Yesterday I saw a strange problem – connection from outside to Exchange in a LAN times out, while in Tracker all connections to port 25 are in green. Strange was that through VPN client-to-site and from inside LAN all worked prefectly well. So I wasn’t sure 100% it wasn’t a firewall causing this. The next best way to check it would be telnet from inside NGX (R65 in this case) to port 25 to Exchange by its LAN IP … only that Checkpoint don’t have telnet client included in their Splat . If I had enough time I’d compile telnet client statically on some Linux box with the same kernel/libraries then’d copy it to NGX for testing, but to do it ASAP I hacked a small AWK script that emulates (just enough fo ra test) telnet, below these scripts .
BTW this script made it 100% clear there was some problem with Exchange over which I had no control – from firewall its port 25 answered very erratically – once ok , 10 times connection refused. So after a double check
client found that from LAN and VPN it also wasn’t stable as he first thought .
General telnet client script :
[Expert@cp]# awk -v ip=192.168.0.1 -v port=25 -f telnet.awk
Where:
ip - IP to connect to
port – port to connect to
#!/usr/bin/awk
#This is a simple telnet emulation script purpose of which
# is to try to connect to a given IP on a given port using TCP
# and print to the terminal few lines received from the server
# if session is established. It has no functionality but to
# establish a TCP connection and print out received text from the
# server, after that it just exits.It was created to debug
# connectivity issues on Checkpoint NGX firewall that has no built
# in telnet client .
# Client
BEGIN {
(“/inet/tcp/0/” ip “/” port ) |& getline
print $0
close((“/inet/tcp/0/” ip “/” port ))
}
Next is the same cript with add on for port 80 – to get some response from web server:
#!/usr/bin/awk
BEGIN {
Portandip = (“/inet/tcp/0/” ip “/” port )
print “GET / HTTP/1.1\n\n” |& Portandip
while ( ((“/inet/tcp/0/” ip “/” port ) |& getline)>0)
print $0
close((“/inet/tcp/0/” ip “/” port ))
}
PS Thanks to Aibulat (see comments) for info, turns out there is a telnet client available on Splat cd-rom .It is just not installed by default when installing Splat.
Follow me on Twitter
Thanks this is very helpful.
Great site….hope you have more updates.
T.S
There is telnet client in cd
#expert
#mount /mnt/cdrom
#cd /mnt/cdrom/SecurePlatform/RPMS
#rpm -i telnet-0.17*
Thanks for the info, indeed there is a telnet client/server that doesnt get installed by default.
Nice Blog,
saw Checkpoint has what they call “Add-On Utils”
but only for Kernel 2.4
has Telnet, Minicom and vixie-cron
release notes : http://downloads.checkpoint.com/dc/download.htm?ID=3168
-Somynona
Thanks
Probably R55 didnt have telnet at all so this add-on. NGX have telnet/telnetd on Splat disk already available.