HPE Community
Operating System - HP-UX
1833325 Members
2731 Online
110051 Solutions
New Discussion

Re: Telnet restriction?

 
SOLVED
Go to solution
E. Wong
Frequent Advisor

‎11-15-2001 09:54 AM

‎11-15-2001 09:54 AM

Telnet restriction?

I am having trouble with users opening a Telnet session to my HPUX box. They get Connection failed. What is intriguing, I have other users able to telnet without any problem. Is there any telnet quota exceeded? I already checked Kernel variable npty = 60. Any thoughts?
compute, therefore you are
0 Kudos
Reply
25 REPLIES 25
Uday_S_Ankolekar
Honored Contributor

‎11-15-2001 09:57 AM

‎11-15-2001 09:57 AM

Re: Telnet restriction?

Hi,

Check /var/adm/inetd.sec file for any subnet being blocked.

-Goodluck,
-USA..
Good Luck..
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 10:02 AM

‎11-15-2001 10:02 AM

Re: Telnet restriction?

Hi Wong,

Check this link and update your kernel parameter if you feel that is the problem,

http://us-support.external.hp.com/cki/bin/doc.pl/sid=461069dd19391c1585/screen=ckiDisplayDocument?docId=200000046112381

Hope this helps.

Regds
Reply
Craig Rants
Honored Contributor

‎11-15-2001 10:04 AM

‎11-15-2001 10:04 AM

Re: Telnet restriction?

Check the syslog for connection messages from telnet.

grep -i Telnet /var/adm/syslog/syslog.log

If telnet is not being logged go to /etc/rc.config.d/netdaemons and modify INETD_ARGS line with the "-l" option.

Restart your service and have them try there telnet again.

Good Luck,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
E. Wong
Frequent Advisor

‎11-15-2001 11:16 AM

‎11-15-2001 11:16 AM

Re: Telnet restriction?

no "deny" in inetd.sec
still can't ping certain users workstations.
compute, therefore you are
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎11-15-2001 11:36 AM

‎11-15-2001 11:36 AM

Re: Telnet restriction?

Hi,
It's Network issue. Try traceroute command to see where all the packets are moving.
Also check the default route for these workstations. They could be pointing to some other object.

Goodluck,
-USA..
Good Luck..
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 11:52 AM

‎11-15-2001 11:52 AM

Re: Telnet restriction?

Hi,

Can you ping you hp box from your user workstations. IF you know the ip for your user workstations you can try to do a "traceroute"

/usr/contrib/bin/traceroute ip_address

If you have exceed or some telnet packge you can use its traceroute to trace the route from the workstation to the hp-box. This looks like a gateway problem.

Hope this helps.

Regds
Reply
E. Wong
Frequent Advisor

‎11-15-2001 12:39 PM

‎11-15-2001 12:39 PM

Re: Telnet restriction?

Sanjay,

I can do a ping from workstation to HPUX. But from HPUX to workstation, traceroute doesn't seem to work. Any further thoughts?
compute, therefore you are
0 Kudos
Reply
Craig Rants
Honored Contributor

‎11-15-2001 12:50 PM

‎11-15-2001 12:50 PM

Re: Telnet restriction?

What about your allows? If something is not allowed, it is implicitly denied.

Could you put your inetd.sec file in a post.

Also what are the ip's of the workstations you are refering to. That info would keep everyone from guessing on answers for you.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 01:04 PM

‎11-15-2001 01:04 PM

Re: Telnet restriction?

Hi,

Seems like a route problem to me. What is the OS on your workstation. Both Hp and win NT has route command to manually add a route. IS your Hp-ux server on a different subnet than your workstation. If their a route in between them. You can use the route command to add a route manually from your workstation. If you are using a NT Workstation, go to ms-prompt and type "route print". this will list all the routes available. Check whether the subnet to the hp server to available over there. you can configure a gateway from your nt workstation to the hp-unix server. Check the setting on another workstation from where you are able to login into hp.

We had a similar problem with another server sitting in between the hp-server and the node.

Hope this helps.

Regds
Reply
E. Wong
Frequent Advisor

‎11-15-2001 01:07 PM

‎11-15-2001 01:07 PM

Re: Telnet restriction?

Here is the info on the inetd.sec

dtspc allow 127.0.0.1 hpux4
spc allow 127.0.0.1 hpux4
mserve allow 127.0.0.1 hpux4
hpux4 ip is 219.51.90.14
workstation in question is 219.51.90.134

Both ip's are in the 255.255.255.0 subnet
compute, therefore you are
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎11-15-2001 01:20 PM

‎11-15-2001 01:20 PM

Re: Telnet restriction?

What is your default route on hpux4 ??

Do a netstat -rn, and it should show a line like this (but not exactly):

default 219.51.90.1 UG 0 lan0 0

and are you sure the netmask is 255.255.255.0?

Do a ifconfig lan0 and double check the netmask.




live free or die
harry
Live Free or Die
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 01:29 PM

‎11-15-2001 01:29 PM

Solution

Re: Telnet restriction?

Hi,

what is the gateway for hpux4

Add the same gateway to the workstation you are connecting from.

Hope this helps.

Regds
Reply
Craig Rants
Honored Contributor

‎11-15-2001 01:32 PM

‎11-15-2001 01:32 PM

Re: Telnet restriction?

dtspc allow 127.0.0.1 hpux4
spc allow 127.0.0.1 hpux4
mserve allow 127.0.0.1 hpux4
hpux4 ip is 219.51.90.14
workstation in question is 219.51.90.134

Both ip's are in the 255.255.255.0 subnet

Based on the information above, telnet is allowed to all. I should have thrown in the caveat if the service is not listed then it is implicitly allowed.

Your subnet is flat so you don't even need a default gateway to talk between the workstation and hpux4, even though you do want one. A traceroute should only show 1 hop in this configuration. Could it be that your subnet mask is not set properly?

What type of workstation is it? W2K, HP, this will make a minimal difference, just curious.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
harry d brown jr
Honored Contributor

‎11-15-2001 01:37 PM

‎11-15-2001 01:37 PM

Re: Telnet restriction?

Craig,

your subnet mask must be 255.255.255.0 for anyone to get in from 219.51.90.x, but I haven't seen anything to that fact yet. Also, I'm wondering if the clients that are trying to connect to the hpux4 are setup correctly?

live free or die
harry
Live Free or Die
Reply
E. Wong
Frequent Advisor

‎11-15-2001 01:38 PM

‎11-15-2001 01:38 PM

Re: Telnet restriction?

Here are some results:

# traceroute 219.51.90.134
traceroute to 219.51.90.134, 30 hops max, 20 byte packets
1 219.51.90.134 1 ms * *

# netstat -rn
default 219.51.90.1 UG 3 24775 lan0 1500

# ifconfig lan0
lan0: flags=863
inet 219.51.90.14 netmask ffffff00 broadcast 219.51.90.255

Awaiting comments
compute, therefore you are
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 01:46 PM

‎11-15-2001 01:46 PM

Re: Telnet restriction?

Hi,

IS your default gateway 219.51.90.1 available.

Regds
Reply
Craig Rants
Honored Contributor

‎11-15-2001 01:53 PM

‎11-15-2001 01:53 PM

Re: Telnet restriction?

Harry,
I was making and assumption based on 255.255.255.0 comment. Just an assumption.

The * in your traceroute shows that the packet was not responded to. I would focus on that workstation.

Your ifconfig looks good, same with your default route.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
E. Wong
Frequent Advisor

‎11-15-2001 01:54 PM

‎11-15-2001 01:54 PM

Re: Telnet restriction?

Sanjay,

Yes, default gateway is available. I can telnet it both from workstation and HPUX.
compute, therefore you are
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 02:03 PM

‎11-15-2001 02:03 PM

Re: Telnet restriction?

Hi,

If on win NT workstation, go to dos prompt, add a route

route add 0.0.0.0 mask 0.0.0.0 219.51.90.1 metric 1 IF 219.51.90.134

then try a telnet.

Hope this helps.

Regds
Reply
E. Wong
Frequent Advisor

‎11-15-2001 03:16 PM

‎11-15-2001 03:16 PM

Re: Telnet restriction?

halfway there. Once I add the "route add ...." command, I get to telnet from workstation to HPUX. But once I reboot workstation, the route doesn't show anymore. I have to add it once again.
Is there a way to add the route to the tables on a permanent basis in the workstation NT?
compute, therefore you are
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎11-15-2001 03:22 PM

‎11-15-2001 03:22 PM

Re: Telnet restriction?


Hi,

while adding route use -p option that will save the routing onfo NT.

Goodluck,
-USA..
Good Luck..
Reply
E. Wong
Frequent Advisor

‎11-15-2001 04:03 PM

‎11-15-2001 04:03 PM

Re: Telnet restriction?

Alright, that takes care of my NT. I have a few Win98. -p doesn't work there. Any workarounds?
compute, therefore you are
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 06:30 PM

‎11-15-2001 06:30 PM

Re: Telnet restriction?

Hi,

I would suggest you to set the gateway ip as 219.51.90.1 on all nodes in the TCP/IP properties for the lan card.

For us, we have DNS configured and the nodes pick up all the info from the DNS, we do not have any ip add setting. The workstation ip is assigned by DHCP server and the name and ip resolution being done by DNS.

Hope this helps.

Regds
Reply
E. Wong
Frequent Advisor

‎11-16-2001 02:27 PM

‎11-16-2001 02:27 PM

Re: Telnet restriction?

Thanks everyone for your inputs. They're really helpful. Thanks Sanjay for narrowing down the problem.

Keep the forum going!
compute, therefore you are
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.