[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Any HP-UX weenies out there?

To: "Sheflug" <shef-lug [at] xxxxxxxxxxxxxxxxxxx>
Subject: [Sheflug] Any HP-UX weenies out there?
From: "David Morris" <xxxxx [at] xxxxxxxxxxxx>
Date: Wed, 20 Feb 2002 15:20:11 -0000
Envelope-To: <shef-lug [at] list.sheflug.org.uk>
Importance: Normal
List-Help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-Id: Sheflug <shef-lug.list.sheflug.org.uk>
List-Post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-Subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-Unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

Ok, it's way off-topic, but there are many learned people on this group who
may be able to offer up a suggestion...

The scenario:

I have a network in Sheffield and a network in (sunny) Birmingham, both with
firewalls and direct Internet connections. Sheffield is behind a PIX and
Birmingham is behind a Checkpoint Firewall-1.

We believe both firewalls are correctly configured to allow telnet traffic
to respective servers. Indeed, from the HPUX box in Brum, I can telnet into
linux servers in Sheffield.

Trying to go the other way isn't possible. We think we're getting through
the firewall in Birmingham (and access to their mail server on Win95 -
slightly different ruleset but nearly identical) works fine. It looks like
the telnetd daemon on the HPUX box is denying the connection. WIthout the
benefits of tcpdump etc on the HP, it's difficult to see exactly what's
happening though.

There isn't any obvious ACL on the HP machine, and there's nothing strange
in inetd.conf on the telnetd line, so we were wondering what the likelihood
is of the HP box doing something like reverse DNS lookup or some other
attempt at authenticating the incoming connection that we dont know about.

An attempted telnet in comes up with "no route to host" if we try from Win2k
clients on the Sheffield network, and trying from a Cisco router with debug
enabled shows an ICMP message after the port is closed which is the "no
route to host" message. It's a misnomer, because there clearly *is* a route
to host because the mail sever is accessible and both machines are mapped
under the same /28 (or whatever).

If anyone has any suggestions, it'd be appreciated.


--
David Morris
IT Manager, ALLVAC Ltd, Sheffield, UK
work: david [at] allvac.co.uk
home: david [at] brassedoff.net   http://www.davidm.demon.co.uk

___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Any HP-UX weenies out there?
  - From: Richard Stevenson

Prev by Date: Re: [Sheflug] Re: bounces
Next by Date: Re: [Sheflug] bounces
Prev by thread: Re: [Sheflug] Re: bounces
Next by thread: Re: [Sheflug] Any HP-UX weenies out there?
Index(es):
- Date
- Thread