nmap gives info not of open ports but on services that are running.

[Tim]

Michael A Peters:
>> You are probably using iptables to block an external IP address and
>> using nmap on an internal IP address.
>> 
>> Try running nmap from a different machine.

Strong:
> THank You, but is there a way I can inspect my open ports from within
> my machine?

To see what outsiders can access, you really do want to test from an
outside address (there are websites that provide probing services).
Even running a test from another PC inside your network is only a test
for that situation (it doesn't represent what an outsider can do).

Internally, a machine has at least two addresses.  The internal
127.0.0.1 local loopback, which *only* works internally to the same
machine.  And any interfaces to the outside world.  Running a test on
the box doesn't test the hardware, if you try scanning an ethernet port,
you only test the internal networking, it doesn't actually go through
the hardware.

You can see what ports are in use and open with netstat, but that
doesn't show what's available/blocked to outsiders.  And any other
networking hardware between your PC and the outside world plays a role
in testing what ports are accessible.

> More over, I set in iptables simply reject all - why it matters which
> address (internal/external)?

If you truly rejected all, you'd find a lot of things wouldn't work,
like X.  The local display runs through the network, even if it's the
127.0.0.1 one.

If you're creating firewall rules you certainly do want to make a
differentiation between internal and external.  You don't want to be a
spammer's pet mail server, for instance.  Nor do you want to expose CUPS
or X to the WWW.

-- 
(This box runs FC6, my others run FC4 & FC5, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.