Introduction
Nmap is a free and very popular network security scanner. It is easy to use and very powerful. This article will explain the installation and usage of Nmap for testing firewall configurations. Even though you can check which ports are open through your firewall, testing it by scanning can be very useful. For example, if you have a firewall rule that disables outside access to your MariaDB service, Nmap can help you make sure that the firewall is working as intended.
NOTE: You should never run Nmap on IP addresses that do not belong to you, unless you have explicit permission to do so, as per Rcs.com's Acceptable Use Policy ('AUP').
Prerequisites
- A Rcs VPS running a Linux Distribution
- Root access to your VPS, via SSH or console.
Installation
Install Nmap on the VPS that you wish to test.
- Debian and Debian-based distributions:
apt install -y nmap
- CentOS and RHEL:
yum install -y nmap
Usage
First, you need to know the IP address of your VPS. You should use your public-facing IP address, since the goal is to test the public-facing firewall configuration. This article will use 203.0.113.1
as an example. Make sure you replace it with your own IP address.
Testing a single TCP port.
The command to test a single port is as follows:
nmap -p 80 203.0.113.1
In this example, 80
is the TCP port number you wish to test.
Example output:
root@debian1:~# nmap -p 80 203.0.113.1
Starting Nmap 7.40 at 2018-10-19 00:00 EEST
Nmap scan report for 203.0.113.1
Host is up (0.000097s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
Testing all TCP ports.
The following command will test all TCP ports (-p-
), and will save the output to nmap.out
.
nmap -oN nmap.out -p- 203.0.113.1
Testing all TCP ports and detect the version.
The following command will test all TCP ports (-p-
), try to detect which services and which versions are running (-sV
), and will save the output to nmap.out
.
nmap -sV -oN nmap.out -p- 203.0.113.1
Testing all TCP ports and run basic security checks.
The following command will test all TCP ports (-p-
), will run basic security checks on open ports (-sC
), and will save the output to nmap.out
.
nmap -sC -oN nmap.out -p- 203.0.113.1
These security checks are especially helpful in detecting common vulnerabilities and misconfigurations.
Other useful options
-v
, -vv
, -vvv
lead to increasingly verbose output.
-sU
is used for UDP scans.
Conclusion
Running nmap is not always necessary, but can be very useful especially when complicated network configurations and firewall rules are in place.