Solved

Can't FTP or TELNET to a machine

Posted on 2000-04-20
22
242 Views
Last Modified: 2010-05-18
We have a gateway machine that's used as the DNS server, router and firewall for our LAN. It has two ethernet cards(eth0 and eth1) One(eth1) is local the other is to the outside(eth0). We have a firewall to the outside. On this same machine I installed dhcp2.0.5 rpm(which works just fine), but soon after I did I couldn't telnet or ftp to this machine...at least not locally(through eth1). If I telnet to the outside and then try to telnet back in it works just fine. To me it looks like a firewall problem, yet it shouldn't be since I didn't change any firewall settings. What i did do wrong is put in this machine's IP address in the range of addresses for the DHCP server. I suspect this did something, I don't know what. After that I tried removing the dhcp package, which incidentally caused problems in linuxconf, but that's all been resolved.
PLEASE HELP.
0
Comment
Question by:tibori
  • 11
  • 10
22 Comments
 
LVL 12

Expert Comment

by:j2
Comment Utility
Uhm, whats the exact error when trying to telnet? Does it just "hang" there? If so it is most likely since it cannt find the Reverse DNS of the client. modify your /etc/hosts and add the name / IP of all your clients (and the server itself) like this

192.168.0.254   gw.mupp.net
192.168.0.100   gonzo.mupp.net

add a line like this for ALL systems and try again.

0
 
LVL 12

Expert Comment

by:j2
Comment Utility
(but of cource replace the names / ip's of the systems)

The way i handle this in my home network is to run a DNS, and then have dhcpd collect the config from there, works like a charm, and keeps the name resolution consitent.
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
I does just hang there and then it comes up with "Connection closed by foreign host" after about 10sec or so. I'll try your suggestion, but I'm still wondering what could've happened. I can only try by next Monday so I'll get back to you then.
Thanks
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
it MIGHT also try to obtain a IDENT reply.
0
 
LVL 1

Expert Comment

by:Sokka
Comment Utility
You have set the route of the clients from where u access
using route add command
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
sokka: The clients already have a route to the server which they can't reach. Also the server has a route to the LAN, which has not been changed. Also like I said, I can ping it I just can't FTP or TELNET. Seems pretty strange to me.
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
j2: I've tried your suggested answer, and it gotten me to the point where I can telnet to that machine(only from itself) to either of its 2 hostnames, which I guess is progress. However the other clients on the inside, still can't telnet or ftp. I've checked the nameserver database as well, but I can't find problems there either.
Anything else I may be missing?
Thanks
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
I'm sorry looks like you said "add it for ALL the systems" Well I can't really do that considering that most of the clients are Windoze ones. Anyhow, I'd like to figure out what happened with the original configuration where adding these names wasn't necessary.
Thanks
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
the linux HAS to be able to do a reverse DNS between IP and hostname of the clients, and since you are using DHCP to assign the IP's for the clients, this will get cumbersome, but it really has to be done.

I would guess that the FQDN of the linux changed when it was using dhcp, and the problem lies there.
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
j2: Thanks for the quick reply. I am only using DHCP for certain IP's, for mobile users that do not overlap with any servers or the static clients which exist on the network. However I did make that mistake I mentioned above in including this specific server under the range of DHCP addresses, which is where the problem started. I've since removed it(made the range smaller) however the problem still exists. BTW how can I change the FQDN back. I've looked at my named databases but they all look normal.
P.S. I've already tried shutting down the DHCP daemon and trying it that way, but it still fails. Looks like something permanent somewhere changed.
Thanks
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
i was refering to the FQDN of the server. If you do a reverse DNS of the servers IP, does it match what is in the DNS _exactly_?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Author Comment

by:tibori
Comment Utility
Not exactly. It's very interesting actually. On the server under var/named/ db.x.x.x which has the declarations for the local IP addresses the complete host
names are defined as "machinename.domainname.domainname." instead of machinename.domainname.com" which I guess is correct? Anyways, trying to do a reverse DNS from the client gives this address instead of the .com address. As I've said, simply pinging the server from any of the clients(either through hostname or IP) works just fine. Also, pinging any of the clients either through hostname or IP works just fine as well. It's just telnet(and ftp) which are having problems.
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
and also, make sure the clients are assigned a valid FQDN, look in winipcfg.

if the hostname isnt "hostname.domain.topdomain" it isnt a valid FQDN (unless it is hostname.localdomain).

In other words

gonzo.mupp.net is valid
gonzo.mupp isnt valid
gonzo isnt valid
gonzo.localdomain is valid but should be avoided.
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
Also the order of the name lookup is hosts/DNS I've tried changing this around, without any luck. What else should I check
0
 
LVL 12

Accepted Solution

by:
j2 earned 120 total points
Comment Utility
"As I've said, simply pinging the server from any of the clients(either through hostname or IP) works just fine. Also, pinging any of the clients either through hostname or IP works just fine as well"  ICMP will take any name combination, but with ftp and telnet the system will try to make a revese DNS, which much match what the client is transmitting, and in some cases it also waits for an ident response.

And yes, "machinename.domainname.domainname."  is invalid.
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
oh, to comment on my post as of 06:15.

"And even with a valid domain name in the output of winipcfg, that FQDN _must_ match what you can obtain from DNS"
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
Sorry, postings must have crossed. I'm not quite clear on your last comment. Are you still talking about /etc/hosts or rather the DNS database.  It seems to me the DNS database has some problems. Putting an entry in /etc/hosts fixes the problem, but only locally, and I don't want to have to do this to each machine.
The problem may be occuring due to the fact that the computer has two different netcards, therefore two different hostnames and two differenet IP's. Digging around with linuxconf under the network settings. I can see that under "Basic Host Information" there are two eth devices set up, however the second(which is the one having the problems) does not have a module. How is this possible, since net traffic is going through this card?
Secondly under the host names for both adapters(eth0 and eth1) the name was the same. I've changed it for the local one to be the ones that the local clients recognize, however it's still the same problem. Could this have anything to do with it?
Thanks
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
Yep, two devices with the same name on the same subnet will cause all sorts of havoc. BUT regardless of how you do it, you must achive a consistent name resolution across all involved components.

"How is this possible, since net traffic is going through this card?" look in /etc/conf.modules, it is prolly an alias, i guess that both cards uses the same driver?
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
Adjusted points from 100 to 120
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
I don't know how "machinename.domainname.domainname." got in there, but it's what caused this whole mess. I think it must have been linuxconf somewhere along the way. I know I didn't change it manually.
Thanks for all your help
0
 
LVL 12

Expert Comment

by:j2
Comment Utility
Most likely.. Lconf does funky things at times, are you running a current version?

Anyway, glad it's working.
0
 
LVL 3

Author Comment

by:tibori
Comment Utility
It hadn't been, so I just did(upgrade to 1.17r10. Hopefully this'll avoid future problems.
Thanks again
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now