Solved

Can ping & resolve, but can't telnet

Posted on 2009-04-09
8
643 Views
Last Modified: 2015-01-05
Hi,

Very weird one so bear with me;

ISP replaced Firewalls last week, but only copied config from old to new, claim no changes made.
Since then server outside the environment cannot set up smtp connection;
Can ping the server name
Can ping & resolve the domain mail.domainname.com okay
Can telnet from anywhere else on the network inside or outside the environment
It is just this one server in a seperate environment, which can ping & resolve but can't telnet on port 25

Very weird, driving us all nuts here as we cannot find why this is happening, ISP deny anything to do with Firewalls, but cannot see any other way round this?
0
Comment
Question by:ukgeeknumber1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 3

Expert Comment

by:mikey1h
ID: 24105899
Have you actually tested the port inbound and outbound or are you just taking your isp's word?   Many times ...especially Verizon..... will havee certain ports blocked, and tell the customer different, I think just to avoid having to deal with the situation, and hope the customer just gives up instead of trying to make i work
0
 

Author Comment

by:ukgeeknumber1
ID: 24106040
We have run loads of test, including them monitoring the inbound traffic while we ping from the problem server.  They are still argueing its a configuration issue at our end?
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24106253
Have the isp monitor traffic while attempting to telnet to the "suspect" server.  Ping only tests through layer 3 and this sounds like a layer 4 issue.  The isp should be able to tell you where the disconnect is - or at least verify that the firewall is not the issue.

Can you get local access to the outside server?  This way you can see if you can connect via telnet locally which will eliminate the firewall.
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 

Author Comment

by:ukgeeknumber1
ID: 24106306
hi, thanks for the responses, will need to check monitoring during a telnet session, if they will do this for us, they are getting hacked off too!

We can get access to the outside server and we can telnet using the FQDN, IP address etc, but just not when we use the mail.domainnam.com  25 for example
0
 

Author Comment

by:ukgeeknumber1
ID: 24106651
just as a note, if we run a tracert it runs from the outside servers internal network, across the global network all the way to the ISP's public IP, then fails, then makes one connection to the internal server, then fails again!
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24109236
". . . It is just this one server in a seperate environment . . . "

What does this mean? Are you saying that this is the only server that cannot telnet to port 25? And that this server cannot open an SMTP connection from the outside to the inside? But you can open an SMTP port from the outside to the inside on a different server and presumably a different subnetwork?

One of the earlier posters said this as well, this seems to be a port blocking issue and all the pinging and tracerouting and DNS resolving in the world won't reveal the issue. From your description it sounds as though port 25 is not open globally, but only open to specific source/destinations.

But perhaps I have not clearly understood your issue.

Good luck,
Steve

0
 

Accepted Solution

by:
ukgeeknumber1 earned 0 total points
ID: 24115058
Hi stevej,

You're correct, its just one server that can't telnet or make an smtp connection, other PC's and servers on the same subnet can though!

Which would make me think it's something on that server, BUT it resolves okay, and trace routes across the global network, just fails at the ISP's datacenter public IP.  Which make me convinced it's a port/firewall blocking issue, but ISP deny it.
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24115665
Hmm . . . other PCs on the same subnet as the one that fails *CAN* send SMTP traffic through?

If that's the case, I'd (if it's possible) change the IP address on the *non working* server to an IP address that's being used on a server that works and then try a connection. If that fails, it could be some other form of blocking . . . like limiting the number of devices from that subnet  . . .  Maybe the ISP isn't actually blocking BUT they may have a different subnet mask being appliled and so the *non working* PC appears to them to be on a different subnet . . . which is actually firewalled.

Good luck,
Steve
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question