'telnet, help....'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    telnet, help....
From:       "Efren Bravo" <efrenba () dhl ! gcc ! cu>
Date:       2005-12-07 20:02:05
Message-ID: WorldClient-F200512071549.AA49210040 () dhl ! gcc ! cu
[Download RAW message or body]

Hi there,

I've several services running on my private lan including three telnet
servers (SCO, HP-UX and freeBSD). The problem is from outside of the lan
is impossible to establish connection to the telnet servers mentioned
previously no matter unix's version.  
  
This is my network layout:

(Internet)  
   |
(Private LAN)
 |||||+PCs
 ||||+-mail Server
 |||+--www Server
 ||+---SCO Telnet  
 |+----HP-UX Telnet
 +-----freeBSD Telnet

I've gathered all the necessary information about it.  
As you could see in ipfstat -t the problem is only with telnet, other
services running inside the lan works perfectly like internel web and mail.

gw# ipfstat
-----------
bad packets:            in 0    out 0
 IPv6 packets:          in 0 out 10
 input packets:         blocked 1057 passed 190422 nomatch 0 counted 0 short 0
output packets:         blocked 310 passed 243250 nomatch 10 counted 0 short 0
 input packets logged:  blocked 1057 passed 30
output packets logged:  blocked 310 passed 30
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 336        lost 0
packet state(out):      kept 5767       lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  63281   (out):  133219
IN Pullups succeeded:   48      failed: 0
OUT Pullups succeeded:  386     failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      144742
Packet log flags set: (0)
        none

gw# ipfstat -i
--------------
pass in quick on sis0 all
pass in quick on lo0 all
block in quick on vr0 from 127.0.0.0/8 to any
block in quick on vr0 from 0.0.0.0/8 to any
block in quick on vr0 from 169.254.0.0/16 to any
block in quick on vr0 from 192.0.2.0/24 to any
block in quick on vr0 from 204.152.64.0/23 to any
block in quick on vr0 from 224.0.0.0/3 to any
block in quick on vr0 from any to any with frag
block in quick on vr0 proto tcp from any to any with short
block in quick on vr0 from any to any with opt lsrr
block in quick on vr0 from any to any with opt ssrr
block in log first quick on vr0 proto tcp from any to any flags FPU/FSRPAU
block in quick on vr0 from any to any with ipopts
block in quick on vr0 proto icmp from any to any icmp-type echo
block in quick on vr0 proto tcp from any to any port = auth
block in log first quick on vr0 proto tcp/udp from any to any port =
netbios-ns
block in log first quick on vr0 proto tcp/udp from any to any port =
netbios-dgm
block in log first quick on vr0 proto tcp/udp from any to any port =
netbios-ssn
block in log first quick on vr0 proto tcp/udp from any to any port = hosts2-ns
pass in log quick on vr0 proto tcp from any to any port = telnet flags
S/FSRPAU keep state
pass in quick on vr0 proto tcp from any to any port = http flags S/FSRPAU
keep state
pass in quick on vr0 proto tcp from any to any port = smtp flags S/FSRPAU
keep state
block in log first quick on vr0 all

gw# ipfstat -o
--------------
pass out quick on sis0 all
pass out quick on lo0 all
pass out quick on vr0 proto tcp from any to 192.168.10.5/32 port = domain
flags S/FSRPAU keep state
pass out quick on vr0 proto udp from any to 192.168.10.5/32 port = domain
keep state
pass out quick on vr0 proto tcp from any to 192.168.10.11/32 port = domain
flags S/FSRPAU keep state
pass out quick on vr0 proto udp from any to 192.168.10.11/32 port = domain
keep state
pass out quick on vr0 proto tcp from any to any port = http flags S/FSRPAU
keep state
pass out quick on vr0 proto tcp from any to any port = ftp flags S/FSRPAU
keep state
pass out quick on vr0 proto tcp from any to any port = rdp flags S/FSRPAU
keep state
pass out quick on vr0 proto tcp from any to any port = smtp flags S/FSRPAU
keep state
pass out quick on vr0 proto icmp from any to any icmp-type echo keep state
block out log first quick on vr0 all

ipnat.rules
-----------
map vr0 7.96.160.0/24 -> 192.168.80.2/32 proxy port ftp ftp/tcp
map vr0 7.96.160.0/24 -> 192.168.80.2/32
rdr vr0 192.168.80.2/32 port 23 -> 7.96.160.19 port 23 tcp
rdr vr0 192.168.80.2/32 port 80 -> 7.96.160.4 port 80 tcp
rdr vr0 192.168.80.2/32 port 25 -> 7.96.160.4 port 25 tcp

Logs ipf:
---------
Dec  7 14:59:55 gw ipmon[317]: 14:59:54.653994 vr0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S IN NAT
Dec  7 14:59:55 gw ipmon[317]: 14:59:54.654023 sis0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S OUT
Dec  7 14:59:58 gw ipmon[317]: 14:59:57.715747 vr0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S IN NAT
Dec  7 14:59:58 gw ipmon[317]: 14:59:57.715769 sis0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S OUT
Dec  7 15:00:04 gw ipmon[317]: 15:00:03.731398 vr0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S IN NAT
Dec  7 15:00:04 gw ipmon[317]: 15:00:03.731418 sis0 @0:21 p
192.168.80.7,1039 -> 7.96.160.19,23 PR tcp len 20 48 -S K-S OUT

gw# ipfstat -t
--------------
Source IP             Destination IP         ST   PR   #pkts    #bytes   
   ttl
7.96.160.15,3549      192.168.80.7,3389     5/5  tcp    1605    108002
119:59:00
200.55.168.202,58789  7.96.160.4,25         5/5  tcp      14       900
119:59:34
192.168.80.7,1039     7.96.160.19,23        2/0  tcp       6       288   
  2:20

gw# tcpdump -n -i vr0 port 23
-----------------------------
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
15:15:23.195766 IP 192.168.80.7.1053 > 192.168.80.2.23: S
3471411579:3471411579(0) win 16384 <mss 1460,nop,nop,sackOK>
15:15:26.207400 IP 192.168.80.7.1053 > 192.168.80.2.23: S
3471411579:3471411579(0) win 16384 <mss 1460,nop,nop,sackOK>
15:15:32.223093 IP 192.168.80.7.1053 > 192.168.80.2.23: S
3471411579:3471411579(0) win 16384 <mss 1460,nop,nop,sackOK>

gw# tcpdump -n -i sis0 port 23
------------------------------
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on sis0, link-type EN10MB (Ethernet), capture size 96 bytes
15:18:10.684535 IP 192.168.80.7.1057 > 7.96.160.19.23: S
1467522316:1467522316(0) win 16384 <mss 1460,nop,nop,sackOK>
15:18:13.552735 IP 192.168.80.7.1057 > 7.96.160.19.23: S
1467522316:1467522316(0) win 16384 <mss 1460,nop,nop,sackOK>
15:18:19.568436 IP 192.168.80.7.1057 > 7.96.160.19.23: S
1467522316:1467522316(0) win 16384 <mss 1460,nop,nop,sackOK>


Thanks...
I'll wait for your help.




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic