Can ping but can not telnet/ftp/ssh my box
Hi all,
I'm using 2 boxes, let's say A & B, running RedHat 9. From A, I can properly telnet/ ftp/ ssh /ping B but from B, I CAN ping A but CAN NOT telnet/ftp/ssh to it and it's driving me nuts for the past day! If I can just make B telnet to A that will get me going. Yes, both machines are behind a corporate firewall, on local LAN. I checked thru Q&As of the forums and Web and don't seem to find an answer. So, just speaking of telnet .. here's what I've checked: 0) When I telnet from B to A, here's what it says.. thus A's telnet server not answering Trying 192.168.0.133... telnet: Unable to connect to remote host: Connection refused 1) from both, identical outputs of "cat /etc/xinetd.d/telnet" { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID } 2) I've restarted xinetd of both several times with "service xinetd restart" 3)On both, /etc/host.[allow|deny] files are empty In A's /etc/host.allow, I've tryed adding this and no luck ALL: All@127.0.0.1 : ALLOW ALL: All@192.168.0.0/255.255.255.0 : ALLOW 4) from both, identical outputs of "cat /etc/xinetd.d/services" service services { type = INTERNAL UNLISTED port = 9098 socket_type = stream protocol = tcp wait = no disable = yes only_from = 127.0.0.1 } 5) On both, telnet server is installed rpm -q telnet-server telnet-server-0.17-25 6) From both, identical outputs of "cat /etc/hosts" 127.0.0.1 localhost.localdomain localhost 7) From both, identical outputs of "/etc/host.conf" order hosts,bind 6) On A, I checked "netstat -an" if port 23 is enabled Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:32867 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:763 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 127.0.0.1:33044 TIME_WAIT tcp 0 0 192.168.0.133:32786 192.168.0.135:23 ESTABLISHED ----> was telneted to B at that moment tcp 0 0 127.0.0.1:33045 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33046 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33047 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33041 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33042 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33043 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33048 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33049 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33050 127.0.0.1:631 TIME_WAIT tcp 0 0 127.0.0.1:33051 127.0.0.1:631 TIME_WAIT Any help will be greatly appreciated! thanks, |
I would suspect your firewall may be an issue. If it is not connected to the web, you could shut it off to rule it out.
|
Stupid question: are the user accounts the same on both boxes?
|
Quote:
The xinetd on the machine you try to telnet to is not accepting it or fails to start the telnet process for some reason, but thats not very likely (maybe the log sais something). The other possibility is that the firewall is in the way. But "192.168.0.133:32786 192.168.0.135:23" this means they are on the same subnet .. so that shouldnt be the case also. Hmm, did you try to telnet locally ? One with 127.0.0.1 and one to the own external ip ? Just something i would try out :) Beyond this point i guess i am as clueless as you :( |
Well, you should disable firewall (iptables service) on both machines and then check if they are conencting to each other or not. If everything else is proper, then in most cases, the iptables rules are the offenders...
BTW, I am not too sure if two machines configured as telnet servers can connect to each other or not..so excuse me on that..! Regards, amit |
Hi all,
Thank you all for your help! I haven't had a chance to try your suggestions.. you must be on a different time zone as I was sleeping. Here are the answers to your questions: Pcghost: both machines can properly access the web RHELL: No both machines have different usernames. The machine that I'm trying to telnet to, A, I'm accessing as ROOT. Chris78: I've tried to make A telenet itself, and it gives me the Login/Passwd prompts but doesn't go any further. coolamit78: you said, "disable firewall (iptables service)", how can I do this, I mean what are actual linux commands. I really appreciate your help folks and will head to work right now to continue debugging it and will definitely post the solution! cheers, |
The command to shut off iptables in redhat is
service iptables stop or /etc/init.d/iptables stop What I meant by implicating the firewall was that if Iptables is not properly configured, it can prevent telnet access between machines. Successful Internet access is not a sign that iptables is correctly configured. I would nmap from each of the boxes to the other, both with iptables running, and with it shut down. That will tell you for sure if the firewall is the problem. |
Pcghost:
Thanks! I only shut off the iptables on the machine that I'm telneting to, A, and I can access it now although it doesn't accept my Login/Passwd which are "root & xxxx" ? don't know why? any idea... I normally loggon to A as root. does this mean that the firewall is faulty? cheers, |
That should be nothing to worry about. As the default for telnet should be not to allow root to login. If you need this (highly disrecommended) you need to change /etc/securetty and put in some pty consoles.
But i think for testing the telnet you should add a user on at least on of the boxes and use this one for login. (useradd USERNAME, or even better if your distribution gives you a tool to add users) If you need root-rights after that you can use "su -" to get root. If you plan on doing root access on the other box often (for administratio and such) you should definitely use ssh instead of telnet. Chris |
Oh i nearly forgott ... you sure want to put some holes in your firewall.
In /etc/services you can see all the ports that you need to open for a given service (i.e. ssh, telnet, http ...). I hope that finally you can this straight and have your fun in the linux world :) Chris |
thank you all for your wonderful help!
viva Linux! |
All times are GMT -5. The time now is 01:25 AM. |