Yesterday I saw a strange problem – connection from outside to Exchange in a LAN times out, while in Tracker all connections to port 25 are in green. Strange was that through VPN client-to-site and from inside LAN all worked prefectly well. So I wasn’t sure 100% it wasn’t a firewall causing this. The next best way to check it would be telnet from inside NGX (R65 in this case) to port 25 to Exchange by its LAN IP … only that Checkpoint don’t have telnet client included in their Splat . If I had enough time I’d compile telnet client statically on some Linux box with the same kernel/libraries then’d copy it to NGX for testing, but to do it ASAP I hacked a small AWK script that emulates (just enough fo ra test) telnet, below these scripts .
BTW this script made it 100% clear there was some problem with Exchange over which I had no control – from firewall its port 25 answered very erratically – once ok , 10 times connection refused. So after a double check
client found that from LAN and VPN it also wasn’t stable as he first thought .
General telnet client script :
[Expert@cp]# awk -v ip=192.168.0.1 -v port=25 -f telnet.awk
Where:
ip - IP to connect to
port – port to connect to
#!/usr/bin/awk
#This is a simple telnet emulation script purpose of which
# is to try to connect to a given IP on a given port using TCP
# and print to the terminal few lines received from the server
# if session is established. It has no functionality but to
# establish a TCP connection and print out received text from the
# server, after that it just exits.It was created to debug
# connectivity issues on Checkpoint NGX firewall that has no built
# in telnet client .
# Client
BEGIN {
(”/inet/tcp/0/” ip “/” port ) |& getline
print $0
close((”/inet/tcp/0/” ip “/” port ))
}
Next is the same cript with add on for port 80 – to get some response from web server:
#!/usr/bin/awk
BEGIN {
Portandip = (”/inet/tcp/0/” ip “/” port )
print “GET / HTTP/1.1\n\n” |& Portandip
while ( ((”/inet/tcp/0/” ip “/” port ) |& getline)>0)
print $0
close((”/inet/tcp/0/” ip “/” port ))
}
Post a Comment