• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Cannot telnet "out" from sbs server

I am running sbs 2003 r2 permium.

all of the isa rules are the out-of-the-box config.

from any of the coputers inside my network I can telnet out to remote site unix servers

from the sbs box itself it does not connect ie. "Connecting to fqdn.com... Could not open connection to the host, on port 23: Connect failed

the reason i need to telnet "out" from the box itself is to install "ipsentry" as a service and have it test the telnet connections with the offsite servers to monitor and report on their up/down status.
0
jessequijano
Asked:
jessequijano
  • 4
  • 3
1 Solution
 
Keith AlabasterCommented:
Add localhost to the from tab on the outbound access rule.
0
 
jessequijanoAuthor Commented:
there is no outbound access rule specific to telnet.

I tried adding localhost to the "sbs internet access rule" but that did not work
0
 
Keith AlabasterCommented:
Are you using the ISA firewall client on work stations?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jessequijanoAuthor Commented:
yes
0
 
Keith AlabasterCommented:
That is likely why it works on the clients and not on the server. The ISA firewall client will 'carry' the user credentials aspart of the traffic - so when ISA asks the telnet session for the user credentials - as set by the sbs_Internet rule - the firewall client can give them. For the server this does not happen.

Create a new rule in ISA above the normal sbs_internet rule allowing telnet to pass from localhost to external - all users. Apply the policy and job done.
0
 
jessequijanoAuthor Commented:
worked like a charm.  now what should i worry about with this rule in place as far as compromising the security of the server and the network in general?
0
 
Keith AlabasterCommented:
none really - because you have set it from localhost only, that rule will only work when the request originates from the SBS box. Assuming no-one else is allowed to log on locally to the SBS server then the rule will not apply to anyone else :)

because it is an access rule it is not available to incoming users either.

keith
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now