LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-17-2004, 08:45 PM   #1
fbarre
LQ Newbie
 
Registered: Aug 2003
Location: California
Distribution: RedHat
Posts: 28

Rep: Reputation: 15
Unhappy Can ping but can not telnet/ftp/ssh my box


Hi all,

I'm using 2 boxes, let's say A & B, running RedHat 9. From A, I can properly telnet/ ftp/ ssh /ping B but from B, I CAN ping A but CAN NOT telnet/ftp/ssh to it and it's driving me nuts for the past day! If I can just make B telnet to A that will get me going. Yes, both machines are behind a corporate firewall, on local LAN.

I checked thru Q&As of the forums and Web and don't seem to find an answer. So, just speaking of telnet .. here's what I've checked:

0) When I telnet from B to A, here's what it says.. thus A's telnet server not answering
Trying 192.168.0.133...
telnet: Unable to connect to remote host: Connection refused

1) from both, identical outputs of "cat /etc/xinetd.d/telnet"
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}

2) I've restarted xinetd of both several times with "service xinetd restart"

3)On both, /etc/host.[allow|deny] files are empty

In A's /etc/host.allow, I've tryed adding this and no luck
ALL: All@127.0.0.1 : ALLOW
ALL: All@192.168.0.0/255.255.255.0 : ALLOW

4) from both, identical outputs of "cat /etc/xinetd.d/services"
service services
{
type = INTERNAL UNLISTED
port = 9098
socket_type = stream
protocol = tcp
wait = no
disable = yes
only_from = 127.0.0.1
}

5) On both, telnet server is installed
rpm -q telnet-server
telnet-server-0.17-25

6) From both, identical outputs of "cat /etc/hosts"
127.0.0.1 localhost.localdomain localhost

7) From both, identical outputs of "/etc/host.conf"
order hosts,bind

6) On A, I checked "netstat -an" if port 23 is enabled

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32867 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:763 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 127.0.0.1:33044 TIME_WAIT
tcp 0 0 192.168.0.133:32786 192.168.0.135:23 ESTABLISHED ----> was telneted to B at that moment
tcp 0 0 127.0.0.1:33045 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33046 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33047 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33041 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33042 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33043 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33048 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33049 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33050 127.0.0.1:631 TIME_WAIT
tcp 0 0 127.0.0.1:33051 127.0.0.1:631 TIME_WAIT


Any help will be greatly appreciated!

thanks,

Last edited by fbarre; 04-17-2004 at 08:47 PM.
 
Old 04-17-2004, 10:20 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820

Rep: Reputation: 46
I would suspect your firewall may be an issue. If it is not connected to the web, you could shut it off to rule it out.
 
Old 04-18-2004, 01:20 AM   #3
RHELL
Member
 
Registered: Feb 2004
Location: Outermost mingetty
Distribution: RHEL3,RH4U4,Sol9, Sol10
Posts: 321

Rep: Reputation: 31
Stupid question: are the user accounts the same on both boxes?
 
Old 04-18-2004, 04:47 AM   #4
chris78
LQ Newbie
 
Registered: Mar 2004
Location: germany
Distribution: Slackware & RedHat
Posts: 28

Rep: Reputation: 15
Quote:
Trying 192.168.0.133...
telnet: Unable to connect to remote host: Connection refused
As i see it this can mean only 2 things.
The xinetd on the machine you try to telnet to is not accepting it or fails to start the telnet process for some reason, but thats not very likely (maybe the log sais something).

The other possibility is that the firewall is in the way. But "192.168.0.133:32786 192.168.0.135:23" this means they are on the same subnet .. so that shouldnt be the case also.

Hmm, did you try to telnet locally ?
One with 127.0.0.1 and one to the own external ip ?
Just something i would try out

Beyond this point i guess i am as clueless as you
 
Old 04-18-2004, 06:08 AM   #5
coolamit78
Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: RHEL AS 3/4, Windows XP
Posts: 546

Rep: Reputation: 31
Well, you should disable firewall (iptables service) on both machines and then check if they are conencting to each other or not. If everything else is proper, then in most cases, the iptables rules are the offenders...

BTW, I am not too sure if two machines configured as telnet servers can connect to each other or not..so excuse me on that..!

Regards,

amit
 
Old 04-18-2004, 10:37 AM   #6
fbarre
LQ Newbie
 
Registered: Aug 2003
Location: California
Distribution: RedHat
Posts: 28

Original Poster
Rep: Reputation: 15
Hi all,

Thank you all for your help! I haven't had a chance to try your suggestions.. you must be on a different time zone as I was sleeping.

Here are the answers to your questions:

Pcghost: both machines can properly access the web

RHELL: No both machines have different usernames. The machine that I'm
trying to telnet to, A, I'm accessing as ROOT.

Chris78: I've tried to make A telenet itself, and it gives me the
Login/Passwd prompts but doesn't go any further.

coolamit78: you said, "disable firewall (iptables service)", how can I do
this, I mean what are actual linux commands.


I really appreciate your help folks and will head to work right now to continue debugging it and will definitely post the solution!

cheers,
 
Old 04-18-2004, 11:29 AM   #7
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820

Rep: Reputation: 46
The command to shut off iptables in redhat is

service iptables stop

or

/etc/init.d/iptables stop

What I meant by implicating the firewall was that if Iptables is not properly configured, it can prevent telnet access between machines. Successful Internet access is not a sign that iptables is correctly configured.

I would nmap from each of the boxes to the other, both with iptables running, and with it shut down. That will tell you for sure if the firewall is the problem.
 
Old 04-18-2004, 01:14 PM   #8
fbarre
LQ Newbie
 
Registered: Aug 2003
Location: California
Distribution: RedHat
Posts: 28

Original Poster
Rep: Reputation: 15
Pcghost:

Thanks! I only shut off the iptables on the machine that I'm telneting to, A, and I can access it now although it doesn't accept my Login/Passwd which are "root & xxxx" ? don't know why? any idea... I normally loggon to A as root.

does this mean that the firewall is faulty?

cheers,
 
Old 04-19-2004, 02:12 AM   #9
chris78
LQ Newbie
 
Registered: Mar 2004
Location: germany
Distribution: Slackware & RedHat
Posts: 28

Rep: Reputation: 15
That should be nothing to worry about. As the default for telnet should be not to allow root to login. If you need this (highly disrecommended) you need to change /etc/securetty and put in some pty consoles.
But i think for testing the telnet you should add a user on at least on of the boxes and use this one for login. (useradd USERNAME, or even better if your distribution gives you a tool to add users) If you need root-rights after that you can use "su -" to get root.
If you plan on doing root access on the other box often (for administratio and such) you should definitely use ssh instead of telnet.


Chris
 
Old 04-19-2004, 02:19 AM   #10
chris78
LQ Newbie
 
Registered: Mar 2004
Location: germany
Distribution: Slackware & RedHat
Posts: 28

Rep: Reputation: 15
Oh i nearly forgott ... you sure want to put some holes in your firewall.
In /etc/services you can see all the ports that you need to open for a given service (i.e. ssh, telnet, http ...).
I hope that finally you can this straight and have your fun in the linux world

Chris
 
Old 04-20-2004, 12:11 AM   #11
fbarre
LQ Newbie
 
Registered: Aug 2003
Location: California
Distribution: RedHat
Posts: 28

Original Poster
Rep: Reputation: 15
thank you all for your wonderful help!

viva Linux!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting FTP, TELNET , or SSH to work jst1 SUSE / openSUSE 1 03-08-2005 08:54 PM
how can I have people telnet/ssh to my box when im behind a router? digsby0007 Linux - Networking 4 11-19-2003 05:42 PM
Cannot ping to, telnet to, but CAN use WWW from new linux box chapzilla Linux - Networking 24 06-11-2003 02:46 PM
Can't ping/ssh my box, Shorewall seems to block all traffic except http / ftp tiduck Linux - Networking 10 05-22-2003 09:21 PM
Can ping, but no telnet or ftp dblhack Linux - Networking 3 08-20-2001 06:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration