCTL.CONF: Kernel network tunable parameters.


/etc/ufw/ufw.conf: Sets whether UFW is available at system startup, and sets the log level.


Conclusion

As the front-end application of Iptables, UFW provides users with a simple interface interface. There is no need to remember the very complex iptables syntax. UFW also uses ' Simple English ' as its parameter.


Like allow, deny, and reset are part of them. I believe there are many iptables front-end applications, but UFW is definitely one of the best alternatives for users who want to build their own firewalls quickly and easily, but also very secure. Please enter man UFW to view the UFW user manual for more details.


Support for open source support sharing!!! If in doubt, please dabigatran: Click on the link to join the group "Linux Technology Exchange Discussion Group": Http://jq.qq.com/?_wv=1027&k=cIQijs


This article is from the "lake and Laughter" blog, please make sure to keep this source http://hashlinux.blog.51cto.com/9647696/1733291

Ubuntu port scanning and opening

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.