Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
OK, please don't lecture me as to why SSH is superior to telnet. I just want to know how to do this. Here's the story so far:
I started with a fresh, minimal install of Fedora Core 2, and then added a few more bits. I have xinetd, telnet and telnet-server all installed. I've set "disable = no" in the xinetd/telnet file, and telnet is "on" in the chkconfig --list.
However - I can't connect to telnet from the internet. I can login via SSH (yes, I know...) and then do telnet localhost, which works fine. I can also ping the machine from anywhere.
I've disabled the firewall (ok calm down...) just to be sure that it's not an issue. However, I tried a port scan with nmap and it shows port 23 as closed.
So - how do I get an internet connection to telnet??
According to nmap, I have ports 22, 25, 111 and 10000 open, and nothing else.
Two questions here:
1. How come all the other ports are closed, since I intentionally disabled the firewall when I installed the OS? The machine is plugged directly into the modem and as far as I can tell, it should be wide open!
2. Supposing I want to open or close some port manually - how do I do that?
Secondly, I can obtain a telnet connection to any of ports 22, 111 and 10000 (not that I can do much from there). However, my original purpose was to telnet to port 25 to try out an SMTP dialogue.
So, from the DOS prompt, I have the following:
telnet xxx.xxx.xxx 25
Connecting To xxx.xxx.xxx...Could not open connection to the host, on port 25: Connect failed
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
First, disable telnet-server. Remove it from xinetd, uninstall the RPM. Yes this is a telnet security lecture, but realize that the telnetd service is not required for you to be able to use the telnet client. Since all you're asking about is using the client to connect to an arbitrary TCP port, you do not need the service at all and it should be removed immediately.
When you're testing connectivity, make sure you NMAP the same IP that you'll be trying to connect to. If you nmap localhost but you're trying to telnet to the IP that you assigned to your NIC, it's going to be a different story. "localhost" means "the loopback adaptor which is only available from this machine to itself." On any machine, "localhost" always means "myself". The only way to connect to a machine that is not "yourself" is to use the IP of that other machine, hence the reason you need to nmap the IP on your NIC, not the IP of localhost (127.0.0.1, which will always be "this machine", no matter what machine you're on).
Last, unless you're positive that you're going to be sharing NFS mounts from this machine, go into xinetd and disable portmapper. There are a lot of potential vulnerabilities and information leaks associated with portmapper, and if you're not going to be running any RPC services (which it doesn't appear you are), you have no reason to run portmapper.
Edit: Oh, I forgot the question about why most of the ports were closed even with the firewall disabled. To understand this, you need to know how network services work and what firewalls do. By default, if you do not have any network services running (usually called daemons), you won't have any open ports at all. For a port to be "open", there has to be something listening on that port for a connection. When there are no services turned on, nothing is "listening", hence no open ports at all. If you nmap a box like this, everything will come back closed.
What firewalls do is drop packets regardless of whether ports have listening daemons or not. Usually firewalls "drop" (i.e. ignore) packets, which does not show up as "closed" to nmap, it shows up as "filtered" (usually). This means that a repsonse was expected, but none came. When you try to connect to a "closed" port, the operating system will generate a packet back to you that basically says "there's nothing here, go away". If you don't get that response and you also do not get a connection response, then you know that something is throwing away packets (hence, "filtered").
So in that respect, the only way to "manually open" a port is to set a daemon to listen on it, or create your own daemon that binds to that socket and listens for requests. The way to "manually close" a port is to shut down whatever service was using that port. You could place a firewall in front of it, but that's not really closing the port (since it's still open behind the firewall), that's just preventing anyone from getting to the open port (assuming you did it right).