Solved

Can ping & resolve, but can't telnet

Posted on 2009-04-09
8
636 Views
Last Modified: 2015-01-05
Hi,

Very weird one so bear with me;

ISP replaced Firewalls last week, but only copied config from old to new, claim no changes made.
Since then server outside the environment cannot set up smtp connection;
Can ping the server name
Can ping & resolve the domain mail.domainname.com okay
Can telnet from anywhere else on the network inside or outside the environment
It is just this one server in a seperate environment, which can ping & resolve but can't telnet on port 25

Very weird, driving us all nuts here as we cannot find why this is happening, ISP deny anything to do with Firewalls, but cannot see any other way round this?
0
Comment
Question by:ukgeeknumber1
8 Comments
 
LVL 3

Expert Comment

by:mikey1h
ID: 24105899
Have you actually tested the port inbound and outbound or are you just taking your isp's word?   Many times ...especially Verizon..... will havee certain ports blocked, and tell the customer different, I think just to avoid having to deal with the situation, and hope the customer just gives up instead of trying to make i work
0
 

Author Comment

by:ukgeeknumber1
ID: 24106040
We have run loads of test, including them monitoring the inbound traffic while we ping from the problem server.  They are still argueing its a configuration issue at our end?
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24106253
Have the isp monitor traffic while attempting to telnet to the "suspect" server.  Ping only tests through layer 3 and this sounds like a layer 4 issue.  The isp should be able to tell you where the disconnect is - or at least verify that the firewall is not the issue.

Can you get local access to the outside server?  This way you can see if you can connect via telnet locally which will eliminate the firewall.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:ukgeeknumber1
ID: 24106306
hi, thanks for the responses, will need to check monitoring during a telnet session, if they will do this for us, they are getting hacked off too!

We can get access to the outside server and we can telnet using the FQDN, IP address etc, but just not when we use the mail.domainnam.com  25 for example
0
 

Author Comment

by:ukgeeknumber1
ID: 24106651
just as a note, if we run a tracert it runs from the outside servers internal network, across the global network all the way to the ISP's public IP, then fails, then makes one connection to the internal server, then fails again!
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24109236
". . . It is just this one server in a seperate environment . . . "

What does this mean? Are you saying that this is the only server that cannot telnet to port 25? And that this server cannot open an SMTP connection from the outside to the inside? But you can open an SMTP port from the outside to the inside on a different server and presumably a different subnetwork?

One of the earlier posters said this as well, this seems to be a port blocking issue and all the pinging and tracerouting and DNS resolving in the world won't reveal the issue. From your description it sounds as though port 25 is not open globally, but only open to specific source/destinations.

But perhaps I have not clearly understood your issue.

Good luck,
Steve

0
 

Accepted Solution

by:
ukgeeknumber1 earned 0 total points
ID: 24115058
Hi stevej,

You're correct, its just one server that can't telnet or make an smtp connection, other PC's and servers on the same subnet can though!

Which would make me think it's something on that server, BUT it resolves okay, and trace routes across the global network, just fails at the ISP's datacenter public IP.  Which make me convinced it's a port/firewall blocking issue, but ISP deny it.
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24115665
Hmm . . . other PCs on the same subnet as the one that fails *CAN* send SMTP traffic through?

If that's the case, I'd (if it's possible) change the IP address on the *non working* server to an IP address that's being used on a server that works and then try a connection. If that fails, it could be some other form of blocking . . . like limiting the number of devices from that subnet  . . .  Maybe the ISP isn't actually blocking BUT they may have a different subnet mask being appliled and so the *non working* PC appears to them to be on a different subnet . . . which is actually firewalled.

Good luck,
Steve
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question