Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 662
  • Last Modified:

Can ping & resolve, but can't telnet

Hi,

Very weird one so bear with me;

ISP replaced Firewalls last week, but only copied config from old to new, claim no changes made.
Since then server outside the environment cannot set up smtp connection;
Can ping the server name
Can ping & resolve the domain mail.domainname.com okay
Can telnet from anywhere else on the network inside or outside the environment
It is just this one server in a seperate environment, which can ping & resolve but can't telnet on port 25

Very weird, driving us all nuts here as we cannot find why this is happening, ISP deny anything to do with Firewalls, but cannot see any other way round this?
0
ukgeeknumber1
Asked:
ukgeeknumber1
1 Solution
 
mikey1hCommented:
Have you actually tested the port inbound and outbound or are you just taking your isp's word?   Many times ...especially Verizon..... will havee certain ports blocked, and tell the customer different, I think just to avoid having to deal with the situation, and hope the customer just gives up instead of trying to make i work
0
 
ukgeeknumber1Author Commented:
We have run loads of test, including them monitoring the inbound traffic while we ping from the problem server.  They are still argueing its a configuration issue at our end?
0
 
2PiFLCommented:
Have the isp monitor traffic while attempting to telnet to the "suspect" server.  Ping only tests through layer 3 and this sounds like a layer 4 issue.  The isp should be able to tell you where the disconnect is - or at least verify that the firewall is not the issue.

Can you get local access to the outside server?  This way you can see if you can connect via telnet locally which will eliminate the firewall.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ukgeeknumber1Author Commented:
hi, thanks for the responses, will need to check monitoring during a telnet session, if they will do this for us, they are getting hacked off too!

We can get access to the outside server and we can telnet using the FQDN, IP address etc, but just not when we use the mail.domainnam.com  25 for example
0
 
ukgeeknumber1Author Commented:
just as a note, if we run a tracert it runs from the outside servers internal network, across the global network all the way to the ISP's public IP, then fails, then makes one connection to the internal server, then fails again!
0
 
SteveJCommented:
". . . It is just this one server in a seperate environment . . . "

What does this mean? Are you saying that this is the only server that cannot telnet to port 25? And that this server cannot open an SMTP connection from the outside to the inside? But you can open an SMTP port from the outside to the inside on a different server and presumably a different subnetwork?

One of the earlier posters said this as well, this seems to be a port blocking issue and all the pinging and tracerouting and DNS resolving in the world won't reveal the issue. From your description it sounds as though port 25 is not open globally, but only open to specific source/destinations.

But perhaps I have not clearly understood your issue.

Good luck,
Steve

0
 
ukgeeknumber1Author Commented:
Hi stevej,

You're correct, its just one server that can't telnet or make an smtp connection, other PC's and servers on the same subnet can though!

Which would make me think it's something on that server, BUT it resolves okay, and trace routes across the global network, just fails at the ISP's datacenter public IP.  Which make me convinced it's a port/firewall blocking issue, but ISP deny it.
0
 
SteveJCommented:
Hmm . . . other PCs on the same subnet as the one that fails *CAN* send SMTP traffic through?

If that's the case, I'd (if it's possible) change the IP address on the *non working* server to an IP address that's being used on a server that works and then try a connection. If that fails, it could be some other form of blocking . . . like limiting the number of devices from that subnet  . . .  Maybe the ISP isn't actually blocking BUT they may have a different subnet mask being appliled and so the *non working* PC appears to them to be on a different subnet . . . which is actually firewalled.

Good luck,
Steve
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now