HPE Community
Operating System - HP-UX
1832694 Members
3216 Online
110043 Solutions
New Discussion

Problem with incoming network connections to box

 
SOLVED
Go to solution
James Beamish-White
Trusted Contributor

‎04-11-2002 04:25 AM

‎04-11-2002 04:25 AM

Problem with incoming network connections to box

I have a problem with incoming connections to an HPUX 11.11 machine. When telneting/ftping to the machine, I get the following:

#telnet myserver
Trying...
Connected to server.ip.address.
Escape character is '^]'.

(hangs)

#ftp myserver
Connected to server.ip.address.

(hangs)


I am currently building the system, and the last thing I did was put on 2 patches (PHCO_24777 and PHNE_24910). On reboot, telnet/ftp doesn't work.

In addition to the patches, I have previously done the bastion host hardening process (TCB conversion, removal of global write privileges and unneeded sticky bits etc).

The is nothing in the syslog.

Anyone have any ideas on this?

Cheers,
James
GARDENOFEDEN> create light
0 Kudos
Reply
6 REPLIES 6
Steven Gillard_2
Honored Contributor

‎04-11-2002 04:45 AM

‎04-11-2002 04:45 AM

Re: Problem with incoming network connections to box

Sounds like a DNS problem to me - these things (ftp and telnet) usually perform a reverse lookup of the connecting IP address, so if there's no response you will get these types of problems.

Check your /etc/resolv.conf and /etc/nsswitch.conf files for DNS configuration. Make sure you can successfully resolve the IP addresses of your connecting hosts - add entries to /etc/hosts if need be.

Regards,
Steve
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎04-11-2002 04:49 AM

‎04-11-2002 04:49 AM

Re: Problem with incoming network connections to box

check the obvious:

- make sure inetd is running
- make sure that syslog is running with the -D option
- make sure that /etc/inetd.conf has ftp running with the -l option so it will log
- make sure that /var/adm/inetd.sec does not have exclusions for ftp or telnet
- traceroute from your hp system to the system from which you are trying to ftp to makesure you have a network path between the two

HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
Steve Lewis
Honored Contributor

‎04-11-2002 04:55 AM

‎04-11-2002 04:55 AM

Re: Problem with incoming network connections to box

Not usually a problem with modern servers, but check that the patches are configured using
swlist -l fileset -a state | grep -v config

Anything that says installed is not finished. You can configure them best by rebooting the server.
It does sound like you may have removed something it needs, such as lines in inetd.conf.
Check this file and recycle the inet daemon using inetd -c.
Then check any amendments you may have made to inetd.sec.

0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎04-11-2002 05:06 AM

‎04-11-2002 05:06 AM

Solution

Re: Problem with incoming network connections to box

hi,

try:

telnet/ftp/rlogin with the IP address
and ensure whether the problem is occuring from any system logging to this server. To exclude any IP/hostname resolution issues, add the hostname/ip of the system you are logging from into the /etc/hosts file . (just for test).

Login from the console and try telnetting into the server iteself.

Make sure the patches are installed correctly.
The problem could also be with the telnet not getting a device file due to driver (pts,pty) corruption.

HTH
raj
Take it easy.
Reply
James Beamish-White
Trusted Contributor

‎04-11-2002 05:09 AM

‎04-11-2002 05:09 AM

Re: Problem with incoming network connections to box

I have restarted the server several times, as I thought of the possibility of unconfigured patches.

The obvious things mentioned I have already checked. I get the same responses from 'telnet localhost' as from external systems, so it's not a intermachine communication problem. We don't use DNS, and I have checked the nsswitch.conf file.

I am thinking it's something to do with the the next stage after a network connection is initiated. Anyone know the login sequence off the top of their head? I believe it's something like...

1. inetd accepts a request
2. inetd calls the appropriate handler (e.g. telnetd)
3. telnetd creates a connection between the incoming network call and a pseudo terminal (pty).
4. login is called.

It seems to get to 2), but not to 4). Anyone know what could cause this?

Cheers,
James

GARDENOFEDEN> create light
0 Kudos
Reply
James Beamish-White
Trusted Contributor

‎04-11-2002 05:17 AM

‎04-11-2002 05:17 AM

Re: Problem with incoming network connections to box

Thanks Raj, your reply lead to the answer.

Part of the bastion host process is to remove global write privileges. I had re-added global write to most of the required files, but I had forgotten about /dev/pts/*. Once I chmod o+w these files, it works.

Thanks again,
James

GARDENOFEDEN> create light
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.