How to determine which ports are being used?

S

spellman0032022-03-25 02:24:19

iptables

spellman003, 2022-03-25 02:24:19

I began to study the Netfilter firewall and the iptables utility for configuring it.
There is a server which distributes the Internet and provides NAT. Everything works with standard default rules, if you change them (for example iptables -P INPUT DROP) it stops working.
And I wanted to close everything and open it as needed. Are there ways to find out what ports and protocols an entity in the OS is trying to use? Is there any standard that specifies this? And then if we say iptables -P INPUT ACCEPT everything works, but if iptables -P INPUT DROP then no. I tried to leave open ports 53,80,8080,443,110,25,21, but stable operation does not work.
I try to take into account the logic of traffic passing through the firewall tables and did not close the OUTPUT chain.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DollyPapper, 2022-03-25
@spellman003

netstat -tlp
Shows all ports in the LISTENING state on the system. Better to use with sudo without it, the names of processes that the current user does not own will not be written. Well, the line itself with the connection will be displayed, just there will be no process name

H

hint000, 2022-03-25
@hint000

The INPUT chain determines the fate of packets that are destined for the host itself (the server in your case).
And the movement of packets that go to clients or from clients is regulated by the FORWARD chain.

Are there ways to find out what ports and protocols an entity in the OS is trying to use?

There is an old command netstat(for a bunch of keys that determine what exactly it shows, see man netstat or google it). There is a newer team ss.

packet flow diagram