LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-07-2001, 04:57 PM   #1
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Rep: Reputation: 15

Apparently there is supposed to be /etc/inetd.conf on this linux box but I haven't been able to find it yet. Anyone have any ideas as to why this file would not be in /etc?? Running red hat 7. I'm having an ident problem and from what I gather i need to edit that file.
 
Old 02-07-2001, 05:45 PM   #2
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
There is a very good reason that you can't find inetd.conf in RedHat 7. The reason is, at the release of 7.0, RedHat switched from inetd to xinetd.

Instead of there being one file, /etc/inetd.conf which holds all the information for all services run by inetd, there is a directory in etc, /etc/xinetd.d and inside this directory is a file for each service. If you look, you should at least have a file for telnet. Thus, there should be a file /etc/xinetd.d/telnet.

For more info, check out http://www.xinetd.org or search for xinetd on RedHats site.

The biggest thing to be careful about for people that are used to xinetd is that by default, access is not controlled by hosts.allow and hosts.deny. If you list ALL:ALL in /etc/hosts.deny,it won't deny anything. You either have to restrict access within /etc/xinetd.d/telnet, or I believe there is a way to make it pay attention to whats in /etc/hosts.allow and /etc/hosts.deny.

--Mark
 
Old 02-07-2001, 08:00 PM   #3
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
Found xinetd but....

I looked in the xinetd.d directory and all I found was this:

[root@localhost xinetd.d]# ls -l
total 8
-rw-r--r-- 1 root root 344 Aug 23 19:18 linuxconf-web
-rw-r--r-- 1 root root 357 Aug 14 15:02 swat

The linuxconf-web contains this:
# default: off
# description: The Linuxconf system can also be accessed via a web \
# browser. Enabling this service will allow connections to \
# Linuxconf running in web UI mode.
service linuxconf
{
socket_type = stream
wait = yes
user = root
server = /sbin/linuxconf
server_args = --http
disable = yes
}

I just want to be able ident on irc and ftp but there doesn't seem to be much here. I looked at the web site for xinetd but I can't seem to find anything that relates directly to my problem. But I think I'm getting closer perhaps.

 
Old 02-07-2001, 08:13 PM   #4
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
Ah, identd is NOT controlled by inetd or xinetd. You need to:

a) Make sure that identd is enabled in the startup scripts. If you look in /etc/rc.d/rc3.d/ you should see a link like S35identd ../init.d/identd. If it's not there, look for something like K35identd and rename it to S35identd:

#mv /etc/rc.d/rc3.d/K35identd /etc/rc.d/rc3.d/S35identd

b) Edit the file /etc/identd.conf. This is the file that configures ident.


After you make all of your changes, restart identd (Or start it if it wasn't already running):

#/etc/rc.d/init.d/identd restart

--Mark
 
Old 02-07-2001, 11:36 PM   #5
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
identd is enabled in the startup scripts:lrwxrwxrwx 1 root root 16 Jan 21 06:12 S35identd -> ../init.d/identd

In the identd.conf everything is commented out except:

#-- User and group (from passwd database) to run as
server:user = nobody

#-- Where to write the file containing our process id
server:pid-file = "/var/run/identd.pid"

#-- Enable some protocol extensions like "VERSION" or "QUIT"
protocol:extensions = enabled

#-- Allow multiple queries per connection. This slightly breaks RFC1413
protocol:multiquery = enabled

#-- Maximum number of threads doing kernel lookups
kernel:threads = 2


There is this that I was wondering about:
#-- What port to listen on when started as a daemon or from /etc/inittab
# server:port = 113


I've been reading about identd etc... but there seems to be a lot of different ideas out there. I still haven't been able to find what I need to edit to try and get ident working for irc/ftp.

 
Old 02-07-2001, 11:53 PM   #6
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
I believe you're on the right track by un-commenting the port number. I know I had the same problem with IRC when all the servers started requiring you to have ident running. Below is my identd.conf file:

[root@gw /root]# more /etc/identd.conf
# /etc/identd.conf - an example configuration file


#-- The syslog facility for error messages
# syslog:facility = daemon


#-- User and group (from passwd database) to run as
server:user = nobody

#-- Override the group id
# server:group = kmem

#-- What port to listen on when started as a daemon or from /etc/inittab
serverort = 113

#-- The socket backlog limit
# server:backlog = 256

#-- Where to write the file containing our process id
serverid-file = "/var/run/identd.pid"

#-- Maximum number of concurrent requests allowed (0 = unlimited)
# server:max-requests = 0



#-- Enable some protocol extensions like "VERSION" or "QUIT"
protocol:extensions = enabled

#-- Allow multiple queries per connection. This slightly breaks RFC1413
protocol:multiquery = enabled

#-- Timeout in seconds since connection or last query. Zero = disable
# protocol:timeout = 120



#-- Maximum number of threads doing kernel lookups
kernel:threads = 2

#-- Maximum number of queued kernel lookup requests
# kernel:buffers = 32

#-- Maximum number of time to retry a kernel lookup in case of failure
# kernel:attempts = 5



#-- Disable username lookups (only return uid numbers)
# result:uid-only = no

#-- Enable the ".noident" file
# result:noident = enabled

#-- Charset token to return in replies
# result:charset = "US-ASCII"

#-- Opsys token to return in replies
# resultpsys = "UNIX"

#-- Log all request replies to syslog (none == don't)
# result:syslog-level = none


#-- Enable encryption (only available if linked with a DES library)
# result:encrypt = no

#-- Path to the DES key file (only available if linked with a DES library)
# encrypt:key-file = "/etc/identd.key"


#-- Include a machine local configuration file
# include = /etc/identd.conf
[root@gw /root]#

As you can see, the port number is uncommented and it works good enough for IRC. Good Luck!

-Mark
 
Old 02-08-2001, 12:24 AM   #7
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
Well I uncommented the port and did a reboot just to be sure and no difference Still get:

[unknown@255.255.255.255] (Install identd)

when trying to connect on irc.

mmmm... rather frustrating.
 
Old 02-08-2001, 08:42 AM   #8
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
Are you using Mirc on a windows PC?

-Mark
 
Old 02-08-2001, 11:19 AM   #9
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
Yes mirc on win98 se. I'm going through the linux box to connect to the net.
 
Old 02-08-2001, 02:22 PM   #10
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
Ok, how about your ipchains? Copy what happens when you do this:

ipchains -L

You may want to change your own IP to X.X.X.X or something, but otherwise copy over the output of the above command.

-Mark
 
Old 02-08-2001, 11:09 PM   #11
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
Ok here is a copy of what you suggested:


[root@localhost /root]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ppp all ------ anywhere anywhere n/a
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ anywhere anywhere n/a
Chain output (policy ACCEPT):
Chain ppp (1 references):
target prot opt source destination ports
ACCEPT tcp !y---- anywhere anywhere any -> 1024:65535
ACCEPT udp ------ dns1.sympatico.ca anywhere domain -> 1024:65535
ACCEPT tcp ------ dns1.sympatico.ca anywhere domain -> 1024:65535
ACCEPT udp ------ dns2.sympatico.ca anywhere domain -> 1024:65535
ACCEPT tcp ------ dns2.sympatico.ca anywhere domain -> 1024:65535
ACCEPT tcp ------ anywhere anywhere any -> auth
ACCEPT tcp ------ anywhere anywhere any -> ssh
ACCEPT icmp ------ anywhere anywhere any -> 0
ACCEPT icmp ------ anywhere anywhere any -> 1
ACCEPT icmp ------ anywhere anywhere any -> 3
DENY tcp ----l- anywhere anywhere any -> any
DENY udp ----l- anywhere anywhere any -> any
DENY icmp ----l- anywhere anywhere any -> any


Does this mean its not accepting some things below port 1024? I can ssh into the box fine. But ident needs ports 113 and 139 I think. mmm....


 
Old 02-09-2001, 02:04 AM   #12
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
Ok, so you are blocking the identd requests before they get to the identd server. You need to put a line like the following into your ipchains ruleset:

/usr/sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d your.external.ip.here/32 113 -j ACCEPT

Now, I'm not sure about the statement input. Yours looks like the chain may be called ppp. Either way, just try to match it up with the other rules in the chain. But this is certainly your problem.

-Mark
 
Old 02-09-2001, 08:24 AM   #13
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
I'm looking for the file called 'ipchains.rules' but can't find it. Do you know where it is kept? From what i have been reading thats the name of it.
 
Old 02-09-2001, 04:02 PM   #14
mjakob
Member
 
Registered: Feb 2001
Posts: 69

Rep: Reputation: 15
Look in /etc/rc.d/init.d/ipchains. That should be where all your rules are, ,if not, it should at least point you to where the script is.

-Mark
 
Old 02-09-2001, 07:22 PM   #15
_TK_
Member
 
Registered: Feb 2001
Posts: 54

Original Poster
Rep: Reputation: 15
When I look at the /etc/rc.d/init.d/ipchains file I see this at the beginning:

#!/bin/sh
#
# Startup script to implement /etc/sysconfig/ipchains pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with ipchains.
#
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
#
# config: /etc/sysconfig/ipchains

# Source 'em up
. /etc/init.d/functions

IPCHAINS_CONFIG=/etc/sysconfig/ipchains


So i look in /etc/sysconfig for anything that says ipchains but all I found was this:

[root@localhost sysconfig]# ls -al
total 88
drwxr-xr-x 8 root root 4096 Feb 4 06:35 .
drwxr-xr-x 38 root root 4096 Feb 9 18:16 ..
drwxr-xr-x 2 root root 4096 Jan 21 05:57 apm-scripts
-rw-r--r-- 1 root root 2198 Jul 17 2000 apmd
drwxr-xr-x 2 root root 4096 Jan 21 06:14 cbq
-rw-r--r-- 1 root root 44 Jan 21 06:18 clock
drwxr-xr-x 2 root root 4096 Aug 23 22:41 console
-rw-r--r-- 1 root root 11 Jan 21 06:18 desktop
-rw-r--r-- 1 root root 1331 Jul 19 2000 harddisks
-rw-r--r-- 1 root root 2068 Feb 7 06:32 hwconf
-rw-r--r-- 1 root root 13 Jan 21 06:18 i18n
-rw-r--r-- 1 root root 952 Dec 28 1999 init
-rw-r--r-- 1 root root 32 Jan 21 06:18 keyboard
-rw-r--r-- 1 root root 151 Aug 30 16:00 kudzu
-rw-r--r-- 1 root root 90 Jan 21 06:18 mouse
-rw-r--r-- 1 root root 87 Feb 4 06:35 network
drwxr-xr-x 2 root root 4096 Jan 28 15:37 network-scripts
-rw-r--r-- 1 root root 38 Jan 21 06:18 pcmcia
drwxr-xr-x 2 root root 4096 Aug 24 12:55 provider
-rw-r--r-- 1 root root 153 Jul 25 2000 rawdevices
drwxr-xr-x 2 root root 4096 Jan 21 06:16 rhn
-rw-r--r-- 1 root root 20 Aug 22 21:32 sendmail
-rw-r--r-- 1 root root 0 Jan 28 15:53 static-routes


No ipchains here.


So once again I'm puzzled. Perhaps I need to create a new set of rules. or ??
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is inetd.conf....? vous Mandriva 5 02-15-2005 04:18 PM
psyBNC from inetd wont find psybnc.conf marol Linux - General 0 02-29-2004 10:17 AM
convert from inetd.conf to xinetd.conf linuxturtle Linux - Networking 7 11-12-2003 05:23 AM
inetd.conf yet again cli_man Linux - Software 4 03-02-2003 02:14 PM
inetd.conf jondean Linux - Networking 2 12-05-2000 01:28 PM


All times are GMT -5. The time now is 03:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration