firewall protocols
R. DuFresne
dufresne at sysinfo.com
Thu Apr 7 22:14:08 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 7 Apr 2005, Vernon A. Fort wrote:
> Ted Gervais wrote:
>
>> I have just discovered that people are not able to telnet to my system and
>> I have been told that it is not because I don't have the necessary ports
>> open but rather the problem is because of protocols??
>>
>> I have no idea what this means and am wondering if someone could explain.
>> If it is needed I can supply a copy of my firewall but was wondering
>> first if anyone has heard of this.
>
> you should be able to list the open port from the iptables command: iptables
> -L -nv
> and
> telnet localhost to see if telnet if running
>
> from the iptables, you should see port 23 open from the ip address needing
> access. you should also be able to telnet to the localhost.
>
Which might tell him if the ports open, but not if there's anything really
listening on the port. gre telnet /etc/inetd.conf is a better starting
point, since he claims is rulebase allows telnet already, this so7unds
like the ports open but there's nothing listening. If he see this
response;
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other
sec reasons> the kill -HUP inetd and also then make sure his
/etc/hosts.allow is setup to allow telnet, especially if he has a
populated /etc/hosts.deny.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
xX+FOhgzqbMgGbGdIhZ4oGE=
=yWtU
-----END PGP SIGNATURE-----
More information about the netfilter
mailing list