nmap and firwalld give coflicting statements

Issues related to configuring your network
Post Reply
xywojtek
Posts: 5
Joined: 2020/02/21 06:56:54

nmap and firwalld give coflicting statements

Post by xywojtek » 2020/02/25 16:15:36

Hi everyone,

I am trying to understand what is going on with my CentOS 8 on Google Cloud Platform. The goal is to set up a VPN + Pi - Hole.

Have a look below at what nmap gives me vs firewall-cmd. Nmap says 22 and 9090 only and firewalld says that cockpit (9090) dhcpv6 (53?) ssh (22) and wireguard (51820) are active?

Now:
- cockpit does not work from the outside world, but it does work with local IP when connected through VPN.
- Wireguard VPN definitely works as I can connect to it and then open cockpit locally
- I can ping any domain from shell, but can't go "outside" when connected through VPN

So let's form a couple of questions:
1. nmap and firwalld say that 9090 is opened but can't access cockpit from the outside world, why?
2. Why nmap does not show wireguard?
3. Why I can ping anything from the sever, but my peer can't access any website when connected to that server through VPN?


# nmap local...
Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-25 15:32 UTC
Nmap scan report for local... (*.*.0.19)
Host is up (0.0000080s latency).
rDNS record for *.*.0.19: ....internal
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin

Nmap done: 1 IP address (1 host up) scanned in 1.60 seconds


# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh wireguard
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Thank you in advance

User avatar
TrevorH
Forum Moderator
Posts: 29113
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: nmap and firwalld give coflicting statements

Post by TrevorH » 2020/02/25 16:25:34

Are you running nmap from outside the machine in question or on it? If it's on it then your requests get transparently redirected to localhost and everything is allowed.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

xywojtek
Posts: 5
Joined: 2020/02/21 06:56:54

Re: nmap and firwalld give coflicting statements

Post by xywojtek » 2020/02/25 17:02:01

both commands on the same machine Trev

User avatar
TrevorH
Forum Moderator
Posts: 29113
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: nmap and firwalld give coflicting statements

Post by TrevorH » 2020/02/25 17:30:41

So then it's expected. Run it from outside to get reliable results.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Networking Support”