The Web Hikers guide to
Outpost Firewall

Home > Rules > Preset Rules > Telnet

Telnet

Bottom

There are preset rules for the following telnet clients:

SecureCRT
AlphaCom Terminal Emulator
Anzio
Com
Emu
IVT
KoalaTerm
Mocha
NetTerm
Nexus Mainframe Terminal
Putty
Quick3270
ShellTelnet
TelStar
Telnet Streamer
TN3270

AlphaCom telnet connection
Anzio telnet connection
Com telnet connection
Emu telnet connection
IVT telnet connection
KoalaTerm telnet connection
Mocha telnet connection
NetTerm telnet connection
Nexus Mainframe Terminal telnet connection
Putty telnet connection
Quick3270 telnet connection
ShellTelnet telnet connection
TelStar telnet connection
Telnet Streamer connection
TN3270 telnet connection

Protocol: TCP
Direction: Outbound
Remote Port(s): TELNET (23)
Action: Allow It

What it's for

The TELNET protocol is used by Telnet clients to login remotely to another computer and execute commands on that computer. Your mostly likely to have to use a Telnet client to access your schools e-mail, I have never ever used a Telnet client but I've seen my brother use one to get his Uni e-mail. It seemed to be all text based and geeky as hell. They can also be used to play primative text based games called MUD's.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the host your trying to TELNET to.
More about Telnet
Back to Telnet

Glossary Bottom Top

Secure Telnet connection

Protocol: TCP
Direction: Outbound
Remote Port(s): SSH (22)
Action: Allow It

What it's for

SSH (Secure Shell). As above but with encryption.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the host your trying to TELNET to.
Back to Telnet

Glossary Bottom Top

Com FTP connection

Protocol: TCP
Direction: Outbound
Remote Port(s): FTP (21)
Action: Allow It

What it's for

This rule is used for establishing FTP (File Transfer Protocol) connections to FTP servers to download a file.

FTP uses two channels to achieve the transfer, there is the control connection (this rule) which is used to send the necessary commands to achieve the transfer and a data channel (see FTP DATA) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP
Back to Telnet

Glossary Bottom Top

Com FTP DATA connection

Protocol: TCP
Direction: Inbound
Remote Port(s): FTP DATA (20)
Action: Allow It

What it's for

This rule is used for the actual transfer of files from an FTP (File Transfer Protocol) server.

FTP uses two channels to achieve the transfer, there is the control connection (see FTP) which is used to send the necessary commands to achieve the transfer and a data channel (this rule) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP DATA
Back to Telnet

Glossary Bottom Top

Com PASV FTP connection

There are two rules, one for Inbound and one for Outbound.

Protocol: TCP
Direction: Inbound
Local Port(s): 1024-65535
Action: Allow It

Protocol: TCP
Direction: Outbound
Remote Port(s): 1024-65535
Action: Allow It

What it's for

These rules are used for FTP transfers when using Passive FTP mode instead of Active FTP mode. An explanation of Passive and Active FTP is in order:

Active FTP
Com uses the FTP and FTP DATA rules for Active FTP transfers. In Active FTP transfers the client (in this case Com) connects from a random unprivileged local port (those over port number 1023) to the servers FTP command port (21) to let the server know that it is waiting for a connection from the server. The client then starts listening on a port 1 number higher then the port it opened the connection on. So if your client connects to an FTP server from local port 1024 and establishes a connection with the servers FTP command port, the client would then start listening on port 1025 for incoming connections from the FTP server. Once the client starts listening the server establishes a connection from its FTP DATA port (20) to your local port that the client is now listening on.

This doesn't cause problems if you don't have a firewall, but when you do it can cause all kinds of headaches. The reason it is such a problem for a firewalled system is that the client doesn't initiate the transfer. It just tells the FTP server what port it's listening on and lets the FTP server establish a connection from the servers FTP DATA port. Firewalls normally block connections like this, otherwise anyone could connect to the listening port.

In order to get round this problem Passive FTP mode (PASV) was developed

Passive FTP
Passive FTP makes the client responsible for initiating both connections. The client opens two random local unprivileged ports with the second being one number high then the first (so if the first port is 1055 the second is 1056). The client then contacts the server FTP command port (21) from the first port it opened (in this example 1055).

Now here is the difference. Instead of asking the server to connect form it's FTP DATA port to a random local port on the client, the client tells the server (by sending the PASV command) to open a random unprivileged port of it's own (for this example 1026). The server then tells the client what port it's awaiting a connection on and the client connects from it's second port (in this example 1056) to the servers now listening port 1026. Thus both connections are initiated by the client and the client side firewall doesn't block the connection because it was started by the client.

But wait a minute! Doesn't this cause all kinds of problems for the server side firewall?
Yes it does, but servers have away round this. Most FTP servers allow a server administrator to specify a range of local ports the FTP server is allowed to open and use.

I have never used Com, but you may have the option to choose either Passive or Active FTP.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP, FTP DATA
Back to Telnet

Glossary Bottom Top

Anzio rlogin connection

Protocol: TCP
Direction: Outbound
Remote Port(s): LOGIN (513)
Action: Allow It

What it's for

Allows you to login remotely to the Telnet client.
Back to Telnet

Glossary Bottom Top

Com incoming telnet connection

Protocol: TCP
Direction: Inbound
Local Port(s): TELNET (23)
Action: Allow It

What it's for

This is the same as the TELNET rule except it is for incoming TELNET connections.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the host your trying to TELNET to.
More about Telnet
Back to Telnet

Glossary Bottom Top

KoalaTerm echo connection

Protocol: TCP
Direction: Outbound
Remote Port(s): Echo (7)
Action: Allow It

What it's for

For performing Outbound TCP pings or so I believe. Anyone use a TELNET client confirm this or why Koala needs to be able to do this?
Back to Telnet

Glossary Top

Outpost and the Outpost logo are ©Agnitum Software

This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.

Guide/site and images ©Stephen Cox