?
Solved

Can't telnet (NAT firewall)

Posted on 2005-04-28
8
Medium Priority
?
874 Views
Last Modified: 2008-03-17
I have an internal network behind a NAT firewall (with DSL modem)
I have a static ip at the modem, 216.184.30.35.
I have forwarded TCP ports 10100-10190 to 192.168.0.101, which is the local static ip address of my SuSE 9.2 machine.
I have stopped/started xinetd.

Yet, when someone from the outside telnets me, it doesn't work:

$ telnet 216.184.30.35 10100
Trying 216.184.30.35...
telnet: Unable to connect to remote host: Connection refused

What's missing?
0
Comment
Question by:omom
8 Comments
 
LVL 1

Expert Comment

by:apsivam
ID: 13892129
whats your iptables redirection rule? if possible provide the exact command entered

--
Sivam
www.emmeskay.com
0
 
LVL 17

Expert Comment

by:ccomley
ID: 13892735
If it's a real firewall, i.e. it has Firewall Rules as *well* as merely NAT and Nat-forwarding, then have you created a Permit Lan-WAN for that port as well as mapping in the inbound NAT?

I presume you *can* access the telnet port from inside the firewall?

And I assume the SuSE machine will accept a connection from outside the local network not just *on* the local network?

0
 
LVL 1

Expert Comment

by:iom100uk
ID: 13893540
what port on the local machine have you forwarded it to? telnet listens on 22 by default, so won't answer if your directing your traffic to 10100.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:omom
ID: 13894272
>whats your iptables redirection rule? if possible provide the exact command entered
I haven't done anything with iptables.
What should i do?
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


>If it's a real firewall, i.e. it has Firewall Rules as *well* as merely NAT and Nat-forwarding,
>then have you created a Permit Lan-WAN for that port as well as mapping in the inbound NAT?
I don't know what a Permit Lan-Wan is, so i guess i haven't
What does this do? How do I do it?

>I presume you *can* access the telnet port from inside the firewall?
Hmmm...no
#telnet 216.184.30.35
Trying 216.184.30.35...
telnet: connect to address 216.184.30.35: Connection refused

>And I assume the SuSE machine will accept a connection from outside the local network not just *on* the local network?
No, the original test is from outside the network, which doesn't work.

>what port on the local machine have you forwarded it to?
>telnet listens on 22 by default,
>so won't answer if your directing your traffic to 10100.
My understanding of port forward is not that I'm directing all traffic to a specific port,
but rather, allowing traffic on a specific port thru, such forward port 10100 does not affect port 22
or any other port.  Is this not correct?
Do I need to forward port 22?
0
 
LVL 88

Expert Comment

by:rindi
ID: 13894687
I STRONGLY advise you not to use telnet, but rather SSH. Telnet uses clear text with passwords etc, SSH uses encryption. Disable telnet on your SuSE server and enable SSH. If you want to connect to a SSH client from a windows machine you can use putty as a client.
0
 
LVL 1

Expert Comment

by:iom100uk
ID: 13894698
you need to forward traffic arriving at the firewall on port 10100 to port 22 on the local machine. I suggest you go and read and understand more about tcp/ip with respect to firewalls.

0
 

Author Comment

by:omom
ID: 13894826
>> I STRONGLY advise you not to use telne
this is merely a first step.
What i'm really trying to do is get globus running (www.globus.org)
0
 
LVL 9

Accepted Solution

by:
fixnix earned 500 total points
ID: 13895145
First off, Telnet by default listens on 23, not 22 (22 is SSH which you really should be using anyway, first step or not).

>>I presume you *can* access the telnet port from inside the firewall?
>Hmmm...no
>#telnet 216.184.30.35
>Trying 216.184.30.35...
>telnet: connect to address 216.184.30.35: Connection refused

when trying locally, use the local address (192.168.0.101).
(also no need to be doing this as root...better start reading up on security and general good practices in adminning your system(s))

Also, if your router (the DSL modem) allows you to redirect ports, you'll need to forward the external TCP 10100 port to internal 23 on 192.168.0.101.
If your router ony allows forwarding to the same port (no redirection) then you'll either need to forward external 23 to internal 23 on 192.168.0.101, OR change the port telnet is listening on (can't remember where that is done offhand since telnet has been a big fat no-no to use publicly for quite some time now.....years and years even)

If you decide to use SSH instead of Telnet, the procedure is the same as for telnet except you'll be forwarding to port 22 instead of 23.

To change SSHd's listening port, edit the sshd_config file (typically in /etc/ssh/).  there is a line that says "Port 22".  Change 22 to 10100 or whatever port you decide on using.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question