M HYPE SPLASH
// updates

How to change a port from filtered to open?

By Abigail Rogers

I set up port forwarding on port 4444. I'm using gufw as firewall; but, when I'm using nmap, the port shows as "filtered" not "open". 

PORT STATE SERVICE
4444/tcp filtered krb524</code>

If I remove the firewall, the port gets closed even the port forward is still there. 

PORT STATE SERVICE
4444/tcp closed krb524</code>

How can I open the port (with or without the firewall)? I do have a dynamic IP address; but, I'm using a DNS to get the IP address and the port forward is on DNS.

3 Answers

Clearly in your case, there is no service listening on that port.

A port is considered "opened" when a service is listening on it.
If no service is listening on it, nmap will see the port either closed or filtered.

An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.

Depending on the how firewall works and how the system allows scanning you may receive a filtered status on a port where a service is listening on, but also if no service is listening too.

For example :
With option -sT, nmap will try to connect with TCP protocol after SYN is done.
It is a good option when a user does not have raw packet privileges.

With option -sS, nmap will only try to SYN the port, which is first faster than doing the whole SYN/ACK process and will not produce tracks in the logs but can give no results under conditions given before.

References :
Nmap Port Status List
Scanning techniques

A port being "open" means there is a service listening on that port. If it is "closed" then the OS and firewall are not preventing communication on that port, but there is no service which is listening. You have to start a process on your machine that will listen on that port.

2

from the command line, you want to do this: 

sudo ufw allow 4444
sudo ufw allow out 4444

Not really sure how to do it with the gui, but if you can run nmap, you can run the above. Nmap should then report the port as open - at least from that machine. If it doesn't work after that, there's likely something else in between

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in updates

How do I see what I am currently subscribed to?

Wes Anderson in the Land of Dahl