LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-09-2003, 10:49 PM   #1
dbadft
LQ Newbie
 
Registered: Feb 2003
Posts: 4

Rep: Reputation: 0
Unhappy Failing to connect to TELNET, FTP or SSH


Hi.

I'm unable to connect from a remote machine into my RH8 machine. Telnet, SSH and FTP all fail with "connection refused by peer". I get no other information to client screen or server's logs. All outbound connections from my RH8 work fine.

I've had RH8 running for some months but only just now have needed to get inbound telnet/ssh and ftp going. The s/w is all installed, configured under /etc/xinetd.d/[telnet|wu_ftp] and "netstat -an" reports the ports are in then LISTEN status. I've restarted XINETD ok and have checked /var/log/messages & secure - but no errors reported.

Added some banner flags into service def in /etc/xinetd.d/telnet just to confirm I'm hitting the right config file. Tested this via telnet from RH8 host back to itself. Yep - saw banners Ok, but still unable to come in from a remote machine. FTP likewise.

Have done extensive reading of forums but most of these appear to be simple mistakes easily corrected. Eg. trying to login as 'root', not defining the telnet/ssh/ftp service correctly in /etc/xinetd.d/. I've double checked all these things regardless, but to no avail.

I just can't think what else to try. I am behind a firewall so maybe it's allowing outbound connections but not inbound ones and hence my sheer lack of response to inbound connection attempts. Maybe?! My N/W admin not available right now - so unable to check this angle just yet.

I'd be grateful for any pointers. Copy of /etc/xinetd.d/telnet below.

-----cut
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_type = FILE /var/log/telnet.log
log_on_success += PID HOST USERID
log_on_failure += HOST USERID
banner_fail = /etc/telnet_banner_fail
banner = /etc/telnet_banner
}
-----cut
 
Old 02-10-2003, 02:03 AM   #2
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Not sure if you've done this but you can check to verify that the box is actually listening for services with
Code:
nmap localhost
then if you have another linux box inside the firewall you can nmap your server from it as well.
 
Old 02-10-2003, 02:15 AM   #3
born4linux
Senior Member
 
Registered: Sep 2002
Location: Philippines
Distribution: Slackware, RHEL&variants, AIX, SuSE
Posts: 1,127

Rep: Reputation: 49
telnet localhost - u said works

also try:

ftp localhost

ssh localhost

if u can connect, u've set them up open. u'r network's firewall might be the culprit (and also re-check your firewall ruleset - ie. ipchains -L or iptables -L).

hth.
 
Old 02-10-2003, 05:18 PM   #4
dbadft
LQ Newbie
 
Registered: Feb 2003
Posts: 4

Original Poster
Rep: Reputation: 0
NMAP Output is:

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on towler (127.0.0.1):
(The 1592 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
111/tcp open sunrpc
515/tcp open printer
958/tcp open unknown
6000/tcp open X11
32770/tcp open sometimes-rpc3

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds

....telnet, ssh and ftp seem ok.

telnet localhost
ftp localhost and
ssh localhost
...all come back successfully.

I thought there could even be different treatment of inbound ip addresses - that is, other than localhost. So I've re-tried these from another Windoze box *inside* the firewall. They failed with the same error as those tests done from outside the firewall. ie. no reply at all and no deny-errors in linux logs. This box being inside the firewall makes me wonder whether it's related to firewall config at all. Do non-localhost IP address get treated differently? I could only see the FROM_ONLY rule which I've ensured is wide open.

Thanks for helping out.
Dan.
 
Old 02-10-2003, 10:39 PM   #5
dbadft
LQ Newbie
 
Registered: Feb 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Have just been told by my n/w admin that there is no firewall restriction on these protocols and whatsmore, the other machine in my test-case is in fact still within our firewall - despite being in another state.
It would certainly point towards an issue with my RH8 machine.
Again - thanks for your ideas so far - it's only a matter of time before it's cracked.
 
Old 02-11-2003, 01:07 AM   #6
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by dbadft
Have just been told by my n/w admin that there is no firewall restriction on these protocols and whatsmore, the other machine in my test-case is in fact still within our firewall - despite being in another state.
It would certainly point towards an issue with my RH8 machine.
Again - thanks for your ideas so far - it's only a matter of time before it's cracked.
does the RH8 pc have any firewall rules? make sure that the default policies are ALLOW and the INPUT chain is open (or if no rules are needed just flush them all and set all policies to ALLOW).

can you ping this machine from other machines inside the firewall?

what is on your hosts.allow and hosts.deny file? hosts. allow should be open to the internal network at least at this stage to test.

be wary about opening everything up for the sake of testing. If your firewall doesn't block telnet, et al connections then you may be leaving yourself open. (if you can get to it from outside so can everyone else).

Rich
 
Old 02-11-2003, 01:19 AM   #7
dbadft
LQ Newbie
 
Registered: Feb 2003
Posts: 4

Original Poster
Rep: Reputation: 0
I have no firewall running at the moment.
Yes - can ping Ok - both inbound and outbound.
Yes - have renamed hosts.[allow|deny] to eliminate them from the equation.
Yep - take your advice. I'm behind a (corporate) firewall already. Machines within intranet (inside fw). Happy just to get it working for now - tighten immediately thereafter.
Thanks for your ideas Rich, but no joy as yet.
 
Old 02-11-2003, 03:11 PM   #8
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by dbadft
I have no firewall running at the moment.
Yes - can ping Ok - both inbound and outbound.
Yes - have renamed hosts.[allow|deny] to eliminate them from the equation.
ok so ICMP works, I have never removed hosts.[allow|deny] files and I can't seem to find what the system would do by default without them, it may deny by default (although it is normally the other way round). Still just in case I would tend to reinstate hosts.allow with ALL:LOCAL just to be sure it is not that.

if you try to telnet into all the ports listed in your nmap scan do any of them respond? are all the services controlled through xinetd? maybe try running sshd as a daemon and see if that works.....

let us know

Rich
 
Old 04-09-2003, 11:19 AM   #9
rcoman
LQ Newbie
 
Registered: Apr 2003
Posts: 4

Rep: Reputation: 0
Telnet Problem

I am having the same problem as listed in this thread.

I habe a RH7 system (running Counterstrike )
I am tryiing to set up Telent and FTP services on it and can't.
I am new to linux alltogether.

If i telnet to localhost or to the boxes ip address from itself I have no problem, it gives me a prompt and i log in. When I attempt it from any other machine on the network it give me an error.

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>telnet 10.13.52.247
Connecting To 10.13.52.247...Could not open a connection to host: Connect failed
 
Old 04-16-2003, 05:46 AM   #10
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Re: Telnet Problem

Quote:
Originally posted by rcoman
I am having the same problem as listed in this thread.
C:\>telnet 10.13.52.247
Connecting To 10.13.52.247...Could not open a connection to host: Connect failed
OK so same question as above are you running a firewall on the RH box you are trying to telnet into?

Can you ping the RH box?

Can you get nmap and scan the RH box (from the Win2k box). You should see a list like the one that dbadft posted. In that case you could see that port 21 (ftp), port 22 (ssh) and port 23 (telnet) were all open.

If you see something similar then there is a good chance that inetd / xinetd may be getting in the way.

Please try nmap and let us know what you get..

Rich
 
Old 04-16-2003, 02:44 PM   #11
rcoman
LQ Newbie
 
Registered: Apr 2003
Posts: 4

Rep: Reputation: 0
I used GFI Lanscanner

I used GFI lanscanner instead as nmap ran into some glitch that I dont have the time or interest to care about.

Neither port showed up on the scan but I could ping the box. I went into x (as it is the only way I can configure settings )
I rechecked all the settings logged out ran scan again and everything is working. I can only guess that I must have shut off the firewall as I didn't change anything else. Regardless, thank you for your post you have been very helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
only FTP access to user not ssh or telnet farhank Linux - Security 3 10-27-2005 09:30 AM
Getting FTP, TELNET , or SSH to work jst1 Suse/Novell 1 03-08-2005 08:54 PM
Stunk! can not connect via telnet/ssh huangyanfeng Linux - General 3 05-16-2004 09:08 AM
Can ping but can not telnet/ftp/ssh my box fbarre Linux - Networking 10 04-20-2004 12:11 AM
Basic Linux Networking and setting up ssh/telnet/ftp user accounts... timmy_laf Linux - Newbie 2 01-05-2004 02:07 AM


All times are GMT -5. The time now is 09:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration