Re: telnet on local LAN question

On 08/17/2011 08:25 AM, Paul Allen Newell wrote:

I have been trying what I think is the correct edit in all permuations I
can think of ... as in:
+++
iptables -I INPUT <where every the log entry is> -{s,d}
192.168.2.{10,11} -p tcp -{destination,source}-port telnet -j ACCEPT
+++

I would have just duplicated the ssh rule, which works, for port 23.

-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT

I am not having success and the messages in the log are showing me that
I am making a mess. One of the interesting things is I am now getting
"connection refused" rather than "no route to host" and I need to see
what change I made caused that (which is also interesting as I would
have expected "connection refused" if the resolution was "REJECT"?)

This could depend on the "--reject-with icmp-host-prohibited" part.
Other kind of --reject-with could give "connection refused".

If I know what 192.168.2.x machines I want to be able to telnet to and I
modify all machines to have the necessary in iptables to allow a telnet
to/from, what am I missing?

Thanks in advance (this iptables stuff is a bit daunting ...),

The firewall is probably quite ok now.

More investigation can be done with "tcpdump -i eth0 -n -n" on the
destination machine (do not do this remotely as it will generate
traffic and confuse you). Take note of what kind of reply the SYN
packet gets.

An additional thing to check is if you are listening on port 23 (or 25).
Try "netstat -tnlp" and search ":23" (or ":25"). You will find the
name of the process listening. Check if it is listening on 0:0:0.0 or
just on 127.0.0.1. The 127.0.0.1 would be wrong, and should be fixed
in the configuration of the mail program.

--
Roberto Ragusa mail at robertoragusa.it
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages

  • Re: FTP Setup
    ... It is listening on port 21: ... Could be you need to open a doorway for FTP in your firewall. ... You probably should check what's going on with iptables: ... Maybe your ISP blocks that port and you'll have to choose ...
    (comp.os.linux.setup)
  • Re: FTP Setup
    ... It is listening on port ... Could be you need to open a doorway for FTP in your firewall. ... You probably should check what's going on with iptables: ... Maybe your ISP blocks that port and you'll have to choose ...
    (comp.os.linux.setup)
  • Re: how can i open a port
    ... > If it's listening, but you can't get to it from another server, you may ... > have it blocked by your firewall rules. ... I don't do iptables, so if ... > how to open up the port through your firewall. ...
    (RedHat)
  • Re: FTP Setup
    ... It is listening on port 21: ... You probably should check what's going on with iptables: ... redundant rules or just add the new one? ... Maybe your ISP blocks that port and you'll have to choose ...
    (comp.os.linux.setup)
  • RE: redhat-list Digest, Vol 4, Issue 38
    ... Re: Iptables: port 22 open only for my IP ... Windows Services for Unix 3.5 ... It does absolutely nothing if you have a rampant application on your Windows box that opens a port to the outside world. ...
    (RedHat)