firewall protocols

Alexander Samad alex at samad.com.au
Fri Apr 8 00:13:51 CEST 2005


On Thu, Apr 07, 2005 at 04:14:08PM -0400, R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, 7 Apr 2005, Vernon A. Fort wrote:
> 
> >Ted Gervais wrote:
> >
> >>I have just discovered that people are not able to telnet to my system 
> >>and I have been told that it is not because I don't have the necessary 
> >>ports open but rather the problem is because of protocols??
> >>
> >>I have no idea what this means and am wondering if someone could explain. 
> >>If it is needed I can supply a copy of my firewall  but was wondering 
> >>first if anyone has heard of this.
> >
> >you should be able to list the open port from the iptables command:  
> >iptables -L -nv
> >and
> >telnet localhost to see if telnet if running
> >
> >from the iptables, you should see port 23 open from the ip address needing 
> >access.  you should also be able to telnet to the localhost.
> >
> 
> Which might tell him if the ports open, but not if there's anything really 
> listening on the port.  gre telnet /etc/inetd.conf is a better starting 
> point, since he claims is rulebase allows telnet already, this so7unds 
> like the ports open but there's nothing listening.  If he see this 
> response;
> 
> #telnet stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
> 
> He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other 
> sec reasons>  the kill -HUP inetd and also then make sure his 
> /etc/hosts.allow is setup to allow telnet, especially if he has a 
> populated /etc/hosts.deny.


can always try a netstat -pane | grep 23 to see what is using/listening
on port 23

> 
> Thanks,
> 
> Ron DuFresne
> - -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
> 
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
> 
>                 -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> 
> iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
> xX+FOhgzqbMgGbGdIhZ4oGE=
> =yWtU
> -----END PGP SIGNATURE-----
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter/attachments/20050408/14faad2b/attachment.bin


More information about the netfilter mailing list