Inbound Port 23 TCP/IP loss question - OS2

This is a discussion on Inbound Port 23 TCP/IP loss question - OS2 ; I have a strange issue where two MCP2 latest everything Fix Packs, with the same Intel 915GAVL Motherboard and Intel NIC 10/100 chips, plus the same PEER drivers, setup, and everything in the MPTN and TCP/IP LAN operations are concerned. ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Inbound Port 23 TCP/IP loss question

  1. Inbound Port 23 TCP/IP loss question

    I have a strange issue where two MCP2 latest everything Fix Packs, with the
    same Intel 915GAVL Motherboard and Intel NIC 10/100 chips, plus the same PEER
    drivers, setup, and everything in the MPTN and TCP/IP LAN operations are
    concerned. Both boxes work fine for DHCP connection via the same Linksys 54GL
    Router and my Suddenlink Cable modem. No problems with browser, operations amd
    either proxy or non-proxy service with SMK 1.1.11 latest or TelNet outbound.

    I also have HyperAccess for OS/2 and HyperHost installed on both of them. Same
    exact installation procedures and setup data. I also have and use HAPRO and
    HHost on a number of other boxes just like this perfectly well.

    OK, I can connect INBOUND to one of the boxes in question via TCP/IP operations
    just fine. But try as I might, I cannot get the second box to accept any
    connection to HHOST on it! Same Port 23, everything.

    I've verified that the complete HHOST operation on the box that doesn't work on
    TCP/IP HHOST service works fine with a POTS telephone line connection HHOST
    enablement. Same as the other one that does work with HHOST on Port 23 TCP/IP
    for me.

    What should I be looking for as to why I can't hit this one box on Port 23
    inbound? Neither one of them has any kind of firewall installed that should be
    blocking this. I can Ping the good box from afar and get a return, but not the
    bad one. No, I've not tried IPtrace yet at this, that's a complex issue, but
    maybe the only way I'll get anything. Aside from that ..

    Any suggestions? Thanks!

    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  2. Re: Inbound Port 23 TCP/IP loss question

    Do you have the OS/2 firewall running ? Get Zampa to configure it the
    easy way. I think there is also some logging capability that should tell
    you if inbound port 23 is really getting discarded or if it does not
    even get to the box.

    Lars

    Mike Luther schrieb:
    > I have a strange issue where two MCP2 latest everything Fix Packs, with
    > the same Intel 915GAVL Motherboard and Intel NIC 10/100 chips, plus the
    > same PEER drivers, setup, and everything in the MPTN and TCP/IP LAN
    > operations are concerned. Both boxes work fine for DHCP connection via
    > the same Linksys 54GL Router and my Suddenlink Cable modem. No problems
    > with browser, operations amd either proxy or non-proxy service with SMK
    > 1.1.11 latest or TelNet outbound.
    >
    > I also have HyperAccess for OS/2 and HyperHost installed on both of
    > them. Same exact installation procedures and setup data. I also have
    > and use HAPRO and HHost on a number of other boxes just like this
    > perfectly well.
    >
    > OK, I can connect INBOUND to one of the boxes in question via TCP/IP
    > operations just fine. But try as I might, I cannot get the second box
    > to accept any connection to HHOST on it! Same Port 23, everything.
    >
    > I've verified that the complete HHOST operation on the box that doesn't
    > work on TCP/IP HHOST service works fine with a POTS telephone line
    > connection HHOST enablement. Same as the other one that does work with
    > HHOST on Port 23 TCP/IP for me.
    >
    > What should I be looking for as to why I can't hit this one box on Port
    > 23 inbound? Neither one of them has any kind of firewall installed that
    > should be blocking this. I can Ping the good box from afar and get a
    > return, but not the bad one. No, I've not tried IPtrace yet at this,
    > that's a complex issue, but maybe the only way I'll get anything. Aside
    > from that ..
    >
    > Any suggestions? Thanks!
    >


  3. Re: Inbound Port 23 TCP/IP loss question

    On Sat, 23 Aug 2008 04:55:15 UTC, Mike Luther wrote:

    > I have a strange issue where two MCP2 latest everything Fix Packs, with the
    > same Intel 915GAVL Motherboard and Intel NIC 10/100 chips, plus the same PEER
    > drivers, setup, and everything in the MPTN and TCP/IP LAN operations are
    > concerned. Both boxes work fine for DHCP connection via the same Linksys 54GL
    > Router and my Suddenlink Cable modem. No problems with browser, operations amd
    > either proxy or non-proxy service with SMK 1.1.11 latest or TelNet outbound.
    >
    > OK, I can connect INBOUND to one of the boxes in question via TCP/IP operations
    > just fine. But try as I might, I cannot get the second box to accept any
    > connection to HHOST on it! Same Port 23, everything.


    Your description is not quite clear....a cable modem and a router usually means
    you only have 1 real IP address - and uses NAT in the router, and Internal IP
    addresses on the connected PC's.
    Such a setup makes it impossible to route a specific port to more than 1 PC.

    If this is not the your setup - describe the network a bit better.

    --
    Allan.

    It is better to close your mouth, and look like a fool,
    than to open it, and remove all doubt.

  4. Re: Inbound Port 23 TCP/IP loss question

    Thanks Allan ..

    Allan wrote:

    > Your description is not quite clear....a cable modem and a router usually means
    > you only have 1 real IP address - and uses NAT in the router, and Internal IP
    > addresses on the connected PC's.
    > Such a setup makes it impossible to route a specific port to more than 1 PC.
    >
    > If this is not the your setup - describe the network a bit better.


    Cable modem goes to router. Router provides internal IP addresses on connected
    PC's through DHCP only in this case. For other physical and space reasons in
    this case, although the router can handle more than one PC, I can't use but one
    at a time on it. I can fire up either of the two test boxes connected
    alternately through the same CAT 5 LAN jack alternately, one at a time. Since
    both are configured for DHCP addressing, they both get different local address
    numbers as connected. Actually, one is being assigned .106; the other .107 and
    ping time tests from each one outbound are the same.

    And there is no setup issue with the router to block anything different between
    any computer plugged into it.

    I am aware of the ability to assign different TCP/IP port traffic to specific
    computers using fixed addressing if wanted. Do use that at other sites. And
    in the case of DHCP addressing, I do use software firewall tools on other
    individual boxes. But in this case, for initial setup and configuration
    purposes, there is, no software firewall setup on either box.

    Yet one box works fine totally for WAN use including HHOST on port 23. The bad
    boy box does not! Yet both are (in theory) set up exactly the same way. My
    best guess is that there is something wrong with the protocol definitions, or
    something like that on the bad boy unit.

    From long ago, I sort of recall the ability to fool with specific port
    blocking in the OS/2 raw LAN use setup operations without going to software
    firewall tools, but can't remember how to get started simply on this. Maybe
    someone else who was working with the bad boy box has done that unawares to me.
    But maybe I'm wrong at that .. dunno.

    Maybe this will help those trying to help me.


    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  5. Re: Inbound Port 23 TCP/IP loss question

    Thanks Lars!

    Lars Erdmann wrote:

    > Do you have the OS/2 firewall running ? Get Zampa to configure it the
    > easy way. I think there is also some logging capability that should tell
    > you if inbound port 23 is really getting discarded or if it does not
    > even get to the box.
    >
    > Lars
    >


    No firewall on either box (yet). I've never run the OS/2 firewall before, have
    and use Injoy's product for years. But never thought about that for logging
    that could be used for test purposes! I'll go back and think through the
    process of what you suggest.

    Thanks.

    In the meantime, as posted towards to Allan, isn't there some setting somewhere
    in the .INI files for OS/2, something toward port range blocking? My fuzzy
    mind is tweaking me from long ago on this.

    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  6. Re: Inbound Port 23 TCP/IP loss question

    > From long ago, I sort of recall the ability to fool with specific port
    > blocking in the OS/2 raw LAN use setup operations without going to
    > software firewall tools, but can't remember how to get started simply on
    > this. Maybe someone else who was working with the bad boy box has done
    > that unawares to me. But maybe I'm wrong at that .. dunno.


    I don' have a network therefore I am not sure but maybe file IBMLAN.INI
    ? Somewhere on your system you should find information of that the
    contents of that file mean. Or maybe you have to create a LAN user on
    every one of those boxes and you forgot to do that on the box that does
    not work (look for "NET.ACC" on the internet) ?

    But maybe it's easier to get started with the OS/2 built in firewall and
    specifically open port 23 for TCP. That should do.

    For OS/2 firewall to work this should be in your config.sys:
    DEVICE=D:\MPTN\PROTOCOL\IPSEC.SYS
    DEVICE=D:\MPTN\PROTOCOL\FWIP.SYS
    DEVICE=D:\MPTN\PROTOCOL\CDMF.SYS
    DEVICE=D:\MPTN\PROTOCOL\MD5.SYS
    DEVICE=d:\mptn\protocol\des.sys

    Then, get Zampa to configure the firewall:

    http://hobbes.nmsu.edu/pub/os2/util/...p/zampa10b.zip

    and/or more info here:
    http://www.os2site.com/sw/internet/firewall/index.html



    Or recheck your Injoy firewall (does it have one ?) and see if it allows
    logging rejected connections. As much as I understand, port 23 is
    normally used by Telnet and a preferred port for attacks. Maybe Injoy
    and/or OS/2 rejects connections on that port by default.


    Lars

  7. Re: Inbound Port 23 TCP/IP loss question

    On Sat, 23 Aug 2008 13:03:54 UTC, Mike Luther wrote:

    >
    > Cable modem goes to router. Router provides internal IP addresses on connected
    > PC's through DHCP only in this case. For other physical and space reasons in
    > this case, although the router can handle more than one PC, I can't use but one
    > at a time on it. I can fire up either of the two test boxes connected
    > alternately through the same CAT 5 LAN jack alternately, one at a time. Since
    > both are configured for DHCP addressing, they both get different local address
    > numbers as connected. Actually, one is being assigned .106; the other .107 and
    > ping time tests from each one outbound are the same.


    The router can usually only be setup to forward all incoming traffic to 1 single IP.
    It looks like your router is setup to route all to .106 - which makes .107 see nothing.

    I would try to setup the bad box with fixed IP .106 instead of DHCP, or setup
    the bad box to use the same MAC address as the good box - the the router
    will think it is the same box, and give it same IP.

    > And there is no setup issue with the router to block anything different between
    > any computer plugged into it.


    It can only send incoming traffic to 1 PC - and it has to know which one.


    --
    Allan.

    It is better to close your mouth, and look like a fool,
    than to open it, and remove all doubt.

  8. Re: Inbound Port 23 TCP/IP loss question

    In , on 08/25/2008
    at 11:50 AM, "Allan" said:

    >On Sat, 23 Aug 2008 13:03:54 UTC, Mike Luther
    >wrote:


    >>
    >> Cable modem goes to router. Router provides internal IP addresses on connected
    >> PC's through DHCP only in this case. For other physical and space reasons in
    >> this case, although the router can handle more than one PC, I can't use but one
    >> at a time on it. I can fire up either of the two test boxes connected
    >> alternately through the same CAT 5 LAN jack alternately, one at a time. Since
    >> both are configured for DHCP addressing, they both get different local address
    >> numbers as connected. Actually, one is being assigned .106; the other .107 and
    >> ping time tests from each one outbound are the same.


    >The router can usually only be setup to forward all incoming traffic to 1
    >single IP. It looks like your router is setup to route all to .106 -
    >which makes .107 see nothing.


    >I would try to setup the bad box with fixed IP .106 instead of DHCP, or
    >setup the bad box to use the same MAC address as the good box - the the
    >router will think it is the same box, and give it same IP.
    >
    >> And there is no setup issue with the router to block anything different between
    >> any computer plugged into it.


    >It can only send incoming traffic to 1 PC - and it has to know which one.


    Assuming this is the problem you may be able to have the router map a
    different port to the second system and translate the port number to 23 in
    the process. If your router cannot translate the port number you could
    simply start the telnet server on a different port on one of the systems
    and then forward that port from the router.

    -- Dave
    -----------------------------------------------------------
    dhdurgeeverizonnet
    -----------------------------------------------------------


  9. Re: Inbound Port 23 TCP/IP loss question

    Found and I'm stunned as to the pig trail ..

    Allan wrote:
    > On Sat, 23 Aug 2008 13:03:54 UTC, Mike Luther wrote:
    >
    >> Cable modem goes to router. Router provides internal IP addresses on connected
    >> PC's through DHCP only in this case. For other physical and space reasons in
    >> this case, although the router can handle more than one PC, I can't use but one
    >> at a time on it. I can fire up either of the two test boxes connected
    >> alternately through the same CAT 5 LAN jack alternately, one at a time. Since
    >> both are configured for DHCP addressing, they both get different local address
    >> numbers as connected. Actually, one is being assigned .106; the other .107 and
    >> ping time tests from each one outbound are the same.

    >
    > The router can usually only be setup to forward all incoming traffic to 1 single IP.
    > It looks like your router is setup to route all to .106 - which makes .107 see nothing.
    >
    > I would try to setup the bad box with fixed IP .106 instead of DHCP, or setup
    > the bad box to use the same MAC address as the good box - the the router
    > will think it is the same box, and give it same IP.
    >
    >> And there is no setup issue with the router to block anything different between
    >> any computer plugged into it.

    >
    > It can only send incoming traffic to 1 PC - and it has to know which one.
    >
    >


    It WAS related to the other error in which I was chasing a strange OLE error on
    this same bad boy box for SmartSuite update and Lotus 123 applications! If you
    read the thread on the OLE error solution, you'll see I finally tracked that
    one down to a 'zero' length SOMD database file in \OS2\ETC\DSOM. That was
    years ago produced by users at the facility who insisted on working with Lotus
    123 on files that were actually on a PEERLAN OS/2 server. They would edit or
    work with a file, that was actually at times tried to be worked by two separate
    workstations at once, as well as people who would go do this, then walk off
    from the bench and just leave the application and file open for even DAYS at a
    time. Hard lock country big time.

    They'd just flip the power switch multiple times and scream when things didn't
    work according to my tech records. Sigh ....

    Well, turns out from the research, that even with totally correct SOM.IR files,
    it seems that if the SOM operation during the boot run gets hit with a zero
    length database file, it can't even update it no matter what! And THAT was the
    cause of the whole SmartSuite OLE error mess. As well, memory or thread
    errors, whatever, can hurt the TCP/IP game as well, strangely.

    Plus, even though UNIMAINT didn't see it, there was huge .INI file corruption
    that CHECKINI saw, and in half a dozen passes fixed, except for one curious
    OpenDoc error it couldn't fix. Yes. OpenDoc was a SOM based application too
    and I have no idea how this one got back into this mess. Which I hand smunched
    with UNIMAINT. POOF, back working SmartSuite.

    Now this is the crazy part! I took another look at the whole TCP/IP and MPTS
    setup game, chose to redo it. Guess what?

    Working HHOST application on the Linksys WRT54GL router. Which was set for
    routing the port 23 application to the local address it needed to be. But
    somehow in all this mess, the box just couldn't see fed to it.

    Wow ..

    I have another PEER LAN question next. But new thread please.

    Thanks to everyone who contributed here. I hope this also can help others.


    --


    --> Sleep well; OS2's still awake!

    Mike Luther

+ Reply to Thread