[SOLVED] Open Ports on standard PVE install

[gctwnl]

When I ask nmap what is open on my PVE host, it tells me:

PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
3128/tcp open  squid-http
8007/tcp open  ajp12

22 and 8007 I understand (8007 because PBS is also running on that system)

But what I do not understand is that 8006 is not reported by nmap (more an nmap thing, I guess), while it is there that we can access the admin GUI:

gerben@hermione% nc -v -z pve.rna.nl 8006       
Connection to pve.rna.nl port 8006 [tcp/*] succeeded!

What I would like to know is:

• Why is TCP 111 open (according to the documentation, it should be only-UDP 111) and what is 111 for anyway? Do I need it with a single PVE machine?
• 3128 is a SPICE proxy. My guess is this is needed for the Shell of the PVE host and Console of the VM clients from the Web GUI. Correct?

 

[UdoB]

First thought: are you sure to scan the correct machine? Verify/compare the IP address...

 

[gctwnl]

First thought: are you sure to scan the correct machine? Verify/compare the IP address...

Yes. 100%.

gerben@hermione% ssh user@hostscannedbynmap
user@hostscannedbynmap's password:
Linux pve 5.15.85-1-pve #1 SMP PVE 5.15.85-1 (2023-02-01T00:00Z) x86_64

 

[LnxBil]

But what I do not understand is that 8006 is not reported by nmap (more an nmap thing, I guess), while it is there that we can access the admin GUI:

How did you scan (what command)? Without port specification, nmap will only scan a few known ports, not everything.

 

[gctwnl]

How did you scan (what command)? Without port specification, nmap will only scan a few known ports, not everything.

That will be it. The fact that 8007 was scanned but 8006 was not, made me assume all ports were scanned (what the heck is 8007...). I've been unable to find out what the 'interesting ports' list is.

 

[rspowell]

https://www.speedguide.net/port.php?port=8007