From: Alexander Samad <alex@samad.com.au>
To: netfilter@lists.netfilter.org
Subject: Re: firewall protocols
Date: Fri, 8 Apr 2005 08:13:51 +1000 [thread overview]
Message-ID: <20050407221351.GA8563@samad.com.au> (raw)
In-Reply-To: <Pine.LNX.4.60.0504071609440.23293@darkstar.sysinfo.com>
[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]
On Thu, Apr 07, 2005 at 04:14:08PM -0400, R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 7 Apr 2005, Vernon A. Fort wrote:
>
> >Ted Gervais wrote:
> >
> >>I have just discovered that people are not able to telnet to my system
> >>and I have been told that it is not because I don't have the necessary
> >>ports open but rather the problem is because of protocols??
> >>
> >>I have no idea what this means and am wondering if someone could explain.
> >>If it is needed I can supply a copy of my firewall but was wondering
> >>first if anyone has heard of this.
> >
> >you should be able to list the open port from the iptables command:
> >iptables -L -nv
> >and
> >telnet localhost to see if telnet if running
> >
> >from the iptables, you should see port 23 open from the ip address needing
> >access. you should also be able to telnet to the localhost.
> >
>
> Which might tell him if the ports open, but not if there's anything really
> listening on the port. gre telnet /etc/inetd.conf is a better starting
> point, since he claims is rulebase allows telnet already, this so7unds
> like the ports open but there's nothing listening. If he see this
> response;
>
> #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
>
> He needs to vi /etc/inetd.conf to enable telnet <and with tcpd for other
> sec reasons> the kill -HUP inetd and also then make sure his
> /etc/hosts.allow is setup to allow telnet, especially if he has a
> populated /etc/hosts.deny.
can always try a netstat -pane | grep 23 to see what is using/listening
on port 23
>
> Thanks,
>
> Ron DuFresne
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCVZSVst+vzJSwZikRAi1AAJ4lcGiGAAo4nNFMFI5M4cEja7s0jwCcDI18
> xX+FOhgzqbMgGbGdIhZ4oGE=
> =yWtU
> -----END PGP SIGNATURE-----
>
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-04-07 22:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-07 19:27 firewall protocols Ted Gervais
2005-04-07 18:35 ` Vernon A. Fort
2005-04-07 20:14 ` R. DuFresne
2005-04-07 22:13 ` Alexander Samad [this message]
2005-04-07 23:29 ` R. DuFresne
2005-04-08 0:33 ` Alexander Samad
2005-04-07 22:30 ` Cedric Blancher
2005-04-11 10:45 ` Nick Drage
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050407221351.GA8563@samad.com.au \
--to=alex@samad.com.au \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.