Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

telneting remotely to a server through a firewall

Posted on 2012-09-05
21
Medium Priority
?
643 Views
Last Modified: 2012-09-18
I need an outside organization to be able to telnet in to our domain controller.  We have a firewall and I have set up a NAT for the server with the internal/public IP address.  I have also set up a firewall rule that allows access from that person's pc to our DC.  We have tried all day and have not been able to get the access to work.  Originally I was trying to have him connect to the exchange server and it never worked for ldap or ldaps.  He was able to connect on port 25 once.  But then we realized it was the DC he had to connect to and he cannot access it.  Telnet is just not connecting.  I'm not sure what is missing.  At one point I was setting up the rule to just access ldap or ldaps - but finally opened it up to any service.  Any ideas?
0
Comment
Question by:cindyfiller
  • 9
  • 8
  • 2
19 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38370553
What router / firewall do you have and is Telnet configured on the firewall as a method of remote configuration?

We use a Draytek and you can use Telnet to manage it remotely, but the port can be changed to non-standard (TCP port 23), to allow the port to pass to an internal server.

Presumably you can telnet to the server internally on the port you are trying to use?
0
 

Author Comment

by:cindyfiller
ID: 38370586
We have a sonicwall and yes we can telnet through it.  (we were successful the one time to exchange on port 25 - but not on any other server or port).    I can telnet internally to the DC using port 636.  It just doesn't make sense to me and I'm not the best with the firewall.  But this rule seems pretty straight forward.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38370594
Okay - so with port 636 you would need to open the port and forward it to the relevant server.

I'm not familiar with how to achieve this on a Sonicwall, but it shouldn't be too complicated!

When telnetting I hope people are specifying the port e.g., telnet 123.123.123.123 636
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:cindyfiller
ID: 38370688
Yes we are using the port number when telneting.  When you say forward it to the relevant server, what do you mean?  I know that port 636 is open and listening on the DC.  And that is the access rule I created was for the DC.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38373213
Okay - if you can telnet to the server on port 636 internally and the Access Rule on the firewall is configured correctly, is the Windows Firewall allowing Telnet through from the internet?
0
 

Author Comment

by:cindyfiller
ID: 38374055
I have the windows firewall off (on the server they are trying to connect to)
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1600 total points
ID: 38374081
Okay - I would focus on the Sonicwall Rules / or whatever is needed to make sure that the port is open to the world.  It sounds like you haven't configured it properly yet.

If you go to (on the server) www.canyouseeme.org and test port 636 do you see SUCCESS?
0
 

Author Comment

by:cindyfiller
ID: 38374196
Interesting - didn't know you go test a port like that.  It is timing out.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38374201
Yep - it should work for any port.

If you can focus on the Sonicwall - I think you should find the root of the problem there.

Can't guide you as I don't know / have experience of Sonicwalls unfortunately, but it sounds like something isn't configured properly.
0
 

Author Comment

by:cindyfiller
ID: 38374212
I would think it would be pretty easy...  I have a nat for the internal and external IP's of the service.  I've created a service group so that includes ldaps, ldap, telnet.  And then I created the rule allowing that person's external IP to come into the server.  Seems simple!  

I've been trying to get ahold of support - but that isn't always quick. I hope they will call back tomorrow morning.  

Thanks for the time so far... will update you when I know.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38374226
Well - I would hope it would be easy too, but you never know.

What model is it?
0
 
LVL 27

Assisted Solution

by:tliotta
tliotta earned 400 total points
ID: 38375596
Are you sure telnet (port 23) is going to make it through your ISP? The fact that port 25 worked indicates that SMTP is allowed through your ISP, and that's not uncommon, as port 80 would similarly be allowed. But other protocols may need special arrangements.

Tom
0
 

Author Comment

by:cindyfiller
ID: 38376021
One of the services I gave them access to was telnet so it should work.  I'm playing telephone tag with Sonicwall so hope to talk to them this morning.
0
 

Author Comment

by:cindyfiller
ID: 38377875
Ended up having 2 issues - one with a Nat on the firewall and one with the server now being set up for ldaps.  The first has been fixed and can now telnet to ldap - but not ldaps.

Can I award points for being so helpful?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38377894
They are your points - distribute them how you like.

Just glad it is resolved.  Hope the ldaps issues gets resolved quickly.

Don't forget to mark your last comment as the Solution and if you want to give points to any other comment / comments, then feel free, but you are not obliged to.  Points should be awarded for correct answers or helpful comments, not just turning up!!

Alan
0
 

Author Comment

by:cindyfiller
ID: 38388351
I had created the internal to external NAT but not the external to internal NAT.  That is why the rule was not working.  This person was very helpful in pointing me to the right solution.

It turns out that the ldaps is because I don't have ldaps turned on in the domain controller.  That is another issue that will have to be resolved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38388813
Did you select the correct comment as the solution?
0
 
LVL 27

Expert Comment

by:tliotta
ID: 38389347
It's hard to argue with getting points, but points should be awarded as appropriate. My comment was intended only as an item that can be overlooked. If it was irrelevant to the solution, then it should only receive an equivalent number of points. Points may be split and multiple comments may be designated as parts of a solution or simply as being helpful.

I would not object to a reconsideration. If an answer is correct, that should be the chosen comment.

Tom
0
 

Author Comment

by:cindyfiller
ID: 38400206
Oh my - I did not mean to offend anyone.  I thought Alan had done all replies and I see that one person did another one and that is the one I awarded points to.  I did not intend to do that.   Can you please award 400 points to  http:#a38374081 and 100 to  http:#a38375596
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licenā€¦
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question