firewall protocols

R. DuFresne dufresne at sysinfo.com
Thu Apr 7 22:14:08 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 7 Apr 2005, Vernon A. Fort wrote:

> Ted Gervais wrote:
>
>> I have just discovered that people are not able to telnet to my system and 
>> I have been told that it is not because I don't have the necessary ports 
>> open but rather the problem is because of protocols??
>> 
>> I have no idea what this means and am wondering if someone could explain. 
>> If it is needed I can supply a copy of my firewall  but was wondering 
>> first if anyone has heard of this.
>
> you should be able to list the open port from the iptables command:  iptables 
> -L -nv
> and
> telnet localhost to see if telnet if running
>
> from the iptables, you should see port 23 open from the ip address needing 
> access.  you should also be able to telnet to the localhost.
>

Which might tell him if the ports open, but not if there's anything really 
listening on the port.  gre telnet /etc/inetd.conf is a better starting 
point, since he claims is rulebase allows telnet already, this so7unds 
like the ports open but there's nothing listening.  If he see this 
response;

#telnet stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd

He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other 
sec reasons>  the kill -HUP inetd and also then make sure his 
/etc/hosts.allow is setup to allow telnet, especially if he has a 
populated /etc/hosts.deny.

Thanks,

Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
xX+FOhgzqbMgGbGdIhZ4oGE=
=yWtU
-----END PGP SIGNATURE-----



More information about the netfilter mailing list