|
empty iptables rules or what ?
Redhat 8.0
Kernel 2.4.18-14 when i 'service iptables status' i get " Table: filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination " iptables v1.2.6a what does this mean ? and i can't telnet nor ftp into my system from outside. Please help. Thank you very much! |
It means you have iptables running, but it's not filtering anything.
I expect you can't telnet into your box because 1) You don't have a telnet-server running (by default under Redhat it doesn't install one). 2) You don't have an ftp server installed either. to enable telnet access to your machine you need to install : telnet-server-0.17-20.i386.rpm or a later version - I think that's the one that comes with Redhat 7.3. If yours has a higher number, use that. and an ftp server : wu-ftpd-2.6.2-5.i386.rpm Once you've gotten your telnet server installed you'll need to alter a configuration file : /etc/xinetd.d/telnet By default it comes disabled so change it to something like this : # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } There are some other options you can include which will allow you to restrict access to a certain IP, or certain users, and suchlike. May I suggest instead that you *dont* run a telnet server and instead use SSH, which is altogether much more secure, and does a bunch more stuff for you. Also, look at running some iptables firewall rules if this box is connected to the internet. You're wide open for anyone to hack services you might have running and don't want exposed to the outside world (like NFS). Slick. |
|
I thank you very much Slick and Peter.
I will look into it. By the way, I have both my telnet and ftp installed. They are working as I can access from my own computer but not from IPs of the different subnet.... What could the problem be? |
for "quick" solutions of blocking unwanted trafic there's
always /etc/hosts.allow and /etc/hosts.deny I don't know RH well enough, however, to be able to tell you whether it uses them by default or not... Cheers, Tink |
Not really very sure what the problem is.
If you can get to it from your local subnet but not from a distant subnet I would suggest looking into what's going on inbetween. What's between your distant machines and your server? Do you get an error message, or does it just say 'timed out'? You're not running any iptables rules so we can knock that one on the head. How many interfaces do you have on your server? Where are they pointing? You may have left the default 192.168.1.xxx rule in your telnet definition which would mean anything on another subnet won't be able to get in. Can your distant machines connect to *anything*? All these questions and more will be answered in our next exciting enstallment, please don't change your channel. Slick. |
| All times are GMT -5. The time now is 02:27 AM. |