0

I have a vps A, and I am running smtp on it. If I run nmap from my local desktop to scan for my vps it turns out that port 25 (smtp) is filtered. However, if I run online scanner (fill my vps's IP into the web site and let the web site run a scan), it shows port 25 is open. I don't understand why the result is different. I am certain that my vps's local firewall (iptables) is set to allow port 25. The similar problem occurred on port 47 (when I was setting a vpn on my vps).

I guess it's the ISP that blocked these ports. However I can still send and receive mails using my vps, as well as connect to my vpn on the vps.

So my question is:

  1. If it is the ISP that blocked these ports, why can I still use these services?
  2. Which ISP blocked these ports? My local desktop's ISP? Or the vps's ISP?
  3. Why the online scanner is not aware of the blocking?

Below is the output of iptables -nL:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1723
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:465
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0
ACCEPT     47   --  0.0.0.0/0            0.0.0.0/0

And I was using pentest-tools.com as the online checker.

Nevermoe
  • 103
  • 2

1 Answers1

1

Better question to ask is "is there any problem with my VPS firewall?" and answer will be probably yes. Just send us output from iptables -nL and we will see.

To your questions:

  1. Good question, it could be detection of scans. Or your ISP isn't blocking that port.
  2. Or anyone between your desktop ISP and your VPS ISP. Your VPS provider will not do it, because of open state in online checker. Probably.
  3. Because it takes different way to your VPS. Or maybe it just shows Filtered ports as Open (because filtered port can be open, too). What are you using as online scanner?
Ondra Sniper Flidr
  • 2,653
  • 12
  • 18
  • Thank you! I updated the question and appended the output of `iptables -nL`. I was using pentest-tools.com as the online scanner. And yes, I have contacted with the VPS provider and they confirmed that they are not blocking the ports. Besides, I recalled that I'm not able to telnet port 25 from my local desktop, so at least my desktop's ISP is blocking my request to port 25? – Nevermoe Oct 15 '15 at 14:22
  • Yep, it looks definitelly your ISP (or some ISP between your PC and your VPS, but most probably your local ISP) is blocking port 25. Are you sure you're using normal SMTP and no encrypted SMTPs (ssl/tls encryption) in your email client, so it's using port 25? This could be reason why you can send email but cannot connect to port 25. – Ondra Sniper Flidr Oct 15 '15 at 14:49
  • Yes! You are right! I found I was using smtps and submission(465) for sending mail! So that's why I am able to send mail regardless of port 25 being blocked! – Nevermoe Oct 15 '15 at 15:04
  • This might be another question though, as to the port 47 (GRE) I used for vpn (pptp), I guess it is a protocol rather than a service? I ran `netstat` and port 47 is actually not open at all. However, due to certain reason I still have to set the iptables to allow port 47 in order to connect to pptpd. – Nevermoe Oct 15 '15 at 15:07