habe mir ein gebrauchtes LANCOM DSL/I-10 Office als ISDN Router für mein privates Netzwerk geholt, funktioniert soweit alles einwandfrei bis auf die Firewall (vielleicht bilde ich mir das aber auch ein..).
Also, ich habe einige Regeln definiert für die Services die ich brauche, siehe Bild. Die letzte Regel DENY_ALL macht alles dicht in beiden Richtungen.
Die Regel ALLOW_BASIC_INTERNET ist wie folgt konfigiriert.
Also sollte HTTP, HTTPS, POP3, SMTP, NNTP vom LAN ins WAN funktionieren (tut's auch), umgekehrt jedoch nicht. Wenn ich nun aber von einem entfernten Linux Rechner aus einen Portscan auf die IP des LANCOM mache kommt folgendes (oder ähnlich, die höheren Ports sind jedesmal anders...) heraus:
Starting nmap V. 3.00
Interesting ports on xxxxxxxxxxxxxxxxxxxxxxx
(xxx.xxx.xxx.xxx):
(The 1467 ports scanned but not shown below are in state: filtered)
Port State Service
3/tcp closed compressnet
15/tcp closed netstat
16/tcp closed unknown
19/tcp closed chargen
23/tcp closed telnet
37/tcp closed time
72/tcp closed netrjs-2
78/tcp closed vettcp
80/tcp closed http
102/tcp closed iso-tsap
110/tcp open pop-3
115/tcp closed sftp
119/tcp closed nntp
142/tcp closed bl-idm
143/tcp closed imap2
170/tcp closed print-srv
177/tcp closed xdmcp
209/tcp closed tam
211/tcp closed 914c-g
216/tcp closed atls
232/tcp closed unknown
239/tcp closed unknown
242/tcp closed direct
259/tcp closed esro-gen
288/tcp closed unknown
315/tcp closed dpsi
318/tcp closed unknown
326/tcp closed unknown
329/tcp closed unknown
348/tcp closed csi-sgwp
369/tcp closed rpc2portmap
373/tcp closed legent-1
380/tcp closed is99s
412/tcp closed synoptics-trap
419/tcp closed ariel1
443/tcp closed https
461/tcp closed datasurfsrv
469/tcp closed rcp
509/tcp closed snare
527/tcp closed stx
548/tcp closed afpovertcp
557/tcp closed openvms-sysipc
558/tcp closed sdnskmp
559/tcp closed teedtap
597/tcp closed ptcnameservice
610/tcp closed npmp-local
643/tcp closed unknown
646/tcp closed unknown
675/tcp closed unknown
678/tcp closed unknown
679/tcp closed unknown
692/tcp closed unknown
697/tcp closed unknown
706/tcp closed silc
710/tcp closed unknown
729/tcp closed netviewdm1
733/tcp closed unknown
735/tcp closed unknown
741/tcp closed netgw
745/tcp closed unknown
747/tcp closed fujitsu-dev
777/tcp closed unknown
794/tcp closed unknown
820/tcp closed unknown
846/tcp closed unknown
857/tcp closed unknown
873/tcp closed rsync
876/tcp closed unknown
888/tcp closed accessbuilder
902/tcp closed unknown
915/tcp closed unknown
917/tcp closed unknown
939/tcp closed unknown
940/tcp closed unknown
942/tcp closed unknown
950/tcp closed oftep-rpc
967/tcp closed unknown
970/tcp closed unknown
982/tcp closed unknown
992/tcp closed telnets
999/tcp closed garcon
1030/tcp closed iad1
1058/tcp closed nim
1155/tcp closed nfa
1347/tcp closed bbn-mmc
1368/tcp closed screencast
1373/tcp closed chromagrafx
1378/tcp closed elan
1381/tcp closed apple-licman
1388/tcp closed objective-dbc
1397/tcp closed audio-activmail
1405/tcp closed ibm-res
1423/tcp closed essbase
1424/tcp closed hybrid
1429/tcp closed nms
1441/tcp closed cadis-1
1448/tcp closed oc-lm
1454/tcp closed interhdl_elmd
1462/tcp closed world-lm
1465/tcp closed pipes
1468/tcp closed csdm
1482/tcp closed miteksys-lm
1492/tcp closed stone-design-1
1494/tcp closed citrix-ica
1502/tcp closed shivadiscovery
1665/tcp closed netview-aix-5
1723/tcp closed pptp
1827/tcp closed pcm
1998/tcp closed x25-svc-port
1999/tcp closed tcp-id-port
2002/tcp closed globe
2033/tcp closed glogger
2065/tcp closed dlsrpn
2431/tcp closed venus-se
2500/tcp closed rtsserv
2564/tcp closed hp-3000-telnet
3389/tcp closed ms-term-serv
3900/tcp closed udt_os
4000/tcp closed remoteanything
4045/tcp closed lockd
4557/tcp closed fax
4998/tcp closed maybeveritas
5011/tcp closed telelpathattack
5236/tcp closed padl2sim
5510/tcp closed secureidprop
5632/tcp closed pcanywherestat
5802/tcp closed vnc-http-2
6101/tcp closed VeritasBackupExec
6144/tcp closed statsci1-lm
7003/tcp closed afs3-vlserver
7004/tcp closed afs3-kaserver
8080/tcp closed http-proxy
13713/tcp closed VeritasNetbackup
13715/tcp closed VeritasNetbackup
Nmap run completed -- 1 IP address (1 host up) scanned in 311 seconds
Sieht ja schon mal ganz gut aus, ausser daß der POP3 Port immer offen ist. Selbst wenn ich explizit eine Regel DENY_POP3 einrichte bleibt er offen. Habe nur Windows XP Maschinen im LAN, deswegen verstehe ich das nicht. Hat das LANCOM einen integrierten POP3 Server? Habe nichts gefunden um den zu konfigurieren bzw. abzuschalten.
Ach ja, Firmware ist 3.57.0005 / 10.02.2005
Grüße, Robert
Ist auch erstmal nicht soooo tragisch, noch verwende ich ISDN mit ständiger An- und Abwahl und wechselnder IP, aber wenn mal DSL oder Kabel kommt ist die Anlage always-on, bis dahin sollte alles dicht sein.
