I can't find how to list or 'read the list' of ports open on Linux.
I have a Debian based server. I found a slew of commands to list open ports, but I can't find any that lists just of open ports that can be accessed from the outside.
I know 3309 is open, but I've configured mySQL to only reply to local host, but the port is still listed as open. Again, I'm only interested in ports open to the outside world.
If there is no such command, maybe there is a grep to filter out the internal only ports?
Best Answer
You may not be finding an easy answer to this, because it's a more complex question than you might realize. There's at least 3 possible points of interest to look at:
The ports being listened for on the server.
netstat -an | grep LISTENwill give you a general idea. Look for source addresses of 0.0.0.0 or specific "outside" interfaces (don't forget IPv6 addresses if applicable).Server firewall (commonly iptables).
iptables -lwill give some idea of what traffic is being allowed. But also, it should show you any NATs/port redirects being done at the server level. For example, your port 3309 might be redirected to 127.0.0.1:3309. So even though your mysql might only be listening on localhost, it WOULD be technically accessible from the "outside" world.Your edge firewall. This is your internet router/gateway. Easiest thing to do here is to go to a server in the "outside world" (whether that's the open internet, somewhere else on your network, etc. - that wasn't clearly defined in the question), and run
nmap <your-external-ip>and see what it reports as open. The downside of doing this is if you don't have a dedicated IP for your server, you're probably going to see a lot of stuff that doesn't apply to your specific server.Those 3 things will answer most of your questions, but I'm sure others will have more ideas/suggestions.