From owner-freebsd-questions@FreeBSD.ORG Tue Jan 20 18:50:44 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F57610656C3 for ; Tue, 20 Jan 2009 18:50:44 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail3.sea5.speakeasy.net (mail3.sea5.speakeasy.net [69.17.117.5]) by mx1.freebsd.org (Postfix) with ESMTP id 21E298FC12 for ; Tue, 20 Jan 2009 18:50:44 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 2334 invoked from network); 20 Jan 2009 18:50:32 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail3.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 20 Jan 2009 18:50:32 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id F11C450824; Tue, 20 Jan 2009 13:50:31 -0500 (EST) To: Doug Hardie References: <8904C35C-EDFE-419D-989E-84F20A364DD4@lafn.org> From: Lowell Gilbert Date: Tue, 20 Jan 2009 13:50:31 -0500 In-Reply-To: <8904C35C-EDFE-419D-989E-84F20A364DD4@lafn.org> (Doug Hardie's message of "Mon\, 19 Jan 2009 10\:44\:12 -0800") Message-ID: <44hc3tolqg.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Port 7070 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2009 18:50:47 -0000 Doug Hardie writes: > I just ran a netcat (nc -z) on my production servers and found an > unusual response: > > Connection to xxxx 7070 port [tcp/arcp] succeeded! > > I checked on all my production and test servers (7.0 stable as of > quite some time ago) and got the same response. I can't figure out > why that port is open. It always returns a reset when a connection is > opened. netstat -an does not return any 7070 entries. sockstat does > not show any 7070 entries. There is no 7070 entry in /etc/services. > ktrace of inetd shows nothing. tcpdump on the server shows the SYN > and RST packets only. tcpdump on the client machine shows a complete > TCP negotiation completion followed by a termination. The client is > going across the internet. > > Running the client on a machine on the servers LAN shows that the port > is not open. And tcpdump from both shows only a SYN followed by a > RST. This indicates that some router between the original client and > the servers is accepting the connection and then forwarding it on. > This doesn't happen on other ports (although there may be a couple > others I haven't chased down yet though). The only router we have in > the path is a Cisco 2501 running a 2000 vintage IOS with nothing like > that in its configuration. Its a simple pass everything through > setup. Any ideas what is happening here? Sounds like the router is blocking most incoming connections, but not 7070. 7070 is sometimes used for RSTP, which makes some sense to let through. Nothing is actually listening on that port on the server, though, which is why you don't see anything in sockstat et. al. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/