HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

unable to telnet or ping to server

 
SOLVED
Go to solution
Jerry_109
Super Advisor

unable to telnet or ping to server

# uname -a ; model
HP-UX - B.11.31 U ia64 2066127389 unlimited-user license ia64 hp server rx7640
####################################

Hello All,

I'm trying to figure out where on my system the security is set up to prevent telnet & ping from outside? We do utilize "ssh" to access the server. I attenpted to look in "/opt/ssh/etc/sshd_config" for answers, but nothing looked to be the problem. I can telnet or ping from within the server, but not from another server to my server.
#######################
root@vlupolicyp[/opt/ssh/etc]
# ps -aef | grep ssh
root 1607 1 0 Dec 22 ? 0:00 /opt/ssh/sbin/sshd
##############################

Does anyone have any thoughts?

I tried to look at places like :
/var/adm/inetd.sec
/etc/inetd.conf

8 REPLIES
Mark McDonald_2
Trusted Contributor
Solution

Re: unable to telnet or ping to server

first thought after what you have already tried was /etc/default/security.

But I am not sure with out checking that that is the correct place.

Mark McDonald_2
Trusted Contributor

Re: unable to telnet or ping to server

Jerry, Having thought about this - I do not know of a way to disable the ping response from with in HPUX, may be this is a new feature in 11.31? or maybe this is being stopped by a firewall?
Jerry_109
Super Advisor

Re: unable to telnet or ping to server

Thanks, I'll check w/ the firewall team.

root[/etc/default]
# egrep -i "ping|telnet" /etc/default/security
root[/etc/default]
# egrep -i "ping|telnet" /etc/services
telnet 23/tcp # Virtual Terminal Protocol
Mark McDonald_2
Trusted Contributor

Re: unable to telnet or ping to server

Jerry, I guess you have already done this but ask the firewall guys about telnet too, they could be blocking this.
Matti_Kurkela
Honored Contributor

Re: unable to telnet or ping to server

Check if IPFilter is installed. If so, its rules will be in directory /etc/opt/ipf.

IPFilter can be used to block all kinds of IP traffic: it's a kernel-level filter, so it can block traffic before any application can see it. It can also block ICMP (including pings) which is normally handled by the kernel only.

MK
MK

Re: unable to telnet or ping to server

Jerry,

0.Looks like your TCP stack works well because you can ping yourself successfully.

1. Could you check your network traffic goes well with the "another" box?

2. Could you make sure only ssh/telnet/ping traffices are blocked?

3. Can you use some tools like tcpdump to capture the package.

4. You also can use "ssh -vvv" to print out more detailed story.

Hope this can help

-- Jerry Jiang
Jerry_109
Super Advisor

Re: unable to telnet or ping to server

hello All thanks for the information. It seems HP-UX 11.31 has an internal filter (ipfilter ) as mentioned by "Matti". I tested w/ the following :

#################
root@
# /opt/ipf/bin/ipfilter -q
IPFilter Enabled
root@
# /opt/ipf/bin/ipfilter -d
IPFilter Disabled
*****
ping from outside server works now after ipfilter is disabled
*****
root@
# /opt/ipf/bin/ipfilter -e
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list
IPFilter Enabled
#################

Re: unable to telnet or ping to server

Hi,

If you want to secure your servers to be accessed by using telnet, rlogin etc ...

Comment the entry of each unnecessary services:

#vi /etc/inetd.conf

and restore the internet deamon:

#inetd -c

regards.