FW changes not implemented?

Question

No local iptables involved FW request should have been opened on port 444 however telnet still times out.

request should be going out of the mgt nic eth0 looks like the route table will route my traffic through eth2 tho ?

eth0      Link encap:Ethernet  
          inet addr:10.22.64.85  Bcast:10.22.65.255  Mask:255.255.254.0
          inet6 addr: fe80::216:3eff:fe70:4772/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43429659 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40122251 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:22398031295 (20.8 GiB)  TX bytes:24731287750 (23.0 GiB)

eth1      Link encap:Ethernet  
          inet addr:10.22.0.85  Bcast:10.22.1.255  Mask:255.255.254.0
          inet6 addr: fe80::216:3eff:fe54:fe6d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:303773326 errors:0 dropped:0 overruns:0 frame:0
          TX packets:273727398 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:34588960022 (32.2 GiB)  TX bytes:120395041500 (112.1 GiB)

eth2      Link encap:Ethernet  
          inet addr:10.22.2.95  Bcast:10.22.3.255  Mask:255.255.254.0
          inet6 addr: fe80::216:3eff:fe0f:f2d5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1040479704 errors:0 dropped:0 overruns:0 frame:0
          TX packets:987417024 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:816019640603 (759.9 GiB)  TX bytes:840452320865 (782.7 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:25945700 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25945700 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7727291661 (7.1 GiB)  TX bytes:7727291661 (7.1 GiB)

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.12.0.153     10.22.2.1       255.255.255.255 UGH       0 0          0 eth2
10.18.37.8      10.22.64.1      255.255.255.255 UGH       0 0          0 eth0
10.40.20.140    10.22.64.1      255.255.255.255 UGH       0 0          0 eth0
10.47.76.114    10.22.64.1      255.255.255.255 UGH       0 0          0 eth0
10.12.0.151     10.22.2.1       255.255.255.255 UGH       0 0          0 eth2
10.12.0.150     10.22.2.1       255.255.255.255 UGH       0 0          0 eth2
10.6.113.32     10.22.64.1      255.255.255.224 UG        0 0          0 eth0
10.12.38.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.12.36.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.6.114.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.6.112.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.6.113.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.12.0.0       10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.22.96.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.6.120.0      10.22.64.1      255.255.255.0   UG        0 0          0 eth0
10.22.2.0       0.0.0.0         255.255.254.0   U         0 0          0 eth2
10.22.64.0      0.0.0.0         255.255.254.0   U         0 0          0 eth0
10.22.0.0       0.0.0.0         255.255.254.0   U         0 0          0 eth1
0.0.0.0         10.22.2.1       0.0.0.0         UG        0 0          0 eth2

telnet 10.47.198.14 444
Trying 10.47.198.14...
times out

So if i force the source port it still times out.

telnet -b 10.22.64.85 10.47.198.14 444
Trying 10.47.198.14...

Is it possible that the firewall change hasn't worked?

Answer 1

You don't actually have a route setup for that address.
Which causes it to default to the default route:

0.0.0.0 10.22.2.1 0.0.0.0 UG 0 0 0 eth2

Try adding a route that actually has the destination address:

route add -net 10.47.198.14 netmask 255.255.255.255 gw 10.22.64.85