Unable to telnet on specific port through firewall

Posted on 2011-05-04
Last Modified: 2012-05-11
Hi All,

I am having an issue using telnet to open a connection on another LAN segment which is behind a firewall, and on another site. This is from a win 2003 R2 server to a 2008 R2 server, both virtualised on esx hosts.

The error in both directions is:
Could not open connection to the host on port 8143, connect failed

A trace route and ping work fine both ways, I can telnet to another server in the same subnet, and can also telnet to the destination server from another machine in that subnet.

I have allowed the port through the firewall (pair of Nokia IP390) and can see in the logs that the traffic is hitting the firewall and being allowed (when trying both ways).

Trace route shows that the connectiosn hits the above firewall, then a Nortel 5510-48T switch, and on to a Cisco 3662 router before finally hitting the server. trace back the other way shows it hitting the Nortel 5510-48T switch and then on to the nokia firewall.

Any ideas as to what the problem could be? or what troubleshooting can be done in this situation? as I'm almost certain the firewall is correctly configured to allow this port and this is the only obstacle on route.

Question by:bankhall
    LVL 44

    Expert Comment

    by:Craig Beck
    Are you allowing established connections through the firewall in the opposite direction?

    Author Comment

    yes as the rule to allow this port is bi directional.
    LVL 26

    Accepted Solution

    Are there any ACL's on the 3662 router?

    Author Comment

    yes! just checked and there's an ACL on that interface only. after a quick test that was the problem.
    I will add some entries to the ACL shortly and confirm that this was the problem and then accept solution.
    Thanks very much for that pointer - have been fighting with this one on and off for some time now!

    Author Comment

    Have now edited the ACL and problem solved!

    thanks again!

    Author Closing Comment

    There was an ACL on the Cisco Router specific to only one interface. It was controlling only traffic coming in from that interface and was stopping and traffic from established connections also

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now