Operating System - Linux
1833059 Members
2464 Online
110049 Solutions
New Discussion

Not able to accept telnet - RH9

 
SOLVED
Go to solution
yc_2
Regular Advisor

Not able to accept telnet - RH9

Hi,

I have installed RH9 in pro-liant 1600 and the box is not accepting telnet coonection. Client that trying to connect got the following message:

Trying...
telnet: Unable to connect to remote host: Connection refused

I have also checked the following:
(1) ps -ef | grep xinetd
xinetd -stayalive ....

(2) Content of /etc/xinetd.d/telnet file:
service telnet
{
disbale = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
tag_no_failure +=USERID
}

Appreciate any advice,
YC
11 REPLIES 11
Martin P.J. Zinser
Honored Contributor

Re: Not able to accept telnet - RH9

What does netstat -a say about the status of
telnet?
yc_2
Regular Advisor

Re: Not able to accept telnet - RH9

Hi Martin,

netstat -a

Proto Recv-Q Send-Q Local Addr Foreign Addr
: : : : :
tcp 0 0 *:telnet *:*


State
:
LISTEN



YC
Martin P.J. Zinser
Honored Contributor

Re: Not able to accept telnet - RH9

Hi,

that looks ok. Now, while you are logged in
at this box can you do a telnet 127.0.0.1 to the loopback device?

Greetings, Martin
yc_2
Regular Advisor

Re: Not able to accept telnet - RH9

Hi Martin,

No problem with the following after login to the system:

(1) telnet 127.0.0.1
(2) ping 127.0.0.1


YC
Stuart Browne
Honored Contributor

Re: Not able to accept telnet - RH9

If it is listening (as you stated), and 'telnet localhost' works, then it has to be firewall or tcp wrappers.

What are the contents of /etc/hosts.allow and /etc/hosts.deny ?

What does 'iptables -nL' report?
One long-haired git at your service...
yc_2
Regular Advisor

Re: Not able to accept telnet - RH9

Hi Stuart Browne,

No content inside /etc/hosts.allow and /etc/hosts.deny.

output of iptables -nL:

Chain INPUT (policy ACCEPT)
target prot opt source dest
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source dest
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source dest

Chain RH-Lokkit-0-50-INPUT (2 ref)
ACCEPT udp -- 0.0.0.0/0 udp spt:53 dpts:1025:65535
:
:
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0
:


YC

Stuart Browne
Honored Contributor

Re: Not able to accept telnet - RH9

Need all of those lines from the 'iptables -nL' output.

The reject line at the bottom states that 'Unless otherwise accepted in one of the above rules, do not allow the connection'.
One long-haired git at your service...
yc_2
Regular Advisor

Re: Not able to accept telnet - RH9

Hi Stuart Browne,

Here you go:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 udp spt:53 dpts:1025
:65535
ACCEPT udp -- 0.0.0.0/0 udp spt:53 dpts:1025
:65535
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flag
s:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0
x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-
with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 f
lags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0
x16/0x02 reject-with icmp-port-unreachable
Stuart Browne
Honored Contributor
Solution

Re: Not able to accept telnet - RH9

Yeap, that most definatly isn't allowing anything but localhost to connect to the telnet service.

You may as well use the 'lokkit' command, and customize it to allow 'telnet' in.

If you want to do it manually however, I guess the following command will suffice:

iptables -I INPUT -j ACCEPT -p tcp --dport 23
One long-haired git at your service...
Dan Copeland
Regular Advisor

Re: Not able to accept telnet - RH9

enable the xinetd service again form the console or if you know the files to change.
Steven E. Protter
Exalted Contributor

Re: Not able to accept telnet - RH9

I agree with Stuart, its the firewall.


A quick test:

service iptables stop

# test telnet

service iptables start

# test telnet

Stuart's configuration change will work. I suggest assigning him 10 points.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com