Solved

Connectino refused in Linux

Posted on 2001-07-19
18
240 Views
Last Modified: 2010-03-18
I set up linux Red Hat 6.2 straight out of a box.  I didn't enable any security (that I know of anyway).

The problem is that I can't connect to it from anything else.  I can connect to everybody else on the lan with ftp, telnet, ssh etc but nobody can connect to me.  The only inbound connections I've ever got is when somebody pings me or when I run an X-windows application on another machine.

Why does everybody else get connection refused when trying to connect to any of my ports (except X port and 21)?

More importantly how do I disable all security and let all my ports be open.  The lan is firewalled.

Thanks
St John Hawke
0
Comment
Question by:stjohnhawke
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
check /etc/hosts.{allow,deny}
0
 
LVL 3

Expert Comment

by:tdaoud
Comment Utility

If the lan is firewalled, check to see if the firewall is allowing things to bypass to your machine first.

Then on your linux box check /etc/inetd.conf to enable the lines you would like to activate, for example telnet, ftp, talk, ...etc.

To enable the line remove the first comment mark "#" infront of the line.  You should be looking for lines that start with the service you want (telnet, ftp, ...etc).

Good Luck,

Tarik
0
 
LVL 4

Expert Comment

by:MFCRich
Comment Utility
The default for RH6.2 is wide open (no ipchains rules and empty hosts{deny,allow} files. Other than that, I think tdaoud is probably on the right track. Make sure inetd is started at boot time as well.
0
 

Author Comment

by:stjohnhawke
Comment Utility
Ok guys I did maunally create an inetd.conf file in /etc with ftp and telnet etc but still no luck.

I also made sure hosts.deny was empty and that hosts.allow had ALL:ALL in it.

I did a "ps -ef | grep inetd" and got nothing. I don't think it is running.
I can't even find inetd (ie find / -name inetd), where is it?

I think the complete absence of the inet daemon is my problem, shouldn't it have been installed by deafult?

Finally If I have no inetd running (or even anywhere on the machine) why can people ping me? Is it because inetd deals with TCP and ping is ICMP or what?

St John Hawke

NB I have root access and what I meant about the firewalling is that the LAN NOT my machine is firewalled so leaving my box wide open would not be a problem.
0
 

Author Comment

by:stjohnhawke
Comment Utility
Ok guys I did maunally create an inetd.conf file in /etc with ftp and telnet etc but still no luck.

I also made sure hosts.deny was empty and that hosts.allow had ALL:ALL in it.

I did a "ps -ef | grep inetd" and got nothing. I don't think it is running.
I can't even find inetd (ie find / -name inetd), where is it?

I think the complete absence of the inet daemon is my problem, shouldn't it have been installed by deafult?

Finally If I have no inetd running (or even anywhere on the machine) why can people ping me? Is it because inetd deals with TCP and ping is ICMP or what?

St John Hawke

NB I have root access and what I meant about the firewalling is that the LAN NOT my machine is firewalled so leaving my box wide open would not be a problem.
0
 
LVL 3

Expert Comment

by:tdaoud
Comment Utility

if you don;t have an inetd running on RH 6.2 then that is definitly your problem.

As you said telnet, ftp, ..etc are more on the applicatio nlevel i nthe network layers and require inetd to spawn the proper daemons and so on, while pinging is more on the network layer and communicate with a lower level software that is built into TCP/Ip (inside the Kernel itself).

I don;t have RH 6.2 anymore since I upgraded to 7.1, but yo ushould be able to find the proper package in your RPMS and install.  I'm not sure about its name at this point.

Good Luck,

Tarik
0
 

Author Comment

by:stjohnhawke
Comment Utility
Ok guys I found inetd in a red hat rpm, installed it and ran it no luck.  I also cycled the box (the windows generic fix) but still no dice.

WHenever I try to telnet or ftp to the box I get :

FTP:
421 Service not available, remote server has closed the connection.

Telnet:
Connection refused by foreign host

I need rlogin, telnet, ftp and ports from 4000 - 9000 working, but I think the problem is all down to the same underlying issue.  How do I know if inetd is really working?

Here is a copy of netstat -a :

tcp        0      0 *:smtp                  *:*                     LISTEN      
tcp        0      0 *:printer               *:*                     LISTEN      
tcp        0      0 *:time                  *:*                     LISTEN      
tcp        0      0 *:login                 *:*                     LISTEN      
tcp        0      0 *:shell                 *:*                     LISTEN      
tcp        0      0 *:telnet                *:*                     LISTEN      
tcp        0      0 *:ftp                   *:*                     LISTEN      
tcp        0      0 *:auth                  *:*                     LISTEN      

and here is a copy of my /etc/inetd.conf

ftp     stream     tcp     nowait.50     root     /usr/sbin/tcpd     in.ftpd -l -a
telnet     stream     tcp     nowait.50     root     /usr/sbin/tcpd     in.telnetd
shell     stream     tcp     nowait.50     root     /usr/sbin/tcpd     in.rshd
login     stream     tcp     nowait.50     root     /usr/sbin/tcpd     in.rlogind
talk     dgram     udp     wait.50     root     /usr/sbin/tcpd     in.talkd
ntalk  dgram  udp  wait   root   /usr/sbin/tcpd       in.ntalkd
time   stream tcp  nowait nobody /usr/sbin/tcpd       in.timed
auth   stream tcp  nowait nobody /usr/sbin/in.identd  in.identd -l -e -o


I'm kicking the points up to 300....

St John Hawke
0
 
LVL 3

Expert Comment

by:tdaoud
Comment Utility

Check now if you have inetd running by such command as

ps ax | grep inetd

If it is, then did you get an /etc/inetd.conf file after you installed inetd or you are still using something you put?

Do you have the file /usr/sbin/tcpd which is called when you telnet or ftp for example?  If not yo uneed to check on it and install it also from another RPM maybe.

Let us know how it goes and good luck,

Tarik
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. and require inetd to spawn the proper daemons and so on ..

Nonesense. Sorry.
You even may start telnetd or ftpd for example as normal process, they are programmed to work as daemon and listen
on the configured ports for traffic.

As we can see in the postings from stjohnhawke inetd is running and has spawned the processes for telnet and ftp (see result of netstat). ps won't show these processes, 'cause they're are only started on demand, means when you try to connect to them.

We also see
> Telnet:
> Connection refused by foreign host
This indicated that telnetd answerd from the remote machine. Otherwise you would have gotten a timeout anyhow.

So it's definitely that the remotehost does not allow connections, probably 'cause of wrong setup of the services.
You may simply prove if the service (ftpd, logind) answers, if you issue tcpdump like
   tcpdump -l -n host yourhostname and port 21
You'll see that traffic is in both directions.
If this is true, we can also be shure that there is no router or firewall problem (in the net) anyhow.

Please check the configuration for telnetd and ftpd or tcpd (/etc/hosts.{allow,deny} again.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Expert Comment

by:tdaoud
Comment Utility

ahoffmann,

We all know that you can run daemons by hand and as normal processes, but you do also agree with me that the other way to run such daemons is through inetd that will be responsible to listen and spawn the telnet daemon for examle once request for telnet comes in.  

So in the case we are talking about here, inetd is required to be running in order to listen and spawn.  Now if your point is that inetd is running or not...you may be right that it might be running rather than it is not, but as you agreed with me that other matters such as tcpd might not be properly configured or installed.

Tarik
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
Tarik, I'm picky, sometimes.
But telling people half the truth may confuse them if someone gives an answer/comment using another solution.
When talking about daemons, it might be a good idea to kill inetd, and start the required daemons manually. Just to avoid side effect (for example inted itself, or tcpd as in this example).
We both agree where to look for the problem, so make things as simple as possible, or: KISS - keep it small and simple :-)
Please apologies, it wasn't an offence.
0
 
LVL 3

Expert Comment

by:tdaoud
Comment Utility

I agree,

no offence at all from the beginning :-)

Tarik
0
 
LVL 28

Expert Comment

by:vinnyd79
Comment Utility

Have you installed the telnet-server rpm after installing the inetd rpm?
0
 
LVL 1

Expert Comment

by:magnakuz
Comment Utility
I've had the same problem before. I had to download xinetd and install the telnet daemon and ftp service.
After that I had no problems. (just make sure you don't have anying in your hosts.allow or hosts.deny in redhat 6.2)


Trying installing xinetd from

http://www.redhat.com/swr/i386/xinetd-2.1.8.8-0.9.i386.html

its a more secure replacement. I think its actually better in how its laid out as well (easier to modify and change).

0
 
LVL 1

Expert Comment

by:magnakuz
Comment Utility
I've had the same problem before. I had to download xinetd and install the telnet daemon and ftp service.
After that I had no problems. (just make sure you don't have anying in your hosts.allow or hosts.deny in redhat 6.2)


Trying installing xinetd from

http://www.redhat.com/swr/i386/xinetd-2.1.8.8-0.9.i386.html

its a more secure replacement. I think its actually better in how its laid out as well (easier to modify and change).

0
 

Author Comment

by:stjohnhawke
Comment Utility
Ok guys.  I fixed the problem.

Here is what was wrong.  I didn't have the in.telnetd or in.ftp or in.* etc. daemons installed.  The netstat -a just showed the inetd listening to those services.  When a connect was received there was no  in.* daemon to start and pass the request to.

Secondly when I did install the daemons still nothing worked.  This was because of /etc/securetty.  I didn't mention that I would be logging in to everything with root because only Linux seems to have security set against this by default.  Once the securetty file was nuked, everything became sweet.

Since nobody here seems to have really solved the problem (though there were some very interresting tips), I'll try some extra milage on it with this:

The points will go to the first person to show me how configure the /etc/securetty file so that it will accept root logins for telnet, rlogin and ftp.  "Solutions" like deleting the securetty file or renaming it are no good.  I want to figure out how the thing works.  At present I tried putting the word rlogin in the securetty file but that didn't work so I've renamed the securetty file so that it can never be checked and hence all root logins with all services work.
0
 
LVL 28

Expert Comment

by:vinnyd79
Comment Utility

just add the tty devices you want root to login to in
the securetty file.I would recommend using su to become root,rather than logging in as root.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
Comment Utility
AFAIK, /etc/securetty just contains (local) tty names, it is not used for rlogins. Therfore you need to setup ~.rhosts (or /.rhosts for user root).
Keep in mind that you never know which tty will be assigned for rlogin.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Veritas Asymmetric Cluster 2 340
linux dns for internal resolve 2 48
Linux SSH Error 9 68
How to Edit Files in Linux 6 91
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now