Telnet to linux server 1

[mks6376]

Hi,

I have a RH Linux 9 server and I am trying to configure the telnet access to it and its not working. SSH works just fine.
I didnot have the telnet-server package installed on the server earlier. I had installed that now. I have also changed the disable parameter in the telnet file under
/etc/xinetd.d/
Also added pts/0 and pts/1 in /etc/securetty file

Can anyone help me with this.

Thanks in advance

 

[ericbrunson]

Have you opened the telnet port in your firewall?

 

[mks6376]

I don't have a firewall running on the server. This server is in my local LAN so my external firewall should not impact that.
Moreover from the same server if I do
#telnet localhost
this works.

 

[ericbrunson]

If to works from the local server and not from elsewhere on the network, then it definitely sounds like a firewall issue. What does the output of "/sbin/iptables -L" look like?

 

[pansophic]

Do you have anything defined in your /etc/hosts.allow or /etc/hosts.deny? I thought that inetd packages still looked at these files, and by default most services are only open to localhost. Is that no longer true?


pansophic

 

[mks6376]

output for /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 3.132.4.44 anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- 3.132.4.44 anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- chiadcw02p.railcar.ge.com anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- chiadcw01p.railcar.ge.com anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:https flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

 

[Annihilannic]

Have you restarted or reloaded inetd since enbabling the service in /etc/xinetd.d?

To check whether it's listening, try:

[tt]netstat -an | grep ':22 .*LISTEN'[/tt]

You should get one line of output if it is.

Annihilannic.

 

[pansophic]

I think that Annihilannic meant

netstat -an | grep ':23 .*LISTEN'

Port 22 is ssh, not telnet.


pansophic

 

[Annihilannic]

You think right. We have telnet disabled, so I was checking my command using the SSH port...

Annihilannic.

 

[mks6376]

command
#netstat -an | grep ':23 .*LISTEN'
output
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN

 

[pansophic]

Unless I am mistaken, that indicates that Telnet is listening on all IP addresses for connections from any IP address.

Have you run tcpdump (or ethereal even better) to see if the telnet requests are getting to your machine and if your machine is ignoring or rejecting the connections?


pansophic