- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: telnet not accessible - redux ?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2011 05:19 PM
тАО01-26-2011 05:19 PM
To restart the story from scratch: I have an old K220 running HPUX 11.00 that someone suddenly needs to access via telnet. ssh works to and from the box so the networking routes are correct. Additionally, I found that even telnet from another box on the same network segment times out, so routing is pretty much out of the picture.
I looked for /var/adm/inetd.sec and found everything in it completely commented.
# grep -v ^# /var/adm/inetd.sec
#
Telnet is not wrapped and is available in /etc/inetd.conf:
# grep telnet /etc/inetd.conf
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
In the prior post, I was having difficulty finding out whether or not the packets were even reaching the host. After failing miserably at getting any level of support from our esteemed network colleagues, I finally found a copy of tcpdump for hpux 11.00. As it turns out, the telnet traffic is actually getting to the box.
tcpdump: listening on lan0
20:13:57.651039 111.222.333.116.61829 > 111.222.333.56.23: S 2924435980:29244359
80(0) win 32768
20:14:00.713746 111.222.333.116.61829 > 111.222.333.56.23: S 2924435980:29244359
80(0) win 32768
20:14:06.833787 111.222.333.116.61829 > 111.222.333.56.23: S 2924435980:29244359
80(0) win 32768
20:14:19.044343 111.222.333.116.61829 > 111.222.333.56.23: S 2924435980:29244359
80(0) win 32768
20:14:43.433777 111.222.333.116.61829 > 111.222.333.56.23: S 2924435980:29244359
80(0) win 32768
2886 packets received by filter
0 packets dropped by kernel
So, it looks like there is something filtering traffic on that box. Does anyone have a clue where I should be looking next?
Thanks for your time and help.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2011 06:31 PM
тАО01-26-2011 06:31 PM
Re: telnet not accessible - redux ?
I found a site that gives some examples on tracing using nettl/netfmt. I've attached the results of running
nettl -tn 0x30800000 -e all -ks 5M -us 10M | \
netfmt -F -N -n -l -c /tmp/filterfile | tee /tmp/telnet1
minus all the extraneous 'packet filetered out messages'.
I'm not seeing anything in there indicative of a problem - but then, I doubt I would. Any other ideas on what I can/should try?
Thanks.
Doug
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2011 07:06 PM
тАО01-26-2011 07:06 PM
Re: telnet not accessible - redux ?
And, one more data point: I took another tcpdump on the system that's having the telnet issue - address ends in 56. host01 is the source of the telnet on the same network as the target system.
# tcpdump -i lan0 -n dst host01 or src host01
tcpdump: listening on lan0
21:58:03.537791 111.222.333.116.55654 > 111.222.333.56.23: S 565732272:565732272
(0) win 32768
21:58:06.608707 111.222.333.116.55654 > 111.222.333.56.23: S 565732272:565732272
(0) win 32768
21:58:12.728724 111.222.333.116.55654 > 111.222.333.56.23: S 565732272:565732272
(0) win 32768
21:58:15.961487 arp who-has 111.222.333.116 (ff:ff:ff:ff:ff:ff) tell 111.222.333
.64
21:58:24.938920 arp who-has 111.222.333.56 (ff:ff:ff:ff:ff:ff) tell 111.222.333.
116
21:58:24.940227 arp reply 111.222.333.56 is-at 0:10:83:96:60:d0
21:58:24.941164 111.222.333.116.55654 > 111.222.333.56.23: S 565732272:565732272
(0) win 32768
21:58:49.328797 111.222.333.116.55654 > 111.222.333.56.23: S 565732272:565732272
(0) win 32768
6763 packets received by filter
0 packets dropped by kernel
Am I missing it? The 56 host doesn't ever seem to send a packet back to host01, does it? I was thinking I should see both directions with the tcpdump filter "dst host01 or src host01"...
Thanks. That's the last response to my own posts, I promise...
Doug
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2011 11:14 PM
тАО01-26-2011 11:14 PM
SolutionBut there does not seem to be any response at all. Maybe something prevents the incoming packet from being processed further, or perhaps the response packet gets blocked or directed somewhere else.
First, does this system have multiple network interfaces? If it has more than one, what does the routing table look like?
Perhaps the outgoing packets are configured to go through a different interface. That would confuse the system with the telnet client: "Why isn't the system at MAC address A not answering me? And what is this completely different MAC address B that pretends I was opening a connection to it, when clearly I wasn't?"
Your system might also have IPFilter installed and configured to block telnet connections. Please see:
http://docs.hp.com/en/B9901-90029/index.html
(the link seems to still work... for now at least)
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2011 04:55 AM
тАО01-27-2011 04:55 AM
Re: telnet not accessible - redux ?
No; just the one interface. I'll look into the filtering. Thanks for the suggestion.
Doug
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2011 05:28 AM
тАО01-27-2011 05:28 AM
Re: telnet not accessible - redux ?
ipfilter was the culprit! That was the key bit of information. I was able to disable the filter and get everything working.
Thanks alot for the tip.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html