LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Can ping but can not telnet/ftp/ssh my box (https://www.linuxquestions.org/questions/linux-networking-3/can-ping-but-can-not-telnet-ftp-ssh-my-box-171489/)

fbarre 04-17-2004 08:45 PM
Can ping but can not telnet/ftp/ssh my box
 
Hi all,

I'm using 2 boxes, let's say A & B, running RedHat 9. From A, I can properly telnet/ ftp/ ssh /ping B but from B, I CAN ping A but CAN NOT telnet/ftp/ssh to it and it's driving me nuts for the past day! If I can just make B telnet to A that will get me going. Yes, both machines are behind a corporate firewall, on local LAN.

I checked thru Q&As of the forums and Web and don't seem to find an answer. So, just speaking of telnet .. here's what I've checked:

0) When I telnet from B to A, here's what it says.. thus A's telnet server not answering
Trying 192.168.0.133...
telnet: Unable to connect to remote host: Connection refused

1) from both, identical outputs of "cat /etc/xinetd.d/telnet"
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}

2) I've restarted xinetd of both several times with "service xinetd restart"

3)On both, /etc/host.[allow|deny] files are empty

In A's /etc/host.allow, I've tryed adding this and no luck
ALL: All@127.0.0.1 : ALLOW
ALL: All@192.168.0.0/255.255.255.0 : ALLOW

4) from both, identical outputs of "cat /etc/xinetd.d/services"
service services
{
type = INTERNAL UNLISTED
port = 9098
socket_type = stream
protocol = tcp
wait = no
disable = yes
only_from = 127.0.0.1
}

5) On both, telnet server is installed
rpm -q telnet-server
telnet-server-0.17-25

6) From both, identical outputs of "cat /etc/hosts"
127.0.0.1 localhost.localdomain localhost

7) From both, identical outputs of "/etc/host.conf"
order hosts,bind

6) On A, I checked "netstat -an" if port 23 is enabled

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32867 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:763 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 127.0.0.1:33044 TIME_WAIT
tcp 0 0 192.168.0.133:32786 192.168.0.135:23 ESTABLISHED ----> was telneted to B at that moment
tcp 0 0 127.0.0.1:33045 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33046 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33047 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33041 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33042 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33043 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33048 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33049 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33050 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33051 127.0.0.1:631 TIME_WAIT


Any help will be greatly appreciated!

thanks,

Pcghost 04-17-2004 10:20 PM
I would suspect your firewall may be an issue. If it is not connected to the web, you could shut it off to rule it out.

RHELL 04-18-2004 01:20 AM
Stupid question: are the user accounts the same on both boxes?

chris78 04-18-2004 04:47 AM
Quote:
Trying 192.168.0.133...
telnet: Unable to connect to remote host: Connection refused
As i see it this can mean only 2 things.
The xinetd on the machine you try to telnet to is not accepting it or fails to start the telnet process for some reason, but thats not very likely (maybe the log sais something).

The other possibility is that the firewall is in the way. But "192.168.0.133:32786 192.168.0.135:23" this means they are on the same subnet .. so that shouldnt be the case also.

Hmm, did you try to telnet locally ?
One with 127.0.0.1 and one to the own external ip ?
Just something i would try out :)

Beyond this point i guess i am as clueless as you :(

coolamit78 04-18-2004 06:08 AM
Well, you should disable firewall (iptables service) on both machines and then check if they are conencting to each other or not. If everything else is proper, then in most cases, the iptables rules are the offenders...

BTW, I am not too sure if two machines configured as telnet servers can connect to each other or not..so excuse me on that..!

Regards,

amit

fbarre 04-18-2004 10:37 AM
Hi all,

Thank you all for your help! I haven't had a chance to try your suggestions.. you must be on a different time zone as I was sleeping.

Here are the answers to your questions:

Pcghost: both machines can properly access the web

RHELL: No both machines have different usernames. The machine that I'm
trying to telnet to, A, I'm accessing as ROOT.

Chris78: I've tried to make A telenet itself, and it gives me the
Login/Passwd prompts but doesn't go any further.

coolamit78: you said, "disable firewall (iptables service)", how can I do
this, I mean what are actual linux commands.


I really appreciate your help folks and will head to work right now to continue debugging it and will definitely post the solution!

cheers,

Pcghost 04-18-2004 11:29 AM
The command to shut off iptables in redhat is

service iptables stop

or

/etc/init.d/iptables stop

What I meant by implicating the firewall was that if Iptables is not properly configured, it can prevent telnet access between machines. Successful Internet access is not a sign that iptables is correctly configured.

I would nmap from each of the boxes to the other, both with iptables running, and with it shut down. That will tell you for sure if the firewall is the problem.

fbarre 04-18-2004 01:14 PM
Pcghost:

Thanks! I only shut off the iptables on the machine that I'm telneting to, A, and I can access it now although it doesn't accept my Login/Passwd which are "root & xxxx" ? don't know why? any idea... I normally loggon to A as root.

does this mean that the firewall is faulty?

cheers,

chris78 04-19-2004 02:12 AM
That should be nothing to worry about. As the default for telnet should be not to allow root to login. If you need this (highly disrecommended) you need to change /etc/securetty and put in some pty consoles.
But i think for testing the telnet you should add a user on at least on of the boxes and use this one for login. (useradd USERNAME, or even better if your distribution gives you a tool to add users) If you need root-rights after that you can use "su -" to get root.
If you plan on doing root access on the other box often (for administratio and such) you should definitely use ssh instead of telnet.


Chris

chris78 04-19-2004 02:19 AM
Oh i nearly forgott ... you sure want to put some holes in your firewall.
In /etc/services you can see all the ports that you need to open for a given service (i.e. ssh, telnet, http ...).
I hope that finally you can this straight and have your fun in the linux world :)

Chris

fbarre 04-20-2004 12:11 AM
thank you all for your wonderful help!

viva Linux!


All times are GMT -5. The time now is 01:25 AM.