telnet on local LAN question

Paul Allen Newell pnewell at cs.cmu.edu
Fri Aug 19 03:15:54 UTC 2011


On 8/18/2011 1:32 AM, Roberto Ragusa wrote:
> On 08/18/2011 07:33 AM, Andre Speelmans wrote:
>> On Thu, Aug 18, 2011 at 7:21 AM, Paul Allen Newell<pnewell at cs.cmu.edu>  wrote:
>>> On 8/17/2011 12:49 PM, Roberto Ragusa wrote:
>>>> I would have just duplicated the ssh rule, which works, for port 23.
>>>>
>>>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
>> This rule will not work. The difference being the port. 23 is for
>> telnet (the protocol, not the command). You need the rule with 25,
>> which would be for SMTP and the port the mailserver is probably
>> listening on.
> Of course. I said "23 or 25" everywhere in the mail, assuming it was clear
> that "telnet 25" is a just a trick to connect to the smtp server and is
> not related to the telnet port (23).
>
>

Oh ... it may be clear to you and others that are familiar with this but 
I didn't know ... I just thought I could run telnet and give it a port 
number to use. I was aware that some ports may not like it (as I 
discovered with telnet <name> 22), but this is my first round of dealing 
with ports and I cannot begin to tell you how appreciative I am that the 
replies I am getting are longer rather than shorter to make sure I can 
understand the "why" of the suggstions.

>>> telnet<name>  25 returns with No route to host
>> No route to host??
> "--reject-with icmp-host-prohibited" does that.
>

One of the reasons I am running both telnet <name> 23 and telnet <name> 
25 is to see if something changed while playing in iptables and that I 
didn't muck telnet instead of port 23 (the "no route to host" being my 
safety). I might be being overly cautious, but I do not feel I know 
enough to skip having sanity checks in my testing.

Thanks for confirm on "No route to host" being "icmp-host-prohibited". 
That being said, as I look at the some of the documentation for 
iptables, I would have that message would have been more appropriate for 
"icmp-host-unreachable" ... unreachable implies "can't do" and 
"prohibited" implies "won't do" in my sense of langauge. Trivial point 
above and beyond when "No route to host" changes to "Connection refused" 
I need to understand why there was a change (and I am hoping to find 
that in some of the other emails I am going through)

Paul



More information about the users mailing list