Re: Remote telnet through firewall failing
From: John (ibis.john_at_rogers.com)
Date: Sun, 19 Dec 2004 12:14:27 -0500
Bill Vermillion wrote:
> In article <h4idnSKUmvfq9ljcRVnfirstname.lastname@example.org>,
> John <ibis.john@rogersdotcom> wrote:
>>Jean-Pierre Radley wrote:
>>> John typed (on Sat, Dec 18, 2004 at 07:10:54PM -0500):
>>> | Jean-Pierre Radley wrote:
>>> | >
>>> | > From the SCO machine, can you ping or traceroute or get to any
>>> | > arbitray host on the Internet?
>>> | Oddly enough, no. I can get to all the LAN but not to the WAN.
>>> | Clever of you to ask.
>>> Then you can't communicate into it either.
>>Investigating your question had actually led me to this same brilliant
>>deduction, for which I thank you, but I regret to say that subsequent
>>reading on the subject of routing has not led me any further. What
>>baffles me is that my Linux machines are accessible by telnet from outside
>>(if I reset the firewall to forward port 23 to them) but my SCO machine is
>>not. Somewhere there has to be something to make that route back, but I've
>>run out of ideas for where to look.
>>> How far does a traceroute get from the SCO box?
>>About this far:
>># traceroute 126.96.36.199
>>traceroute to 188.8.131.52 (184.108.40.206), 30 hops max, 40 byte packets
>> 1 gateway (192.168.1.1) 10 ms 0 ms 0 ms
>> 2 * * *
>>But the Linux machines go further:
>>$ traceroute 220.127.116.11
>>traceroute to 18.104.22.168 (22.214.171.124), 30 hops max, 38 byte packets
>> 1 192.168.1.1 (192.168.1.1) 1.004 ms 0.963 ms 0.958 ms
>> 2 fake.domain.rogers.com (xx.xxx.x74.1) 23.582 ms 20.293 ms 25.139 ms
>>... and so on, all the way to locate the required IP.
> I went back and looked at your other post with the netstat output.
> You have the default gateway to be 192.168.1.1. But maybe I'm
> misreading things but I also see that the route for all
> addresses in the 192.168.1 net to be 192.168.1.2.
> The traceroute above shows that the name of the 192.168.1.1 is
> called gateway, but on the Linux machine that there is no name
> in your hosts or DNS [whatever you are using] so that on that
> machine the name is substitued with the IP address.
Thanks for the observations, Bill. I have altered the routing to:
Destination Gateway Flags Refs Use Interface
default 192.168.1.1 UGS 0 221 net1
127.0.0.1 127.0.0.1 UH 2 332 lo0
192.168.1.2 127.0.0.1 UGHS 4 26 lo0
since the entry removed entry did seem to justify your criticism.
None of the Linux machines have /etc/hosts entries for the gateway, but on
the SCO machine 192.168.1.1 is identified as 'gateway' in /etc/hosts from
earlier when I was futzing about having trouble with local telnet and
trying whatever seemed potentially helpful. That is also likely where the
worthless route originated.
Regretably, this change does not improve things. Remote telnet still fails,
and traceroute to the WAN still dies at the gateway, but only for SCO.
-- John Turner