[oclug]Local telnet puzzle - SOLVED

David G. quarrington.robinson at sympatico.ca
Sat Jan 11 11:22:35 EST 2003 

"David G." wrote:
> 
> I have two Redhat Linux boxes behind a firewall (D-Link Ethernet
> Broadband Router). They are:
> 
> [whacker at caviar whacker]$ uname -a
> Linux caviar 2.4.9-31smp #1 SMP Tue Feb 26 05:55:20 EST 2002 i686
> unknown
> [whacker at caviar whacker]$
> 
> and
> 
> [whacker at flamen whacker]$ uname -a
> Linux flamen 2.4.7-10 #1 Thu Sep 6 17:21:28 EDT 2001 i586 unknown
> [whacker at flamen whacker]$
> 
> I'm really perplexed that I can telnet in one direction (from caviar to
> flamen) but have been unsuccessful in telnet from flamen to caviar. I
> use static addresses.
> 
> With telnet from caviar to flamen running,from caviar I see ...
> 
> [whacker at caviar whacker]$ netstat|grep net
> Active Internet connections (w/o servers)
> tcp        0      0 caviar:33475            flamen:telnet
> ESTABLISHED
> [whacker at caviar whacker]$
> 
> ... and from flamen I see ...
> 
> [whacker at flamen whacker]$ netstat |grep net
> Active Internet connections (w/o servers)
> tcp        0      0 flamen:telnet           caviar:33475
> ESTABLISHED [whacker at flamen whacker]$
> 
> Although I can ping caviar from flamen, when I try to telnet ...
> 
> [whacker at flamen whacker]$ telnet caviar
> Trying 192.168.69.102...
> telnet: connect to address 192.168.69.102: Connection refused
> [whacker at flamen whacker]$
> 
> hosts.allow and hosts.deny are identical (empty).
> 
> lsmod tells me that ipchains is running (no iptables entry), but ...
> 
> [root at caviar whacker]#  /sbin/ipchains -L
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> [root at caviar whacker]#
> 
> ... which looks rather wide-open to me. Why am I getting "Connection
> refused"? Who is "refusing"?
> 
> I tried exiting the caviar-flamen telnet before trying flamen-caviar
> telnet, but with no difference in outcome.
> 
> What configuration file(s) should I be looking at? What little "OH
> SHIT"!!!" have I most likely overlooked?
> 
--- snip ---

SOLUTION:

Many thanks to Dana for the "as root run /usr/sbin/setup" prescription.

It revealed the "OH SHIT"!!!" which was that telnet-server-0.17-20 was
NOT installed on caviar (although telnet-0.17-20 was there). i.e.
"telnet" was not available as a selectable service to run on caviar,
explaining why attempts to telnet from flamen were refused.

So as explained by Phil, "telnet is the client side of the connection -
the program that gets run when you say "telnet flamen".  in.telnetd is
the server side, that gets launched by xinetd when it receives a request
for a connection from a telnet client on port 23.  xinetd is an
"super-server" that lauches the appropriate server whena connection
comes in.  So it's used by several services on your system."

Using rpm and the RH7.2 installation disk painlessly rectified that so
now:

[whacker at caviar whacker]$ rpm -qa|grep telnet
telnet-server-0.17-20
telnet-0.17-20
[whacker at caviar whacker]$ 

And the current situation is:

[whacker at flamen whacker]$  netstat|grep net
Active Internet connections (w/o servers)
tcp     0   0 flamen:telnet      caviar:32773    ESTABLISHED 
tcp     0   0 flamen:1061        caviar:telnet   ESTABLISHED 
[whacker at flamen whacker]$ ps -A|grep net
  792 ?        00:00:00 xinetd
 1278 ?        00:00:10 in.telnetd
 1320 pts/1    00:00:54 netscape-commun
 1354 pts/1    00:00:00 netscape-commun
 2498 pts/0    00:00:00 telnet
[whacker at flamen whacker]$ 

[whacker at caviar whacker]$ netstat|grep net
Active Internet connections (w/o servers)
tcp     0   0 caviar:telnet      flamen:1061   ESTABLISHED 
tcp     0   0 caviar:32773       flamen:telnet ESTABLISHED
[whacker at caviar whacker]$  ps -A|grep net
  884 ?        00:00:00 xinetd
 1003 ?        00:00:00 vmnet-bridge
 1762 pts/3    00:00:01 telnet
 2148 ?        00:00:00 in.telnetd
[whacker at caviar whacker]$

Now I can telnet from flamen (a Pentium 133) to caviar (SMP Athlon
1900MP) and run StarOffice with great performance (relative to running
StarOffice on flamen). Running Win95 vmware from flamen last night was
disastrous so I obviously need to tread carefully there.

The more I learn about Gnu/Linux, the more I like it! Thank you Dana,
Phil, and Brian.
-- 
David G. Robinson -
To call me a Linux Hacker is to 
consider all cats ornithologists.

More information about the OCLUG mailing list