Lan

Hello,

I have made a lan here consisting of 2 computers both running Redhat 9.0.  They are both connected to a Netgear switch/router.  They both have access to the net with their ip's assigned using dhcp.  Each machine can ping the other.  But I cannot connect the two by ftp or telnet.  I want to get these working before I use ssh.

The services are installed in
/etc/services
However, when I run setup to aallow trusterd devices and ports the settings are not saved.  Hence the machines ping each other but I cannot ftp.  Can anyone help?


Also, the router assigns each ethernet card a lan ip.  May I use these so external machines can see me.  This is because I eventually want to cross-mount with machines at work.  Otherwise I am going to not specify my ip in the /etc/exports file in the server at work.


Gavin
mbpssgmsAsked:
Who is Participating?
 
majorwooCommented:
you got the wrong link, but I found you:

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20786320.html

Don't forget to accept an answer here to close this question.
0
 
willy134Commented:
Do you have the redhat firewall running?
0
 
majorwooCommented:
when you say a lan ip, you mean private 10.X.X.X or 192.168.X.X? If so, you will not be able to directly acces them from the office, but you should be able to port forward to them

If both of your machines have IPs provided by your ISP then yes, unless the router is set to block it you should be able to.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
mbpssgmsAuthor Commented:
Yes, my ip set by the router is

192.168.xxx.xxx

How do I designate a port?

Yes, there is a firewall running; it is the high class.  I cannot seem to stop this, what next?

0
 
mbpssgmsAuthor Commented:
Hello things have changed slightly.  
I no longer need to crossmount with work.  But, I do need to use VNC.

How do I configure the 2 machines to use this?

Also I still need to ssh between my lan machines.  

Gavin
0
 
majorwooCommented:
VNC from your home machine to the office machines?  That should be alright

ssh between the two machines on your end should not be a problem.

What happens when you ftp/telnet/ssh from machine A to B?
0
 
mbpssgmsAuthor Commented:
When I try to ftp I get 'connection refused'.
Gav.
0
 
majorwooCommented:
that usually indicates a firewall running or the service is not started.

What if you try

ftp localhost

from the machine running the ftp server?
0
 
mbpssgmsAuthor Commented:
Here's the result:

 ftp localhost
ftp: connect: Connection refused


Gav.
0
 
majorwooCommented:
ftp does not appear to be started.

ps -auxx | grep ftpd

if you get nothign we have a problem.

the directory:  /etc/xinetd.d/  should have files to edit to turn on/off the services, look for the ftpd file and edit it so disable = no

then restart the xinetd daemon,


/etc/init.d/xinetd restart
0
 
mbpssgmsAuthor Commented:
Hi, results:


 ps -auxx | grep ftpd
root     15547  0.0  0.0  3576  636 pts/0    S    13:40   0:00 grep ftpd

I had already enabled telnet this is what I get:

telnet: connect to address 192.168.0.3: Connection refused

I don't see a file in which I can enable ftp.

I think it all has something to do with me not being able to allow these through the firewall in setup.

Gav.
0
 
majorwooCommented:
lets check that fireall

/sbin/iptables -L

it will probably be fairly long, sorry
0
 
mbpssgmsAuthor Commented:
Here's the result:

 /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  ns1-edi.blueyonder.net  anywhere           udp spt:domain
ACCEPT     udp  --  ns1-udd.blueyonder.net  anywhere           udp spt:domain
ACCEPT     udp  --  ns1-gat.blueyonder.net  anywhere           udp spt:domain
REJECT     tcp  --  anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp reject-with icmp-port-unreachable


Gav.
0
 
majorwooCommented:
what machine is that from? and can you paste the same thing from the other machine?
0
 
willy134Commented:
Don't mess with iptables unless you are sure of what you are doing.

Redhat provides a firewall tool it is
redhat-config-securitylevel

this should ask you for your root password.  You should then make sure that you allow ssh and the other services you want.

Good luck,
Brian
0
 
willy134Commented:
This is most likely caused by the security setting chosen at install
more info here

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/install-guide/s1-firewallconfig.html
0
 
majorwooCommented:
iptables are fairly easy to understand, although granted you have to be careful or you can inconvenience yourself
0
 
mbpssgmsAuthor Commented:
Indeed Willy 134,

I allowed ftp, telnet and ssh.  These changes remained.  But I still get connection refused.  May this be due to fwall on high, although I trusted the protocols?

Gav.

ps

The ip tables are concerned with routing which all seems ok.
0
 
majorwooCommented:
did u select a trusted device when setting it to high?
0
 
mbpssgmsAuthor Commented:
Yes, I selected eth0, my ethernet card.  I assume this lets the card allow traffic?

What next?

Gav.
0
 
majorwooCommented:
if you have selected eth0 as a trusted device, it should allow all traffic in/out eth0

I am however a little concerned that ps -auxx | grep ftp didn't find anything - this would of get a connection refused as no service is listening on the port.  You may not have a ftp server installed, I believe you said you have telnet server installed, you saw a file for telnet and changed disable to no right? If you restart then are you able to telnet to the machine?  telnet localhost

If the ultimate goal is SSH don't bother installing any of these things, just install the ssh packages and we will go from there.
0
 
mbpssgmsAuthor Commented:
Quite right, but this is the first time I have used/installed it.  I think it installed, so as far as I understand I generate a key, put it in a file and things work.  Will you direct me pls?
Gav.
0
 
majorwooCommented:
Under redhat the rpm's are called

openssh
and
openssh-server

in theory if you do not have them (check first)
rpm -qa | grep ssh

you can install them with up2date via up2date openssh openssh-server

but i have never done it that way, I have always just done the rpms:

ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-3.5p1-6.i386.rpm
ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-server-3.5p1-6.i386.rpm
ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-clients-3.5p1-6.i386.rpm

Once you download them, become root:

su -
<enter password>

#then install them
cd /tmp/    #wherever you put them
rpm -Uvh openssh*.rpm

#make sure it is set to start on boot
chkconfig sshd on

#start them
service sshd start

The server will gen the keys and get you setup.  Assuming you make a connection from inside your local network on eth0 which you have marked trusted you should then be able to ssh to the machine.  You can try ssh localhost  to see how it goes.  Let me know.  

You usually connect using a name/password just like telnet or ftp, but they are sent encrypted which makes them so much nicer.  You also have the ability to exchange keys with machine so they you can ssh to them with or without a password  -- i have never done it that way, but there are some pretty good docs.

I will be leaving town for the weekend, so if we don't get finished in the next few hours I may not be back on till Sunday night/Monday
0
 
mbpssgmsAuthor Commented:
majorwoo,
Fantastic it worked!  I logged on as me and it now assumes I always logon as me.  How do I logon as another user and can you send a link to a sight for useful commands, eg I don't know how to transfer stuff.  Also. will ssh allow gui to be used or do I need vnc for this?

Excellent, thanks...
0
 
majorwooCommented:
you can either logoff and logon as another user, or just become them in a shell if it's only a temporary thing

su - username

and enter their password, like we did with root earlier to install the rpm's

What kind of commands are you looking for? General linux, or ssh stuff?
to use sftp you just:

sftp username@hostname
<enter password>
put filename
get filename

same as you would an ftp client.

sftp is very good also, it's an ftp client that is secure like ssh and doesn't deal with the ftp firewall passive problems that plague so many of us.  

As for an ssh GUI the only one i have used is http://www.pingx.net/secpanel/secpanel-0.41-1.i386.rpm
which is pretty nice.
0
 
mbpssgmsAuthor Commented:
The commands were for file transfer with ssh, is this the same as ftp?  I downloaded the software you suggested for gui, how do I implement it?

I found from the man page to logon as a different user I use
ssh -l username
That is what I was after there.  

Will ssh allow me to logon to any machine with it as long as I have a valid username, or do I need to tell the system the client ip and if so how's this work with dhcp?

Thanks,
Gav.
0
 
mbpssgmsAuthor Commented:
Hello again,

I have just been reading abou sftp.  I have anwsered my own question about this.  But, do you need ssh installed to be able to use sftp?  My other q remains.

Gav.
0
 
mbpssgmsAuthor Commented:
Majorwoo,
I have just tried to ssh to a sg at work.  I receive 'port 23 connection refused'.  I guess this anwsers my q.  What do I need to do bearing in mind I use dhcp?

Gav.
0
 
majorwooCommented:
sorry, i just got back in town.

Yes those commands for sftp are the same as ftp

To use the rpm, just install it:

rpm -Uvh secpanel-0.41-1.i386.rpm

and then to run it

/usr/local/bin/secpanel

It will add a gui frontend to ssh, useful for sftp as you can click and transfer files like some ftp clients

And yes, you can login to any machine with any account you have by using ssh -l username machinename, otherwise it will default to using the name you are currently logged in as.  For sftp it's slightly different, you use sftp username@machinename

Yes, in order to use sftp you need ssh installed, and as for the port 23 conection refused you may not have ssh installed on that machine, or the firewall on it could be blocking you.  Check that SSH is installed and started on that machine (login into the machine and try ssh localhost and see where you get)
0
 
mbpssgmsAuthor Commented:
Majorwoo,
Hi,
The gui I refered to was to enable me to set the display to enable me to run progs remotly.  Ssh does this  automatically, thanks anyway.

When I sftp do I need to set binary mode for bn transfer?  If so what's the command?

I tried ssh localhost on the sgi I wanted to use, but 'unknown command'.  I was assured ssh was on.  May it be a different ver of ssh.  Also how do I go about setting up ssh on sg's, or is this best left for another q?

Many thanks,
hope your trip was a success
Gavin.
0
 
majorwooCommented:
on sg's if you are sure ssh is not installed, it's probably not in the path.  I do not know where the binary for ssh is installed on them, you may have to look for it, brute force method unless you know another way:

find / -depth -name ssh

There are more elegant ways I am sure, but I'm not much of an sgi person.  The GUI will also give you a graphical sftp client, to allow you to click which files to transfer - I don't use it to be honest, but I thought you might when you asked for one.

As for sftp and binary mode, there is no binary/text file transfer mode. All files are transferred in binary mode.
0
 
mbpssgmsAuthor Commented:
You have been most helpful, majorwoo.  I cannot get my remote printer to work here, would you prefer me to add the points to this q, or submit a new q?

Gavin
0
 
majorwooCommented:
I think EE prefers seperate questions so that people searching can find things based on the titles.

Why don't you start another one and leave me a URL here in case I miss it?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.