[lug] Firewall / Lockdown questions
Brad Crotchett
brad at bradandkim.net
Tue Jul 31 22:02:27 MDT 2007
On Tue, 2007-07-31 at 21:14 -0600, dio2002 at indra.com wrote:
> >
> > 'netstat -an' should show you what local address a service is listening
> > on.
>
> i thought that was the case. I got confused with the Foreign Address when
> i saw 0.0.0.0:* thinking that meant LISTENING on any port.
>
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
>
> Just to confirm, the Local Address is the port any service is LISTENING
> ON. It should never change for a given service once established. Foreign
> Address has nothing to do with what interface a port LISTENS on. It will
> always be 0.0.0.0:* when the port is LISTENING (waiting for a client) even
> on a service which always listens on localhost interface. The minute a
> client connects, that value of Foreign Address will be set. That could be
> 127.0.0.1 or it could be any ip on the interent.
>
> sound good?
>
> thanks
>
Once a connection is made, then 'STATE' changes from 'LISTENING' to
'CONNECTED' and yes the foreign address will show the remote IP address.
One of my most used commands is 'netstat -an|grep LISTEN'. If I just
started a service then that lets me see if the service successfully
started and is listening properly. If not, I can start running through
the logs.
Thanks,
Brad Crotchett
www.bradandkim.net
More information about the LUG
mailing list