Re: telnet on local LAN question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/18/2011 1:32 AM, Roberto Ragusa wrote:
> On 08/18/2011 07:33 AM, Andre Speelmans wrote:
>> On Thu, Aug 18, 2011 at 7:21 AM, Paul Allen Newell<pnewell@xxxxxxxxxx>  wrote:
>>> On 8/17/2011 12:49 PM, Roberto Ragusa wrote:
>>>> I would have just duplicated the ssh rule, which works, for port 23.
>>>>
>>>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
>> This rule will not work. The difference being the port. 23 is for
>> telnet (the protocol, not the command). You need the rule with 25,
>> which would be for SMTP and the port the mailserver is probably
>> listening on.
> Of course. I said "23 or 25" everywhere in the mail, assuming it was clear
> that "telnet 25" is a just a trick to connect to the smtp server and is
> not related to the telnet port (23).
>
>

Oh ... it may be clear to you and others that are familiar with this but 
I didn't know ... I just thought I could run telnet and give it a port 
number to use. I was aware that some ports may not like it (as I 
discovered with telnet <name> 22), but this is my first round of dealing 
with ports and I cannot begin to tell you how appreciative I am that the 
replies I am getting are longer rather than shorter to make sure I can 
understand the "why" of the suggstions.

>>> telnet<name>  25 returns with No route to host
>> No route to host??
> "--reject-with icmp-host-prohibited" does that.
>

One of the reasons I am running both telnet <name> 23 and telnet <name> 
25 is to see if something changed while playing in iptables and that I 
didn't muck telnet instead of port 23 (the "no route to host" being my 
safety). I might be being overly cautious, but I do not feel I know 
enough to skip having sanity checks in my testing.

Thanks for confirm on "No route to host" being "icmp-host-prohibited". 
That being said, as I look at the some of the documentation for 
iptables, I would have that message would have been more appropriate for 
"icmp-host-unreachable" ... unreachable implies "can't do" and 
"prohibited" implies "won't do" in my sense of langauge. Trivial point 
above and beyond when "No route to host" changes to "Connection refused" 
I need to understand why there was a change (and I am hoping to find 
that in some of the other emails I am going through)

Paul

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux