Perhaps I'm missing something obvious here(it wouldn't be the first time), but telnet is a tcp application and thus has to communicate in both directions regardless of the port involved. If you're blocking tcp on any non-telnet port(including port 80), I would imagine it's being discarded on the way back in.
Network Engineer, Managed Services > 214-981-1954 (office) > 214-868-8567 (cell) > [EMAIL PROTECTED] http://www.speakeasy.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kanagaraj Krishna Sent: Wednesday, June 27, 2007 12:51 PM To: [email protected] Subject: Re: [j-nsp] juniper-nsp Digest, Vol 55, Issue 33 Hi, I've applied an input filter (hardening) to protect the routing engine of an m7i by applying it on the loopback IP. Refer to the config below. The issue is that, we can't telnet port:80 to any external IP from the box itself. Obviously I've not allowed access to port 80 on my box in the input filter but why would it affect the outgoing telnet. I tried allowing port 80 access on the input filter and after that the outgoing telnet works. Anyone facing the same issue? Regards, Kana lo0 { unit 0 { family inet { filter { input protect-RE; } address xxx.xxx.xxx.xxx/32; } } } firewall { filter protect-RE { ---config omitted---- term telnet { from { protocol tcp; port telnet; } then { policer telnet-policer; accept; } } ---config omitted---- _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
