* Re: firewall protocols
2005-04-07 19:27 firewall protocols Ted Gervais
@ 2005-04-07 18:35 ` Vernon A. Fort
2005-04-07 20:14 ` R. DuFresne
2005-04-07 22:30 ` Cedric Blancher
2005-04-11 10:45 ` Nick Drage
2 siblings, 1 reply; 8+ messages in thread
From: Vernon A. Fort @ 2005-04-07 18:35 UTC (permalink / raw)
To: netfilter
Ted Gervais wrote:
> I have just discovered that people are not able to telnet to my system
> and I have been told that it is not because I don't have the necessary
> ports open but rather the problem is because of protocols??
>
> I have no idea what this means and am wondering if someone could
> explain. If it is needed I can supply a copy of my firewall but was
> wondering first if anyone has heard of this.
you should be able to list the open port from the iptables command:
iptables -L -nv
and
telnet localhost to see if telnet if running
from the iptables, you should see port 23 open from the ip address
needing access. you should also be able to telnet to the localhost.
Vernon
^ permalink raw reply [flat|nested] 8+ messages in thread
* firewall protocols
@ 2005-04-07 19:27 Ted Gervais
2005-04-07 18:35 ` Vernon A. Fort
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Ted Gervais @ 2005-04-07 19:27 UTC (permalink / raw)
To: netfilter
I have just discovered that people are not able to telnet to my system and
I have been told that it is not because I don't have the necessary ports
open but rather the problem is because of protocols??
I have no idea what this means and am wondering if someone could
explain. If it is needed I can supply a copy of my firewall but was
wondering first if anyone has heard of this.
---
Ted Gervais,
Coldbrook, Nova Scotia, Canada
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 18:35 ` Vernon A. Fort
@ 2005-04-07 20:14 ` R. DuFresne
2005-04-07 22:13 ` Alexander Samad
0 siblings, 1 reply; 8+ messages in thread
From: R. DuFresne @ 2005-04-07 20:14 UTC (permalink / raw)
To: Vernon A. Fort; +Cc: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 7 Apr 2005, Vernon A. Fort wrote:
> Ted Gervais wrote:
>
>> I have just discovered that people are not able to telnet to my system and
>> I have been told that it is not because I don't have the necessary ports
>> open but rather the problem is because of protocols??
>>
>> I have no idea what this means and am wondering if someone could explain.
>> If it is needed I can supply a copy of my firewall but was wondering
>> first if anyone has heard of this.
>
> you should be able to list the open port from the iptables command: iptables
> -L -nv
> and
> telnet localhost to see if telnet if running
>
> from the iptables, you should see port 23 open from the ip address needing
> access. you should also be able to telnet to the localhost.
>
Which might tell him if the ports open, but not if there's anything really
listening on the port. gre telnet /etc/inetd.conf is a better starting
point, since he claims is rulebase allows telnet already, this so7unds
like the ports open but there's nothing listening. If he see this
response;
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other
sec reasons> the kill -HUP inetd and also then make sure his
/etc/hosts.allow is setup to allow telnet, especially if he has a
populated /etc/hosts.deny.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
xX+FOhgzqbMgGbGdIhZ4oGE=
=yWtU
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 20:14 ` R. DuFresne
@ 2005-04-07 22:13 ` Alexander Samad
2005-04-07 23:29 ` R. DuFresne
0 siblings, 1 reply; 8+ messages in thread
From: Alexander Samad @ 2005-04-07 22:13 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]
On Thu, Apr 07, 2005 at 04:14:08PM -0400, R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 7 Apr 2005, Vernon A. Fort wrote:
>
> >Ted Gervais wrote:
> >
> >>I have just discovered that people are not able to telnet to my system
> >>and I have been told that it is not because I don't have the necessary
> >>ports open but rather the problem is because of protocols??
> >>
> >>I have no idea what this means and am wondering if someone could explain.
> >>If it is needed I can supply a copy of my firewall but was wondering
> >>first if anyone has heard of this.
> >
> >you should be able to list the open port from the iptables command:
> >iptables -L -nv
> >and
> >telnet localhost to see if telnet if running
> >
> >from the iptables, you should see port 23 open from the ip address needing
> >access. you should also be able to telnet to the localhost.
> >
>
> Which might tell him if the ports open, but not if there's anything really
> listening on the port. gre telnet /etc/inetd.conf is a better starting
> point, since he claims is rulebase allows telnet already, this so7unds
> like the ports open but there's nothing listening. If he see this
> response;
>
> #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
>
> He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other
> sec reasons> the kill -HUP inetd and also then make sure his
> /etc/hosts.allow is setup to allow telnet, especially if he has a
> populated /etc/hosts.deny.
can always try a netstat -pane | grep 23 to see what is using/listening
on port 23
>
> Thanks,
>
> Ron DuFresne
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
> xX+FOhgzqbMgGbGdIhZ4oGE=
> =yWtU
> -----END PGP SIGNATURE-----
>
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 19:27 firewall protocols Ted Gervais
2005-04-07 18:35 ` Vernon A. Fort
@ 2005-04-07 22:30 ` Cedric Blancher
2005-04-11 10:45 ` Nick Drage
2 siblings, 0 replies; 8+ messages in thread
From: Cedric Blancher @ 2005-04-07 22:30 UTC (permalink / raw)
To: Ted Gervais; +Cc: netfilter
Le jeudi 07 avril 2005 à 16:27 -0300, Ted Gervais a écrit :
> I have just discovered that people are not able to telnet to my system and
> I have been told that it is not because I don't have the necessary ports
> open but rather the problem is because of protocols??
Do you have IPv6 support ? It's a quite common issue with people using
an IPv6 connection not to configure their firewall for this protocol
using ip6tables. Then, they're firewalled for IPv4, but all naked
towards IPv6.
It can be something else, so I think you should post your ruleset.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 22:13 ` Alexander Samad
@ 2005-04-07 23:29 ` R. DuFresne
2005-04-08 0:33 ` Alexander Samad
0 siblings, 1 reply; 8+ messages in thread
From: R. DuFresne @ 2005-04-07 23:29 UTC (permalink / raw)
To: Alexander Samad; +Cc: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 8 Apr 2005, Alexander Samad wrote:
>
>
> can always try a netstat -pane | grep 23 to see what is using/listening
> on port 23
>
And that will work, as long as telnetd is presently being used or used
very recently. Remember inetd, being the super server launches all it
cares for as they are asked for...they run for the time required and then
go sleep, until inetd get a request to relaunch one of the daemons it
manages...
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCVcJWst+vzJSwZikRAjdtAKDOkEvI3kbmsbs2AXni4KPiCWktNQCZAceE
v8tr5NSET+Z6WGM9t3x3YuU=
=XGFv
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 23:29 ` R. DuFresne
@ 2005-04-08 0:33 ` Alexander Samad
0 siblings, 0 replies; 8+ messages in thread
From: Alexander Samad @ 2005-04-08 0:33 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1370 bytes --]
On Thu, Apr 07, 2005 at 07:29:24PM -0400, R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 8 Apr 2005, Alexander Samad wrote:
>
> >
> >
> >can always try a netstat -pane | grep 23 to see what is using/listening
> >on port 23
> >
>
> And that will work, as long as telnetd is presently being used or used
> very recently. Remember inetd, being the super server launches all it
> cares for as they are asked for...they run for the time required and then
> go sleep, until inetd get a request to relaunch one of the daemons it
> manages...
should you still see a listen on port 23 ? the process will be inetd
instead of telnetd - which is why I grepped for 23 and not telentd
>
>
> Thanks,
>
> Ron DuFresne
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCVcJWst+vzJSwZikRAjdtAKDOkEvI3kbmsbs2AXni4KPiCWktNQCZAceE
> v8tr5NSET+Z6WGM9t3x3YuU=
> =XGFv
> -----END PGP SIGNATURE-----
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: firewall protocols
2005-04-07 19:27 firewall protocols Ted Gervais
2005-04-07 18:35 ` Vernon A. Fort
2005-04-07 22:30 ` Cedric Blancher
@ 2005-04-11 10:45 ` Nick Drage
2 siblings, 0 replies; 8+ messages in thread
From: Nick Drage @ 2005-04-11 10:45 UTC (permalink / raw)
To: netfilter
On Thu, Apr 07, 2005 at 04:27:51PM -0300, Ted Gervais wrote:
> I have just discovered that people are not able to telnet to my system and
> I have been told that it is not because I don't have the necessary ports
> open but rather the problem is because of protocols??
>
> I have no idea what this means and am wondering if someone could
> explain. If it is needed I can supply a copy of my firewall but was
> wondering first if anyone has heard of this.
To be honest I think you need to go back to whoever made this remark and
ask them quite what they mean, while following up the suggestions made
elsewhere in the thread. "protocol" could cover a pretty wide range of
things here, ipv6, tcp, or telnet itself; so their diagnosis needs to be
rather more precise.
--
If you always do what you've always done,
you'll always get what you've always got.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-04-11 10:45 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-04-07 19:27 firewall protocols Ted Gervais
2005-04-07 18:35 ` Vernon A. Fort
2005-04-07 20:14 ` R. DuFresne
2005-04-07 22:13 ` Alexander Samad
2005-04-07 23:29 ` R. DuFresne
2005-04-08 0:33 ` Alexander Samad
2005-04-07 22:30 ` Cedric Blancher
2005-04-11 10:45 ` Nick Drage
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.