[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 773
  • Last Modified:

Unable to telnet on specific port through firewall

Hi All,

I am having an issue using telnet to open a connection on another LAN segment which is behind a firewall, and on another site. This is from a win 2003 R2 server to a 2008 R2 server, both virtualised on esx hosts.

The error in both directions is:
Could not open connection to the host on port 8143, connect failed

A trace route and ping work fine both ways, I can telnet to another server in the same subnet, and can also telnet to the destination server from another machine in that subnet.

I have allowed the port through the firewall (pair of Nokia IP390) and can see in the logs that the traffic is hitting the firewall and being allowed (when trying both ways).

Trace route shows that the connectiosn hits the above firewall, then a Nortel 5510-48T switch, and on to a Cisco 3662 router before finally hitting the server. trace back the other way shows it hitting the Nortel 5510-48T switch and then on to the nokia firewall.

Any ideas as to what the problem could be? or what troubleshooting can be done in this situation? as I'm almost certain the firewall is correctly configured to allow this port and this is the only obstacle on route.

cheers!
0
bankhall
Asked:
bankhall
  • 4
1 Solution
 
Craig BeckCommented:
Are you allowing established connections through the firewall in the opposite direction?
0
 
bankhallAuthor Commented:
yes as the rule to allow this port is bi directional.
0
 
SouljaCommented:
Are there any ACL's on the 3662 router?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
bankhallAuthor Commented:
yes! just checked and there's an ACL on that interface only. after a quick test that was the problem.
I will add some entries to the ACL shortly and confirm that this was the problem and then accept solution.
Thanks very much for that pointer - have been fighting with this one on and off for some time now!
0
 
bankhallAuthor Commented:
Have now edited the ACL and problem solved!

thanks again!
0
 
bankhallAuthor Commented:
There was an ACL on the Cisco Router specific to only one interface. It was controlling only traffic coming in from that interface and was stopping and traffic from established connections also
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now