• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Can't FTP or TELNET to a machine

We have a gateway machine that's used as the DNS server, router and firewall for our LAN. It has two ethernet cards(eth0 and eth1) One(eth1) is local the other is to the outside(eth0). We have a firewall to the outside. On this same machine I installed dhcp2.0.5 rpm(which works just fine), but soon after I did I couldn't telnet or ftp to this machine...at least not locally(through eth1). If I telnet to the outside and then try to telnet back in it works just fine. To me it looks like a firewall problem, yet it shouldn't be since I didn't change any firewall settings. What i did do wrong is put in this machine's IP address in the range of addresses for the DHCP server. I suspect this did something, I don't know what. After that I tried removing the dhcp package, which incidentally caused problems in linuxconf, but that's all been resolved.
PLEASE HELP.
0
tibori
Asked:
tibori
  • 11
  • 10
1 Solution
 
j2Commented:
Uhm, whats the exact error when trying to telnet? Does it just "hang" there? If so it is most likely since it cannt find the Reverse DNS of the client. modify your /etc/hosts and add the name / IP of all your clients (and the server itself) like this

192.168.0.254   gw.mupp.net
192.168.0.100   gonzo.mupp.net

add a line like this for ALL systems and try again.

0
 
j2Commented:
(but of cource replace the names / ip's of the systems)

The way i handle this in my home network is to run a DNS, and then have dhcpd collect the config from there, works like a charm, and keeps the name resolution consitent.
0
 
tiboriAuthor Commented:
I does just hang there and then it comes up with "Connection closed by foreign host" after about 10sec or so. I'll try your suggestion, but I'm still wondering what could've happened. I can only try by next Monday so I'll get back to you then.
Thanks
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
j2Commented:
it MIGHT also try to obtain a IDENT reply.
0
 
SokkaCommented:
You have set the route of the clients from where u access
using route add command
0
 
tiboriAuthor Commented:
sokka: The clients already have a route to the server which they can't reach. Also the server has a route to the LAN, which has not been changed. Also like I said, I can ping it I just can't FTP or TELNET. Seems pretty strange to me.
0
 
tiboriAuthor Commented:
j2: I've tried your suggested answer, and it gotten me to the point where I can telnet to that machine(only from itself) to either of its 2 hostnames, which I guess is progress. However the other clients on the inside, still can't telnet or ftp. I've checked the nameserver database as well, but I can't find problems there either.
Anything else I may be missing?
Thanks
0
 
tiboriAuthor Commented:
I'm sorry looks like you said "add it for ALL the systems" Well I can't really do that considering that most of the clients are Windoze ones. Anyhow, I'd like to figure out what happened with the original configuration where adding these names wasn't necessary.
Thanks
0
 
j2Commented:
the linux HAS to be able to do a reverse DNS between IP and hostname of the clients, and since you are using DHCP to assign the IP's for the clients, this will get cumbersome, but it really has to be done.

I would guess that the FQDN of the linux changed when it was using dhcp, and the problem lies there.
0
 
tiboriAuthor Commented:
j2: Thanks for the quick reply. I am only using DHCP for certain IP's, for mobile users that do not overlap with any servers or the static clients which exist on the network. However I did make that mistake I mentioned above in including this specific server under the range of DHCP addresses, which is where the problem started. I've since removed it(made the range smaller) however the problem still exists. BTW how can I change the FQDN back. I've looked at my named databases but they all look normal.
P.S. I've already tried shutting down the DHCP daemon and trying it that way, but it still fails. Looks like something permanent somewhere changed.
Thanks
0
 
j2Commented:
i was refering to the FQDN of the server. If you do a reverse DNS of the servers IP, does it match what is in the DNS _exactly_?
0
 
tiboriAuthor Commented:
Not exactly. It's very interesting actually. On the server under var/named/ db.x.x.x which has the declarations for the local IP addresses the complete host
names are defined as "machinename.domainname.domainname." instead of machinename.domainname.com" which I guess is correct? Anyways, trying to do a reverse DNS from the client gives this address instead of the .com address. As I've said, simply pinging the server from any of the clients(either through hostname or IP) works just fine. Also, pinging any of the clients either through hostname or IP works just fine as well. It's just telnet(and ftp) which are having problems.
0
 
j2Commented:
and also, make sure the clients are assigned a valid FQDN, look in winipcfg.

if the hostname isnt "hostname.domain.topdomain" it isnt a valid FQDN (unless it is hostname.localdomain).

In other words

gonzo.mupp.net is valid
gonzo.mupp isnt valid
gonzo isnt valid
gonzo.localdomain is valid but should be avoided.
0
 
tiboriAuthor Commented:
Also the order of the name lookup is hosts/DNS I've tried changing this around, without any luck. What else should I check
0
 
j2Commented:
"As I've said, simply pinging the server from any of the clients(either through hostname or IP) works just fine. Also, pinging any of the clients either through hostname or IP works just fine as well"  ICMP will take any name combination, but with ftp and telnet the system will try to make a revese DNS, which much match what the client is transmitting, and in some cases it also waits for an ident response.

And yes, "machinename.domainname.domainname."  is invalid.
0
 
j2Commented:
oh, to comment on my post as of 06:15.

"And even with a valid domain name in the output of winipcfg, that FQDN _must_ match what you can obtain from DNS"
0
 
tiboriAuthor Commented:
Sorry, postings must have crossed. I'm not quite clear on your last comment. Are you still talking about /etc/hosts or rather the DNS database.  It seems to me the DNS database has some problems. Putting an entry in /etc/hosts fixes the problem, but only locally, and I don't want to have to do this to each machine.
The problem may be occuring due to the fact that the computer has two different netcards, therefore two different hostnames and two differenet IP's. Digging around with linuxconf under the network settings. I can see that under "Basic Host Information" there are two eth devices set up, however the second(which is the one having the problems) does not have a module. How is this possible, since net traffic is going through this card?
Secondly under the host names for both adapters(eth0 and eth1) the name was the same. I've changed it for the local one to be the ones that the local clients recognize, however it's still the same problem. Could this have anything to do with it?
Thanks
0
 
j2Commented:
Yep, two devices with the same name on the same subnet will cause all sorts of havoc. BUT regardless of how you do it, you must achive a consistent name resolution across all involved components.

"How is this possible, since net traffic is going through this card?" look in /etc/conf.modules, it is prolly an alias, i guess that both cards uses the same driver?
0
 
tiboriAuthor Commented:
Adjusted points from 100 to 120
0
 
tiboriAuthor Commented:
I don't know how "machinename.domainname.domainname." got in there, but it's what caused this whole mess. I think it must have been linuxconf somewhere along the way. I know I didn't change it manually.
Thanks for all your help
0
 
j2Commented:
Most likely.. Lconf does funky things at times, are you running a current version?

Anyway, glad it's working.
0
 
tiboriAuthor Commented:
It hadn't been, so I just did(upgrade to 1.17r10. Hopefully this'll avoid future problems.
Thanks again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now