Fedora 11 rejecting remote telnet session from Window XP

AmirArif · 09-17-2009, 06:40 PM

I just installed Fedora 11 & connected the system in my LAN; and trying to have telnet access from my Window XP. But the Fedora 11 reject my telnet request (see log file below). I confirmed telnet is ON & listening, but can not figure it our the reason for this. I would appreciate if anyone would be able to help me. Following is some of the info:

----------------------------------------------------
[root@lax-man2 etc]# chkconfig --list telnet
telnet on
[root@lax-man2 etc]# netstat -a | grep telnet
tcp 0 0 *:telnet *:* LISTEN
[root@lax-man2 etc]# more /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
in.telnetd : 172.18.213. 127.0.0.1 172.18.232.
[root@lax-man2 etc]# more /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
[root@lax-man2 etc]# tail /var/log/message
Sep 17 14:36:34 lax-man2 xinetd[1534]: START: telnet pid=21334 from=::ffff:172.18.213.107
Sep 17 14:36:34 lax-man2 xinetd[1534]: EXIT: telnet status=1 pid=21334 duration=0(sec)
Sep 17 14:54:45 lax-man2 xinetd[1534]: START: telnet pid=21484 from=::ffff:172.18.213.109
Sep 17 14:54:45 lax-man2 xinetd[1534]: EXIT: telnet status=1 pid=21484 duration=0(sec)
Sep 17 15:33:13 lax-man2 xinetd[1534]: START: telnet pid=21687 from=::ffff:172.18.213.107
Sep 17 15:33:15 lax-man2 xinetd[1534]: EXIT: telnet status=1 pid=21687 duration=2(sec)
[root@lax-man2 mail]#
------------------------------------------------------------------

Thanks in Advance
Amir Arif

chrism01 · 09-17-2009, 09:26 PM

Be nice to your actual cmd and response msgs, but an educated guess says the firewall (iptables) on F11 is blocking you.
Telnet is a plaintext protocol, NOT recommended to be used these days. Use ssh instead.

AmirArif · 09-21-2009, 03:00 PM

Thanks Chris for your hint. Per your suggestion I have put in place following iptables but it still does not work. I would appreciate your comment on this:

[root@lax-man2 sysconfig]# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@lax-man2 sysconfig]# more iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j REJECT --reject-with icmp-h
ost-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -s 172.18.213.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type echo-request -j REJECT --reject-with icmp
-host-prohibited
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT