[CLUE-Tech] Feeble Mind
David Anselmi
anselmi at americanisp.net
Sat Oct 19 21:14:54 MDT 2002
Keith Hellman wrote:
[...]
> - P can telnet into a yahoo.com mail server - no problemo
> - P tries a telnet session to A with 'telnet A pop3' or 'telnet A smtp'
> and NEVER connects (this is the PROBLEM).
> - W can do both telnet tests - no problemo
> - If W assumes P's IP, W can do both telnet tests - no problemo
> - Both P and W produce the same nmap results against A: that being that
> pop3 and smtp are open.
When you say yahoo mail server I assume you're telnetting to port 110 or 25.
nmap -sT is a TCP connect scan, which should be the same as what telnet
does. So if nmap says the port is open then telnet A pop3 should
connect and say +OK. That it doesn't is puzzling.
Can you get any kind of traffic dump off the firewall appliance?
Rejected packets would be good, or something like tcpdump, especially if
it shows the WAN interface. See what the differences are for the two
machines. If you can't see the traffic on the firewall, tcpdump from a
machine on the hub P and W use would be good. Probably it would show P
sending and nothing coming back.
You can look at the outbound packets from P and W (when they are using
P's IP address) and see what is different. Don't filter out anything on
that hub--you may see P sending but replies going to W (if the router's
arp cache is hosed, for example).
Can you look at the NAT tables on the firewall? If it just does NAT and
not PAT (substitutes source IP but not source port) then you may have
problems with multiple machines going to the same server. Does the
firewall know which connection is which (from P->A and W->A)? That
seems more likely than a firewall on A's end.
Is A at your DSL ISP? With my DSL, Qwest routes my traffic over their
ATM network to my ISP, so at the IP level we look like we're on a point
to point link. In that case there shouldn't be any firewalling between
you and A that would matter.
I'd be interested to hear the resolution, and to look at packet dumps if
you want.
Dave
More information about the clue-tech
mailing list