LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-02-2004, 01:09 PM   #1
maerong
LQ Newbie
 
Registered: Mar 2004
Distribution: Mandrake 9.2
Posts: 23

Rep: Reputation: 15
can't connect to telnet in fedora core 2


OK, please don't lecture me as to why SSH is superior to telnet. I just want to know how to do this. Here's the story so far:

I started with a fresh, minimal install of Fedora Core 2, and then added a few more bits. I have xinetd, telnet and telnet-server all installed. I've set "disable = no" in the xinetd/telnet file, and telnet is "on" in the chkconfig --list.

However - I can't connect to telnet from the internet. I can login via SSH (yes, I know...) and then do telnet localhost, which works fine. I can also ping the machine from anywhere.

I've disabled the firewall (ok calm down...) just to be sure that it's not an issue. However, I tried a port scan with nmap and it shows port 23 as closed.

So - how do I get an internet connection to telnet??
 
Old 07-02-2004, 01:18 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,379

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
i'd guess that either the telnet config is still set to only listen to 127.0.0.1 connections or you have a seperate firewall actively blocking that connection.
 
Old 07-02-2004, 01:59 PM   #3
maerong
LQ Newbie
 
Registered: Mar 2004
Distribution: Mandrake 9.2
Posts: 23

Original Poster
Rep: Reputation: 15
OK now I am truly puzzled.

According to nmap, I have ports 22, 25, 111 and 10000 open, and nothing else.

Two questions here:

1. How come all the other ports are closed, since I intentionally disabled the firewall when I installed the OS? The machine is plugged directly into the modem and as far as I can tell, it should be wide open!

2. Supposing I want to open or close some port manually - how do I do that?

Secondly, I can obtain a telnet connection to any of ports 22, 111 and 10000 (not that I can do much from there). However, my original purpose was to telnet to port 25 to try out an SMTP dialogue.

So, from the DOS prompt, I have the following:

telnet xxx.xxx.xxx 25

Connecting To xxx.xxx.xxx...Could not open connection to the host, on port 25: Connect failed

which brings me to Question 3:

What on earth is going on???

Thank you for your help.

Last edited by maerong; 07-05-2004 at 09:02 AM.
 
Old 07-05-2004, 11:57 AM   #4
maerong
LQ Newbie
 
Registered: Mar 2004
Distribution: Mandrake 9.2
Posts: 23

Original Poster
Rep: Reputation: 15
I've solved this one myself now.

Turns out it's a postfix issue and not a telnet issue.

In /etc/postfix/main.cf there is a default setting:

inet_interfaces = localhost

Here, replace "localhost" with "all" and everything works! I can telnet to port 25, and (more importantly) receive mail on my postfix server. Hooray!
 
Old 07-05-2004, 02:51 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
First, disable telnet-server. Remove it from xinetd, uninstall the RPM. Yes this is a telnet security lecture, but realize that the telnetd service is not required for you to be able to use the telnet client. Since all you're asking about is using the client to connect to an arbitrary TCP port, you do not need the service at all and it should be removed immediately.

When you're testing connectivity, make sure you NMAP the same IP that you'll be trying to connect to. If you nmap localhost but you're trying to telnet to the IP that you assigned to your NIC, it's going to be a different story. "localhost" means "the loopback adaptor which is only available from this machine to itself." On any machine, "localhost" always means "myself". The only way to connect to a machine that is not "yourself" is to use the IP of that other machine, hence the reason you need to nmap the IP on your NIC, not the IP of localhost (127.0.0.1, which will always be "this machine", no matter what machine you're on).

Last, unless you're positive that you're going to be sharing NFS mounts from this machine, go into xinetd and disable portmapper. There are a lot of potential vulnerabilities and information leaks associated with portmapper, and if you're not going to be running any RPC services (which it doesn't appear you are), you have no reason to run portmapper.

Edit: Oh, I forgot the question about why most of the ports were closed even with the firewall disabled. To understand this, you need to know how network services work and what firewalls do. By default, if you do not have any network services running (usually called daemons), you won't have any open ports at all. For a port to be "open", there has to be something listening on that port for a connection. When there are no services turned on, nothing is "listening", hence no open ports at all. If you nmap a box like this, everything will come back closed.

What firewalls do is drop packets regardless of whether ports have listening daemons or not. Usually firewalls "drop" (i.e. ignore) packets, which does not show up as "closed" to nmap, it shows up as "filtered" (usually). This means that a repsonse was expected, but none came. When you try to connect to a "closed" port, the operating system will generate a packet back to you that basically says "there's nothing here, go away". If you don't get that response and you also do not get a connection response, then you know that something is throwing away packets (hence, "filtered").

So in that respect, the only way to "manually open" a port is to set a daemon to listen on it, or create your own daemon that binds to that socket and listens for requests. The way to "manually close" a port is to shut down whatever service was using that port. You could place a firewall in front of it, but that's not really closing the port (since it's still open behind the firewall), that's just preventing anyone from getting to the open port (assuming you did it right).

Last edited by chort; 07-05-2004 at 02:58 PM.
 
Old 07-05-2004, 09:49 PM   #6
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
wow, you got me thinking that you are facing problems telnet-ing to your system - a remote login problem. Whereas your actual problem was a non-responsive port 25.

To telnet to port 25, you do not need telnet-server. I am sure you must have realised that by now

Best regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Core 4 Telnet Meabert Linux - Software 1 11-27-2005 10:55 AM
can't connect to internet on Fedora Core 1 notfoursaken Linux - Wireless Networking 2 05-19-2005 08:11 PM
Telnet Fedora Core 3 Paintballguy59 Linux - Software 4 02-02-2005 10:55 AM
Connect o unix servers from Fedora Core 2 j911058 Linux - Newbie 4 06-03-2004 01:26 PM
Network connect under Fedora Core 2 FrankNeps Linux - Networking 4 05-25-2004 11:19 AM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration