how to verify if a port is open or closed 4

[DColcl]

Troubleshooting an issue with server communications and I would like to know how I can check on a Cisco 1700 if ports 135, 137, 138, 139 and 445 are open to TCP and UDP.

I can get to the Enabled side of the router but do not know where to go from there. Even after I do a ? at the prompt.

Any help would be apprciated.

Danny

 

[SQL2KDBA69]

well first thing are you running NAT on your server?

 

[KiscoKid]

Please paste a copy of the current running configuration (using the show run command)

 

[DColcl]

okay. when I get back to the office I will try to save it to a .txt file. My other attemps to Copy/paste didn't seem to work. <sigh>.

Thank you both for your reponses.

And yes, we are running NAT.

Danny

 

[watchguardmonkey]

if you are running NAT then unless you have a static NAT mapping from the outside interface to the inside interface on these ports, or to a specific host on the inside, then these ports will not be accessable from the external interface of the router, but will by default be allowed out from the inside!

hth.

 

[DColcl]

well, this post was just to teach me how I can verify if certain ports are open. I do know that they are because I'm able to execute telnet/ping, etc. on all but one server.

now, there is our setup.

Scenerio:

Site 1: 192.168.170.x (this is the WINS, DNS, AD, etc.)

Site 2: 192.168.155.x (this has been configured to communicate with Site 1 and does with the the AD Controller.

Problem:
there is a data server (192.168.170.30) at Site 1 that the server at Site 2 is unable to telnet, ping.

When doing a tracert I see that the request seem to pass from the router of Site 2 to the Router of Site 1, but from here it dies.

Cisco routers 1700 at both ends with Nat enabled.

Is there a WINS or DNS configuration that I'm missing on the server at Site 1....192.168.170.30?

Danny

 

[watchguardmonkey]

you really need to post up your config, as previously stated, if your access list and NAT mapping is not set, then the traffic will leave one router but not be allowed in the other end eg, you should have commands similer to these.

ip nat inside source static 10.80.50.123 213.146.142.114
ip nat inside source static 10.80.50.141 213.146.142.115

access-list 101 permit tcp eq 137 any any

 

[DColcl]

yes, I will post those when I get to pull them down from the router once I'm at the office.
Thank you, Watch for the help as well.

Danny

 

[moodystickles]

Not sure you can view what ports are open unless specified in an ACL. You start with open ports...then close them with ACL's. Once ACL's are configured, then you know what's closed and/or open. It would be implicit to which ones are open.

 

[watchguardmonkey]

does the 192.168.170.30 server have the same DG as the AD server?

 

[DColcl]

okay. I found the answer to my question. Show run is what I am looking for because it shows me (at least) what ports are being denied. I guess that this willhave to do for now.

Thank you all for your help. Ya each got a star!

Dan