[j-nsp] juniper-nsp Digest, Vol 55, Issue 33

[Jonathan Brashear]

Perhaps I'm missing something obvious here(it wouldn't be the first
time), but telnet is a tcp application and thus has to communicate in
both directions regardless of the port involved.  If you're blocking tcp
on any non-telnet port(including port 80), I would imagine it's being
discarded on the way back in.

Network Engineer, Managed Services
> 214-981-1954 (office) 
> 214-868-8567 (cell)
> jbrashear at hq.speakeasy.net 
http://www.speakeasy.net
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Kanagaraj
Krishna
Sent: Wednesday, June 27, 2007 12:51 PM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] juniper-nsp Digest, Vol 55, Issue 33

Hi,
   I've applied an input filter (hardening) to protect the routing
engine of an m7i by applying it on the loopback IP. Refer to the config
below. The issue is that, we can't telnet port:80 to any external IP
from the box itself. 
Obviously I've not allowed access to port 80 on my box in the input
filter but why would it affect the outgoing telnet. I tried allowing
port 80 access on the input filter and after that the outgoing telnet
works. Anyone facing the same issue? 

Regards,
Kana


lo0 {
        unit 0 {
            family inet {
                filter {
                    input protect-RE;
                }
                address xxx.xxx.xxx.xxx/32;
            }
        }
    }

firewall {
     filter protect-RE {
---config omitted----
         
         term telnet {
            from {
                protocol tcp;
                port telnet;
            }
            then {
                policer telnet-policer;
                accept;
            }
         }

---config omitted----
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp