[ale] How to test your public internet connection for open ports

Michael H. Warfield mhw at WittsEnd.com
Fri Feb 11 11:46:41 EST 2011 

On Fri, 2011-02-11 at 11:31 -0500, Ron Frazier wrote: 
> Hi Michael W.,
> 
> I'll have to respond to other messages later.  I've spent the entire 
> week typing emails.  I tried the test to your address.  I'll have to try 
> the test to mine later.
> 
> ron at dell-i1525-1:~$ telnet www.wittsend.com 12345
> Trying 130.205.32.81...
> telnet: Unable to connect to remote host: Connection refused
> ron at dell-i1525-1:~$
> 
> The reply took about 1 second.

Sigh...  Yeah, actually, I did forget about one thing.  Can't win them
all.  That would have been a tcp reset you got back from there and not
an ICMP UNREACH.  Forgot how I had my server configured.

-j REJECT --reject-with tcp-reset

Try this one instead.

telnet 130.205.32.5

-j REJECT --reject-with icmp-host-unreachable

That one should give you an ICMP UNREACH HOST_UNREACH.

> Actually, I never said I was blocking all ICMP at the router level.  I 
> said I was blocking ping, because I have it set that way, and I didn't 
> know about the rest.  I also said I was getting green lights on Steve's 
> test.  You'd have to watch with a sniffer or examine logs, which my 
> router doesn't have, to determine exactly what his test does.
> 
> What is interesting, is that I have Firestarter on the PC set to filter 
> ICMP.  Perhaps it shouldn't be.  Anyway, if that reply came in by ICMP, 
> I don't know how I saw it at all.
> 
> Sincerely,
> 
> Ron
> 
> On 02/11/2011 11:03 AM, Michael H. Warfield wrote:
> > Tell you what. Here's another test to try. Telnet to one of my
> > machines from behind your NAT device like this:
> >
> > telnet www.wittsend.com 12345
> >
> > If it hangs for 30-60 seconds, then you are right and you are dropping
> > all ICMP (a bad thing).  If it comes back immediately and says
> > "connection refused" then you may think you are dropping all ICMP but
> > you are not.  Which probably explains why you don't seem more problems
> > than you do.
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110211/a3a9f544/attachment.bin

More information about the Ale mailing list