Telnet problem on sun solaris

when u say fails... what is the error?
telnet localhost 80 working means you have a service (prob web server) running on port 80 on local machine
telnet localhost 443 failing just means you don't have a server running on 443 (https) on the local machine.
Have you got a firewall betwen sun box and remote server?

Alternately, you do have a server on 443, but it's an HTTP/S server (that's what usually lives on 443), which you can't talk to with plain Telnet as it doesn't understand SSL/TLS.

Sounds like you're trying to debug a web-site. I suggest looking for website debugging tools. A good place to start would be W3C.org's wget.

Using telnet on port 80 (HTTP) do talk to a webserver is OK
Using telnet on port 443 (HTTPS) to talk to SSL enabled webserver will not work
as telnet has no way of doing the required key exchange for SSL. You will have
to us a SSL client (web browser, usually).

is it https (SSL/TLS) now on port 443, or not?

There is a firewall between the sun box and the remote server. We've opened up port 443 on the firewall though. Like i said, i can telent to the remote server from my local pc on port 443 but it doesnt work from the sun server.( the local host example was just a test)...what i dont understand is if i can telnet to the remote server from my  local pc on port 443, why cant i do it from the sun box?

You need to define "doesn't work" and "failed".  

What are the symptoms?
What are the results?
What results were you expecting?

Do you get a message like?

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

or do you get no messages whatsoever after you type in 'telnet localhost 443'?

when i telnet to local host on 443 i get "Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused"

when i telnet to the remote server on 443 i get "telnet: Unable to connect to remote host: Connection timed out"..thanks

I'd suggest that your firewall is still to blame.  I'd would recheck and make 100% sure that a rule to allow port 443 to your "remote" server allows connections from your Solaris host.

Is the Solaris host in the same network as your PC?
Are the firewall rules allowing connections from Any address, or is it tied down to a particular subnet?

how come i can telnet to the remote server on port 443 from my local pc running xp and cant do it from the solaris server?

also yes the solaris machine is in the same network as your PC adn the firewall rules do allow connections from any address.

please check the file on solaris /etc/services and see if the port 443 is there or not.

You need to configure the telnet daemon to listen on port 443.  If you do perform this, you will no longer have the standard port available to do HTTPS.  I would suggest you forget about telnet, it's very dated now and consider implementing the ssh daemon (for ssh and scp) which offer secure telnet and ftp services (which is what I guessing you really want).

The ssh daemon comes with Solaris 9 (and I think it came with the later releases of Solaris 8).

An introduction to the commands can be found here:
http://docs.sun.com/db/doc/816-0211/6m6nc66m6?q=sshd&a=expand
And you can find out how to configure them here (look at the ssh_config and sshd_config commands):
http://docs.sun.com/db/doc/816-0219/6m6njqbc9?q=sshd&a=view

Best of luck

how can i configure the telnet daemon to listen on port 443?

i've checked the etc/services fle and there is an entry for 443 too..

> .. i can telnet to the remote server on port 443 from my local pc running xp and cant do it from the solaris server

this is either a firewall, or a routing problem.
Please check both.
Then start tcpdump (or ethereal), best on the firewall, and check what packets you see from XP and which from Solaris.

WHat you've described so far has nothing to do with /etc/services, nor telnetd on *your* host (probably on the remote one).
Please also post the command and *all* messages verbatim (could'nt be that difficult:).

are you using a DNS name for the telnet, I mean

   telnet somehost.domain.com 443

or is it an IP

If you're using name and it works from the PC compare the DNS settings of the PC and the Solaris box, maybe they're resolving different IPs

I agree with ahoffman that the problem is firewall (it can't be routing as trance12 can successfully get to the remote server on port 80)

There's been lots of misleading suggestions as to the problem.  Ignore the advice about /etc/services and telnetd, they have nothing to do with the problem.

DNS might be a reason too, tcpdump will tell us ;-)

> .. connect to remote host: Connection timed out"
could be a routing problem also.

It can not be routing problem, since he can connect to port 80.
It can NOT be DNS problem, same reason he can connect to port 80.

There might be setup problem where the outbound traffic for port 443 is not open.(it may be firewall on solaris system). or firewall on PC where u might have prevented request coming from solaris system on port 443, but must have allowed the request coming from your PC on port 443.

what do i have to set up on the sun box to allow trafific on port 443..there is an entry in the etc/services file...and the firewall is open for this port..

what do you mean by
  "allow traffic on port 443"

do want to have a https web-server listening there?
or do want to have any other service listening there (like mail, telnet)?
or what?

ok...basically the remote server has a https server listening there and i need to https  to it on port 443 with a perl script which runs on my solaris machine..the perl script falls over with a connection time out error...so now i'm trying at the unix prompt to see if i can telnet to the https server on port 443 to see if i can reach there..port 443 is open on our firewall..i tried telnetting to the remote server on port 80 and it worked fine..but when i try to telnet or ssh to the remote server on port 443 it fails with the same connection time out problem when i run the perl script...mind you I can telnet to the remote server on port 443 from my local windows PC ....I'm trying to figure out whats stopping me from reaching the remote server from the solaris server on port 443.

run tcpdump on solaris, then   telnet remote 443    again
 tcpdump -l -n host remote and port 443
( and make shure tcpdump listens on the right NIC, note that you need to be root to do that)

Solaris has no tcpdump -- use snoop instead.

To check a plain text connection using telnet (HTTP on port 80)
- telnet myhost 80
  GET / HTTP/1.0

To check a SSL connection using openssl with "s_client" command (HTTPS on port 443)
- openssl s_client -connect myhost:443 -state -debug
  GET / HTTP/1.0

You can also look for "cURL" at http://curl.haxx.se

i get this whn i run the openssl command

warning, not much extra random data, consider using the -rand option
connect: Connection refused
connect:errno=146

sorry..this was the result

warning, not much extra random data, consider using the -rand option
connect: Connection timed out
connect:errno=145

what has telnet to do with openssl?
can we please focus on the initial question/problem

trance12.

Just prove 100% that the firewall is *not* blocking port 443 from the Solaris server.  Can't you post a entry from the FW log that shows it is going through?

In addition, on the remote server, run tcpdump, etherreal (or similar) to see if you can actually see the packets from the Solaris server come through.

Once you've done those two tasks (in particular the last one), you'll eliminate a lot of potential areas and hopefully reduce the number of misleading bits of advice you are getting.

PS:  Not sure if I like the new EE format.

Getting a timout while trying to connect to port 433 using openssl client looks _really_ like a firewall blocking this port.
Run a
  snoop port 443
on your solaris box (I'd call this the client) and try to telnet (or openssl s_client) to your server.
What do you get?

P.S.: ahoffmann, I suggested using openssl with its c_client option as telnet will not work to set up a connection to port 443 (which usually is HTTPS)

hmm, all my Unix/Linux telnet connect to 443 (HTTPS), means that I get at "Connected to .."
So telnet should be sufficient for this simple test.

Getting a "connected to ..." reveals that there is "something" on the other side, but nothing else. If that's sufficient for you (or him) this might be OK -- but I still think there's some kind of firewall in between (that's why I suggested snoop)

JustUNIX, I tottaly agree with you: firewall, snoop etc. (see my first comments)

have you tried using a product called stunnel??
www.stunnel.org
it lets you create an ssl tunnel for tcp connections.
hopefully this helps

stunnel isn't going to make a fig of difference to what trance12 is trying to work out.

You might also try running tail -f on the remote server log to see any pertinent messages.
I'm assuming the remote server is running unix.