Home > computers > linux > cmdline > firewalltest | About

I have set a rule on my firewall (192.168.100.20) that forbids access to port 143 (IMAP). The only exception are IPs from the LAN or from Algeria. To test this :

Testing the IMAP port is open when connecting from LAN

On my machine


hping3 192.168.100.20 -p 143 -S


On the server


root@messagerie[192.168.100.20] ~ # tcpdump port 143
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:31:53.934774 IP 192.168.211.114.2951 > 192.168.100.20.imap2: Flags [S], seq 471548264, win 512, length 0
14:31:53.934929 IP 192.168.100.20.imap2 > 192.168.211.114.2951: Flags [S.], seq 2786534769, ack 471548265, win 29200, options [mss 1460], length 0
14:31:53.935208 IP 192.168.211.114.2951 > 192.168.100.20.imap2: Flags [R], seq 471548265, win 0, length 0
14:31:54.934951 IP 192.168.211.114.2952 > 192.168.100.20.imap2: Flags [S], seq 303247259, win 512, length 0
14:31:54.935115 IP 192.168.100.20.imap2 > 192.168.211.114.2952: Flags [S.], seq 837116155, ack 303247260, win 29200, options [mss 1460], length 0
14:31:54.935424 IP 192.168.211.114.2952 > 192.168.100.20.imap2: Flags [R], seq 303247260, win 0, length 0
14:31:55.935138 IP 192.168.211.114.2953 > 192.168.100.20.imap2: Flags [S], seq 183582080, win 512, length 0
14:31:55.935262 IP 192.168.100.20.imap2 > 192.168.211.114.2953: Flags [S.], seq 4237710001, ack 183582081, win 29200, options [mss 1460], length 0
14:31:55.935569 IP 192.168.211.114.2953 > 192.168.100.20.imap2: Flags [R], seq 183582081, win 0, length 0
14:31:56.935378 IP 192.168.211.114.2954 > 192.168.100.20.imap2: Flags [S], seq 536646534, win 512, length 0
14:31:56.935507 IP 192.168.100.20.imap2 > 192.168.211.114.2954: Flags [S.], seq 2686932193, ack 536646535, win 29200, options [mss 1460], length 0
14:31:56.935768 IP 192.168.211.114.2954 > 192.168.100.20.imap2: Flags [R], seq 536646535, win 0, length 0

12 packets captured
12 packets received by filter
0 packets dropped by kernel
root@messagerie[192.168.100.20] ~ #


The server shows both inbound and outbound connexions. It is responding to me (exception to the rule works).

Testing the IMAP port is closed when connecting from WAN

On my machine


hping3 192.168.100.20 -a 29.30.40.10 -p 143 -S


The -a argument is for IP spoofing.

On the server


root@messagerie[192.168.100.20] ~ # tcpdump port 143 && host 29.30.40.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:32:50.898693 IP 29.30.40.10.2091 > 192.168.100.20.imap2: Flags [S], seq 560244212, win 512, length 0
14:32:51.898766 IP 29.30.40.10.2092 > 192.168.100.20.imap2: Flags [S], seq 1881380916, win 512, length 0
14:32:52.898823 IP 29.30.40.10.2093 > 192.168.100.20.imap2: Flags [S], seq 850842659, win 512, length 0
14:32:53.898971 IP 29.30.40.10.2094 > 192.168.100.20.imap2: Flags [S], seq 607512541, win 512, length 0

4 packets captured
4 packets received by filter
0 packets dropped by kernel
Host 10.40.30.29.in-addr.arpa. not found: 3(NXDOMAIN)
root@messagerie[192.168.100.20] ~ #


The server only shows inbound connexions (it's not responding to it). Rule works !

Testing that algerian IPs are allowed

I have downloaded the csvs with xtables-addons's

/usr/lib/xtables-addons/xt_geoip_dl

And moved them to : /usr/share/xt_geoip/csv/. I opened the GeoIPCountryWhois.csv and looked for Algeria, then tried an IP that was in any of the listed ranges

root@messagerie[10.10.10.19] ~ # geoiplookup 197.200.39.30
GeoIP Country Edition: DZ, Algeria
root@messagerie[10.10.10.19] ~ #

Using hping3 again from my machine, with option -a 197.200.39.30, then tcpdump from the server :


root@messagerie[192.168.100.20] ~ # tcpdump host 197.200.39.30 && port 143
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:54:56.670497 IP 197.200.39.30.1201 > 192.168.100.20.imap2: Flags [S], seq 1226797656, win 512, length 0
15:54:56.670696 IP 192.168.100.20.imap2 > 197.200.39.30.1201: Flags [S.], seq 1789027110, ack 1226797657, win 29200, options [mss 1460], length 0
15:54:56.671029 IP 197.200.39.30.1201 > 192.168.100.20.imap2: Flags [R.], seq 1, ack 1, win 29200, length 0
15:54:57.670528 IP 197.200.39.30.1202 > 192.168.100.20.imap2: Flags [S], seq 861754853, win 512, length 0
15:54:57.670660 IP 192.168.100.20.imap2 > 197.200.39.30.1202: Flags [S.], seq 1814095213, ack 861754854, win 29200, options [mss 1460], length 0
15:54:57.670908 IP 197.200.39.30.1202 > 192.168.100.20.imap2: Flags [R.], seq 1, ack 1, win 29200, length 0
15:54:58.670691 IP 197.200.39.30.1203 > 192.168.100.20.imap2: Flags [S], seq 398121675, win 512, length 0
15:54:58.670825 IP 192.168.100.20.imap2 > 197.200.39.30.1203: Flags [S.], seq 380778747, ack 398121676, win 29200, options [mss 1460], length 0
15:54:58.671077 IP 197.200.39.30.1203 > 192.168.100.20.imap2: Flags [R.], seq 1, ack 1, win 29200, length 0
15:54:59.670874 IP 197.200.39.30.1204 > 192.168.100.20.imap2: Flags [S], seq 1994254067, win 512, length 0
15:54:59.670975 IP 192.168.100.20.imap2 > 197.200.39.30.1204: Flags [S.], seq 391846182, ack 1994254068, win 29200, options [mss 1460], length 0
15:54:59.671205 IP 197.200.39.30.1204 > 192.168.100.20.imap2: Flags [R.], seq 1, ack 1, win 29200, length 0
15:55:00.671140 IP 197.200.39.30.1205 > 192.168.100.20.imap2: Flags [S], seq 693352272, win 512, length 0
15:55:00.671294 IP 192.168.100.20.imap2 > 197.200.39.30.1205: Flags [S.], seq 955964245, ack 693352273, win 29200, options [mss 1460], length 0
15:55:00.671545 IP 197.200.39.30.1205 > 192.168.100.20.imap2: Flags [R.], seq 1, ack 1, win 29200, length 0

15 packets captured
15 packets received by filter
0 packets dropped by kernel
-bash: port: command not found
root@messagerie[192.168.100.20] ~ #


Connexion succeeded !

—-

contact : @ychaouche yacinechaouche at yahoocom


QR Code
QR Code Testing the IMAP port is open when connecting from LAN (generated for current page)