Solved

Lan

Posted on 2003-10-28
34
724 Views
Last Modified: 2013-11-13
Hello,

I have made a lan here consisting of 2 computers both running Redhat 9.0.  They are both connected to a Netgear switch/router.  They both have access to the net with their ip's assigned using dhcp.  Each machine can ping the other.  But I cannot connect the two by ftp or telnet.  I want to get these working before I use ssh.

The services are installed in
/etc/services
However, when I run setup to aallow trusterd devices and ports the settings are not saved.  Hence the machines ping each other but I cannot ftp.  Can anyone help?


Also, the router assigns each ethernet card a lan ip.  May I use these so external machines can see me.  This is because I eventually want to cross-mount with machines at work.  Otherwise I am going to not specify my ip in the /etc/exports file in the server at work.


Gavin
0
Comment
Question by:mbpssgms
  • 16
  • 15
  • 3
34 Comments
 
LVL 5

Expert Comment

by:willy134
ID: 9634486
Do you have the redhat firewall running?
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9634923
when you say a lan ip, you mean private 10.X.X.X or 192.168.X.X? If so, you will not be able to directly acces them from the office, but you should be able to port forward to them

If both of your machines have IPs provided by your ISP then yes, unless the router is set to block it you should be able to.
0
 

Author Comment

by:mbpssgms
ID: 9640882
Yes, my ip set by the router is

192.168.xxx.xxx

How do I designate a port?

Yes, there is a firewall running; it is the high class.  I cannot seem to stop this, what next?

0
 

Author Comment

by:mbpssgms
ID: 9641362
Hello things have changed slightly.  
I no longer need to crossmount with work.  But, I do need to use VNC.

How do I configure the 2 machines to use this?

Also I still need to ssh between my lan machines.  

Gavin
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9642021
VNC from your home machine to the office machines?  That should be alright

ssh between the two machines on your end should not be a problem.

What happens when you ftp/telnet/ssh from machine A to B?
0
 

Author Comment

by:mbpssgms
ID: 9642879
When I try to ftp I get 'connection refused'.
Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9643927
that usually indicates a firewall running or the service is not started.

What if you try

ftp localhost

from the machine running the ftp server?
0
 

Author Comment

by:mbpssgms
ID: 9644328
Here's the result:

 ftp localhost
ftp: connect: Connection refused


Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9645513
ftp does not appear to be started.

ps -auxx | grep ftpd

if you get nothign we have a problem.

the directory:  /etc/xinetd.d/  should have files to edit to turn on/off the services, look for the ftpd file and edit it so disable = no

then restart the xinetd daemon,


/etc/init.d/xinetd restart
0
 

Author Comment

by:mbpssgms
ID: 9649526
Hi, results:


 ps -auxx | grep ftpd
root     15547  0.0  0.0  3576  636 pts/0    S    13:40   0:00 grep ftpd

I had already enabled telnet this is what I get:

telnet: connect to address 192.168.0.3: Connection refused

I don't see a file in which I can enable ftp.

I think it all has something to do with me not being able to allow these through the firewall in setup.

Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9650360
lets check that fireall

/sbin/iptables -L

it will probably be fairly long, sorry
0
 

Author Comment

by:mbpssgms
ID: 9650491
Here's the result:

 /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  ns1-edi.blueyonder.net  anywhere           udp spt:domain
ACCEPT     udp  --  ns1-udd.blueyonder.net  anywhere           udp spt:domain
ACCEPT     udp  --  ns1-gat.blueyonder.net  anywhere           udp spt:domain
REJECT     tcp  --  anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp reject-with icmp-port-unreachable


Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9650755
what machine is that from? and can you paste the same thing from the other machine?
0
 
LVL 5

Expert Comment

by:willy134
ID: 9651050
Don't mess with iptables unless you are sure of what you are doing.

Redhat provides a firewall tool it is
redhat-config-securitylevel

this should ask you for your root password.  You should then make sure that you allow ssh and the other services you want.

Good luck,
Brian
0
 
LVL 5

Expert Comment

by:willy134
ID: 9651058
This is most likely caused by the security setting chosen at install
more info here

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/install-guide/s1-firewallconfig.html
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9651142
iptables are fairly easy to understand, although granted you have to be careful or you can inconvenience yourself
0
 

Author Comment

by:mbpssgms
ID: 9652335
Indeed Willy 134,

I allowed ftp, telnet and ssh.  These changes remained.  But I still get connection refused.  May this be due to fwall on high, although I trusted the protocols?

Gav.

ps

The ip tables are concerned with routing which all seems ok.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 9

Expert Comment

by:majorwoo
ID: 9652475
did u select a trusted device when setting it to high?
0
 

Author Comment

by:mbpssgms
ID: 9656662
Yes, I selected eth0, my ethernet card.  I assume this lets the card allow traffic?

What next?

Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9657872
if you have selected eth0 as a trusted device, it should allow all traffic in/out eth0

I am however a little concerned that ps -auxx | grep ftp didn't find anything - this would of get a connection refused as no service is listening on the port.  You may not have a ftp server installed, I believe you said you have telnet server installed, you saw a file for telnet and changed disable to no right? If you restart then are you able to telnet to the machine?  telnet localhost

If the ultimate goal is SSH don't bother installing any of these things, just install the ssh packages and we will go from there.
0
 

Author Comment

by:mbpssgms
ID: 9658841
Quite right, but this is the first time I have used/installed it.  I think it installed, so as far as I understand I generate a key, put it in a file and things work.  Will you direct me pls?
Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9659081
Under redhat the rpm's are called

openssh
and
openssh-server

in theory if you do not have them (check first)
rpm -qa | grep ssh

you can install them with up2date via up2date openssh openssh-server

but i have never done it that way, I have always just done the rpms:

ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-3.5p1-6.i386.rpm
ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-server-3.5p1-6.i386.rpm
ftp://194.199.20.114/linux/redhat/9/en/os/i386/RedHat/RPMS/openssh-clients-3.5p1-6.i386.rpm

Once you download them, become root:

su -
<enter password>

#then install them
cd /tmp/    #wherever you put them
rpm -Uvh openssh*.rpm

#make sure it is set to start on boot
chkconfig sshd on

#start them
service sshd start

The server will gen the keys and get you setup.  Assuming you make a connection from inside your local network on eth0 which you have marked trusted you should then be able to ssh to the machine.  You can try ssh localhost  to see how it goes.  Let me know.  

You usually connect using a name/password just like telnet or ftp, but they are sent encrypted which makes them so much nicer.  You also have the ability to exchange keys with machine so they you can ssh to them with or without a password  -- i have never done it that way, but there are some pretty good docs.

I will be leaving town for the weekend, so if we don't get finished in the next few hours I may not be back on till Sunday night/Monday
0
 

Author Comment

by:mbpssgms
ID: 9659965
majorwoo,
Fantastic it worked!  I logged on as me and it now assumes I always logon as me.  How do I logon as another user and can you send a link to a sight for useful commands, eg I don't know how to transfer stuff.  Also. will ssh allow gui to be used or do I need vnc for this?

Excellent, thanks...
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9660098
you can either logoff and logon as another user, or just become them in a shell if it's only a temporary thing

su - username

and enter their password, like we did with root earlier to install the rpm's

What kind of commands are you looking for? General linux, or ssh stuff?
to use sftp you just:

sftp username@hostname
<enter password>
put filename
get filename

same as you would an ftp client.

sftp is very good also, it's an ftp client that is secure like ssh and doesn't deal with the ftp firewall passive problems that plague so many of us.  

As for an ssh GUI the only one i have used is http://www.pingx.net/secpanel/secpanel-0.41-1.i386.rpm
which is pretty nice.
0
 

Author Comment

by:mbpssgms
ID: 9662542
The commands were for file transfer with ssh, is this the same as ftp?  I downloaded the software you suggested for gui, how do I implement it?

I found from the man page to logon as a different user I use
ssh -l username
That is what I was after there.  

Will ssh allow me to logon to any machine with it as long as I have a valid username, or do I need to tell the system the client ip and if so how's this work with dhcp?

Thanks,
Gav.
0
 

Author Comment

by:mbpssgms
ID: 9662652
Hello again,

I have just been reading abou sftp.  I have anwsered my own question about this.  But, do you need ssh installed to be able to use sftp?  My other q remains.

Gav.
0
 

Author Comment

by:mbpssgms
ID: 9665742
Majorwoo,
I have just tried to ssh to a sg at work.  I receive 'port 23 connection refused'.  I guess this anwsers my q.  What do I need to do bearing in mind I use dhcp?

Gav.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9668041
sorry, i just got back in town.

Yes those commands for sftp are the same as ftp

To use the rpm, just install it:

rpm -Uvh secpanel-0.41-1.i386.rpm

and then to run it

/usr/local/bin/secpanel

It will add a gui frontend to ssh, useful for sftp as you can click and transfer files like some ftp clients

And yes, you can login to any machine with any account you have by using ssh -l username machinename, otherwise it will default to using the name you are currently logged in as.  For sftp it's slightly different, you use sftp username@machinename

Yes, in order to use sftp you need ssh installed, and as for the port 23 conection refused you may not have ssh installed on that machine, or the firewall on it could be blocking you.  Check that SSH is installed and started on that machine (login into the machine and try ssh localhost and see where you get)
0
 

Author Comment

by:mbpssgms
ID: 9669784
Majorwoo,
Hi,
The gui I refered to was to enable me to set the display to enable me to run progs remotly.  Ssh does this  automatically, thanks anyway.

When I sftp do I need to set binary mode for bn transfer?  If so what's the command?

I tried ssh localhost on the sgi I wanted to use, but 'unknown command'.  I was assured ssh was on.  May it be a different ver of ssh.  Also how do I go about setting up ssh on sg's, or is this best left for another q?

Many thanks,
hope your trip was a success
Gavin.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9670987
on sg's if you are sure ssh is not installed, it's probably not in the path.  I do not know where the binary for ssh is installed on them, you may have to look for it, brute force method unless you know another way:

find / -depth -name ssh

There are more elegant ways I am sure, but I'm not much of an sgi person.  The GUI will also give you a graphical sftp client, to allow you to click which files to transfer - I don't use it to be honest, but I thought you might when you asked for one.

As for sftp and binary mode, there is no binary/text file transfer mode. All files are transferred in binary mode.
0
 

Author Comment

by:mbpssgms
ID: 9671135
You have been most helpful, majorwoo.  I cannot get my remote printer to work here, would you prefer me to add the points to this q, or submit a new q?

Gavin
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9671438
I think EE prefers seperate questions so that people searching can find things based on the titles.

Why don't you start another one and leave me a URL here in case I miss it?
0
 

Author Comment

by:mbpssgms
ID: 9672074
0
 
LVL 9

Accepted Solution

by:
majorwoo earned 300 total points
ID: 9672478
you got the wrong link, but I found you:

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20786320.html

Don't forget to accept an answer here to close this question.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now