Solved

Can ping & resolve, but can't telnet

Posted on 2009-04-09
8
620 Views
Last Modified: 2015-01-05
Hi,

Very weird one so bear with me;

ISP replaced Firewalls last week, but only copied config from old to new, claim no changes made.
Since then server outside the environment cannot set up smtp connection;
Can ping the server name
Can ping & resolve the domain mail.domainname.com okay
Can telnet from anywhere else on the network inside or outside the environment
It is just this one server in a seperate environment, which can ping & resolve but can't telnet on port 25

Very weird, driving us all nuts here as we cannot find why this is happening, ISP deny anything to do with Firewalls, but cannot see any other way round this?
0
Comment
Question by:ukgeeknumber1
8 Comments
 
LVL 3

Expert Comment

by:mikey1h
ID: 24105899
Have you actually tested the port inbound and outbound or are you just taking your isp's word?   Many times ...especially Verizon..... will havee certain ports blocked, and tell the customer different, I think just to avoid having to deal with the situation, and hope the customer just gives up instead of trying to make i work
0
 

Author Comment

by:ukgeeknumber1
ID: 24106040
We have run loads of test, including them monitoring the inbound traffic while we ping from the problem server.  They are still argueing its a configuration issue at our end?
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24106253
Have the isp monitor traffic while attempting to telnet to the "suspect" server.  Ping only tests through layer 3 and this sounds like a layer 4 issue.  The isp should be able to tell you where the disconnect is - or at least verify that the firewall is not the issue.

Can you get local access to the outside server?  This way you can see if you can connect via telnet locally which will eliminate the firewall.
0
 

Author Comment

by:ukgeeknumber1
ID: 24106306
hi, thanks for the responses, will need to check monitoring during a telnet session, if they will do this for us, they are getting hacked off too!

We can get access to the outside server and we can telnet using the FQDN, IP address etc, but just not when we use the mail.domainnam.com  25 for example
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:ukgeeknumber1
ID: 24106651
just as a note, if we run a tracert it runs from the outside servers internal network, across the global network all the way to the ISP's public IP, then fails, then makes one connection to the internal server, then fails again!
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24109236
". . . It is just this one server in a seperate environment . . . "

What does this mean? Are you saying that this is the only server that cannot telnet to port 25? And that this server cannot open an SMTP connection from the outside to the inside? But you can open an SMTP port from the outside to the inside on a different server and presumably a different subnetwork?

One of the earlier posters said this as well, this seems to be a port blocking issue and all the pinging and tracerouting and DNS resolving in the world won't reveal the issue. From your description it sounds as though port 25 is not open globally, but only open to specific source/destinations.

But perhaps I have not clearly understood your issue.

Good luck,
Steve

0
 

Accepted Solution

by:
ukgeeknumber1 earned 0 total points
ID: 24115058
Hi stevej,

You're correct, its just one server that can't telnet or make an smtp connection, other PC's and servers on the same subnet can though!

Which would make me think it's something on that server, BUT it resolves okay, and trace routes across the global network, just fails at the ISP's datacenter public IP.  Which make me convinced it's a port/firewall blocking issue, but ISP deny it.
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24115665
Hmm . . . other PCs on the same subnet as the one that fails *CAN* send SMTP traffic through?

If that's the case, I'd (if it's possible) change the IP address on the *non working* server to an IP address that's being used on a server that works and then try a connection. If that fails, it could be some other form of blocking . . . like limiting the number of devices from that subnet  . . .  Maybe the ISP isn't actually blocking BUT they may have a different subnet mask being appliled and so the *non working* PC appears to them to be on a different subnet . . . which is actually firewalled.

Good luck,
Steve
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now