Windows 7 - Any ideas -Port opened in FW but won't work, telnet

Hi all! Glad to join your community, I found the SevenForums in a Google search on this problem...Looks like a real active group!

I have searched Google and also the archives here, but I'm at a loss.

Telnet is turned on. I'm trying to open a port to use with UltraVNC Single Click. The default port is 5500, TCP. I have FlexLM servers listening on multiple ports as well as an SQL server with a database vault for my design data. I use telnet to check for access on a port, and telnet is turned on.

I took an existing Inbound port Rule (that is open with the installation of regular UltraVNC, 5800) and copied/pasted it in the Windows Firewall Advanced Settings, Inbound Rules. I edited the new rule giving it a new name and changing the port to 5500.

When I test from one of my other workstations I get "Could not open connection to the host, on port 5500: Connect failed"

But, when I connect >telnet 192.168.1.33 5800 (the port # that I copied the rule from) it connects immediately.

I have tried changing my new rule to allow Public, Private, both, Edge Translation...

What am I missing? I'm confused that the existing rule works, but my copied rule based on it doesn't allow telnet connection from one workstation to this one.

Thank you in advanced for any thoughts and suggestions!

Cheers,
Tom

Hi! Tom, welcome to 7F

I'm rusty with telnet , but one item comes to mind; Have you properly registered "one of my other workstations" with a userid, and password.

And the argument you copied over may not fit the new machine you need to join to.

When I run >netstat -anp tcp I see the following:
Proto Local Address Foreign Address State
TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING

There are other ports listening at local address 0.0.0:###,

There are ports listening at local address 127.0.0.1:### as well as some at that IP "ESTABLISHED"

There are more ports at local address 192.168.1.33 (my reserved IP). Some of these are ESTABLISHED, some are CLOSE_WAIT, some are TIME_WAIT and one is LISTENING

I would have thought, in my NB networking infinite wisdom , that creating the inbound rule for the port would allow it to show in the netstat report.

Do I need to actually do something more to create a port in the system. Kind of turn it on, in addition to making a firewall rule for it?

Hi Anak, the argument was copied within the one machine, not really a new one...just a new inbound rule on the existing machine.

I'm not sure that it is a telnet issue, I just use it to test if a port is open. I think the port just doesn't really 'exist' on my box. There is a rule for it, but port 5500 doesn't show at all, even when I run >netstat -ab. I see all sorts of TCP and UDP port numbers, but 5500 isn't anywhere that I can find.

Oh, and restarting the system makes no diff in the ports that show running >netstat

Apologies, I must of mis-read that.

When I use C:\Windows\system32>netstat 5500 I get a range of 49509 to 65444 this is with an elevated prompt.

I can not seem to locate it either, but that doesn't mean it isn't there.

Are both of your OS's the same or a mix like Windows 7, and XP? If a mix all machines especially 7 works best, and needs the same group name, i.e. "Workgroup"

If you are using a router you may have to go into its settings screen and enable Telnet there, as well as the other stuff.

Right, I've set up the port forwarding so that calls from the 'outside world' can be forwarded to my machine...but the problem is all within the Windows7 machine that should be listening.

I don't think this is a router problem. The Windows 7 machine isn't even listening on the port #5500. Regardless of what TCP port number I choose, if I create an inbound Firewall rule, it do not see the machine listening on the enabled port. It is like the ports are not enabled, regardless of the fact there is an Inbound Rule in firewall.

Anak, I have tried the telnet from both an XP Pro and another Windows 7 x64 machine to the Windows 7 x64 that I want the listener on.

I think it has its hands over its ears and is chanting....NAH NAH NAH - I CAN'T HEAR YOU! over and over again

The netstat report in a dos shell, set for all, numeric, protocol (>netstat -anp tcp) doesn't even list the port that I created (TCP #5500) the Windows' Firewall Inbound Rule for. I have now create the rule by copying an existing port rule (TCP #5800 & 5800 shows in the netstat results) as well as creating an all new Inbound Rule using the New Rule wizard for port 5500.

I created an Inbound rule for the listener program using the wizard & set it for port 5500 and that didn't make any difference. Creating a new port rule for a randomly selected number, TCP 1500 doesn't show either.

Maybe it is a complete misunderstanding of what should show in the list of "listening" ports? I'm not sure, but it wouldn't be the first time I got it completely wrong!

Regardless, I'm heading out. It's 6:30pm here and I'm getting mighty darned hungry.

Thanks again for all your help and suggestions. I'll check tomorrow and keep slugging at this!

Shouldn't all your telnet 192.xxx.x.xx addresses have either the 5500 or 5800 suffix?

Edit:
One or the other, not mixed.

Not really. I think the default port for Telnet is 23. I just use telnet to test if a port is open and listening, kind of like beeping out a circuit or network cable. I use a tone generator to check connectivity, the real traffic maybe 110V AC or ethernet traffic.

I have resolved the problem, it was a lack of understanding on my part. The program that is listening on ports 5800 and 5900 is set up to run as a service and that is why these ports always show in >netstat results.

Simply creating Inbound rules for the TCP Port and the executable does not then cause the port to show in results from running >netstat. By starting the executable with the option -listen got the darned port to then show in the >netstat results. I was also then able to create a telnet session to the computer, from another, on that port, thereby validating that it was listening on that port.

My port forwarding rules in both routers did work (after I fixed a fat-finger typo) and I was able to establish a remote session to another computer sitting behind a proxy server and firewalls. Way cool, a lot of time and trouble to perform a small service and make a small amount of $. Wouldn't want to see what it cost me in real time, but, next time they want help NOW and their own internal processes are so cumbersome that they can't take the time to approve VPN access for me - I have the tool to do the job.

The tool that caused the problems is UltraVNC SC. WAY cool tool! I've used UltraVNC (uvnc.com) for years, but always when already tunneled into a network on a VPN. Single Click configures a one time server, at their end, that serves out the desktop to you, the viewer. A lot like what all the things like go to meeting, dim dim, webex and others - but it actually existed before these pay services.

Thank you Anak & profdlp for your help and listening to me while I got my head straight! I'm not a network guy and on top of that I'm new to 7, and it often frustrates me as much as network stuff!

Now, how do I create a service in 7 that starts my listener automatically...hmmm!

Cheers,
Tom