From owner-freebsd-questions Wed Jan 17 7:39:36 2001 Delivered-To: freebsd-questions@freebsd.org Received: from utterlux.hq.communitconnect.com (unknown [206.28.215.90]) by hub.freebsd.org (Postfix) with ESMTP id 8A34B37B400 for ; Wed, 17 Jan 2001 07:39:16 -0800 (PST) Received: from localhost (marius@localhost) by utterlux.hq.communitconnect.com (8.11.1/8.11.1) with ESMTP id f0HFcsT44064; Wed, 17 Jan 2001 10:38:57 -0500 (EST) (envelope-from marius@mail.communityconnect.com) X-Authentication-Warning: utterlux.hq.communitconnect.com: marius owned process doing -bs Date: Wed, 17 Jan 2001 10:38:54 -0500 (EST) From: Marius X-Sender: marius@utterlux.hq.communitconnect.com To: Trevin Chow Cc: questions@freeBSD.org Subject: Re: Can't Telnet but can SSH? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (Redirecting to -questions, cause it goes there) *chuckle* I think the other repondent to your post was correct, but let me chime in to clearify things. Most DNS queries and responces are 'udp' unless the total transmission is of a certain size or larger, then they are sent 'tcp.' (I should know the cutoff point, but It is early in the morning for me.) So small transmissions, like just resolving your domain name were sent 'udp,' but when you asked for a 'SOA' record, the transmission was too big, and thus it was in 'tcp.' As for the telnet sessions: I assume other people can telent to the hosts you mention? If so, from your description it sounds like you have contacted the host, but somebody is refusing to some of the higer port numbers to continue a normal telnet session. It could be because they can't resolve you correctly, but that is not the only possibility. On Tue, 16 Jan 2001, Trevin Chow wrote: > > I think I'm having some problems with my firewall rules > regarding telnet and it may have to do with my NS setup. > > 1) Whenever I try to telnet to 2 external hosts (my university and another > host), I connect, and right before it displays the "login:" prompt, > it says "Connection closed by foreign host". > > However, I can SSH to these same hosts. > > 2) I'm acting as my own NS for my domain. > > On my freebsd box, if I do an `nslookup` and `set type=SOA`, and > enter my domain, everything is okay and it reports everything as expected. > > However, on an external system, if I do the same thing, it says: > "can't find mydomain.com: Non-existent host/domain". > > It should also be noted that if I do a regular `nslookup` WITHOUT `set > type=SOA`, then then it resolves to my correct IP on both internal and > external boxes. > > Is there some type of firewall traffic that maybe I'm denying? > I'm using a default deny based firewalling system and the onyl rule I have > to allow DNS traffic in /etc/rc.firewall is: > > add pass udp from any to ${oip} 53 > > Maybe I'm missing something? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > --------------------- Marius Community Connect Inc. Desk = 212.505.7511 ext: 222 (infrequently manned) cell = 347.386.4345 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message