Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ftp, telnet running but can't connect from outside
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sat Jan 14, 2006 11:35 pm    Post subject: ftp, telnet running but can't connect from outside Reply with quote

Yesterday, my sshd were still running but when I use putty to ssh to my server from home, it just display a blank screen windows and immediately closed. Same thing applied to telnet and ftp (other users have this problem too it's not because of my network)

I went through the logfile and didn't find any suspecious (there is nothing indicated that sshd, telnet, ftpd were terminated or crashed). So I decided to restart sshd and xinetd.

Right now I can ssh to my server from home, but can't telnet or ftp. However, when I ssh to my server, and then use the commands to telnet or ftp within it, it work just fine. So is this some kind of problem with host access?? Is there anyway I can fix it?



My hosts.allow is already set to accept
sshd:ALL

PS: sorry for reposting it, but I think this one should go into this box


Last edited by Micz on Sun Jan 15, 2006 6:32 am; edited 1 time in total
Back to top
View user's profile Send private message
CptnObvious999
Apprentice
Apprentice


Joined: 19 Dec 2004
Posts: 292

PostPosted: Sun Jan 15, 2006 12:01 am    Post subject: Reply with quote

Is your home computer behind a router? If it is you have to find its local ip then use port forwarding then find your global ip then connect to that. You can find your local ip by starting ssh then using nmap to see which local ip has the ssh port open "nmap -sS 192.168.1.1-255" then you have to setup port forwarding in your routers admin control panel. It differs depending on your router so it should say in its manual.
BTW when you port forward port 22 is what ssh uses
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 12:27 am    Post subject: Reply with quote

It's not just my computer. Other users have the same kind of problem too.

The problem is that on yesterday; telnet, ftp or ssh are working, but ppl can't connect to my server using them (http is working though). Today, after restarting sshd & xinetd; ppl can ssh to my server, but when try to telnet, get this error message

Quote:

Connecting To *********...Could not open connection to the host, on port 23:
Connect failed


same thing with ftp. However, if I ssh to my server, then use the command "telnet" or "ftp", it work just fine. So I believe that somehow my server doesn't accept any connection from outside



Ps: I used all default ports for ssh, telnet, ftp
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 1:55 am    Post subject: Reply with quote

It appears to me that somehow my server doesn't accept any connection to port 23 (telnet) or 21(ftp) from outside (keep getting connection timed out)

So does it mean my portmap is crashed? Is there anyway I can fix it??

Ps: no firewall is running
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal

PostPosted: Sun Jan 15, 2006 2:44 am    Post subject: Reply with quote

To what is ListenAddress defined inside the /etc/ssh/sshd_config file?

Oh! Sorry. sshd works. I don't use telnet, but my guess is probably those programs are binding to some interfaces/port defined in some config file inside /etc.

Sorry for not being more helpful :(
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 3:29 am    Post subject: Reply with quote

It's nice to get some kind of response but yeah, sshd is working fine right now. I check the config file but nothing look suspecious (it worked before yesterday and no changes has been made)

I don't use telnet but have to let it run because this is an educational server and many students want to use telnet. Also, I hate it when I keep getting emails from users complain about not be able to use ftp to do the homework :(

Ps: java 1.5 is installed recently but was left as userVM only (serverVM still set using jdk 1.4.2.05). However, i just checked and somehow serverVM was changed to jdk 1.5.06. So maybe this is reason ?? But if it is, it doesnt make any sense to me :(
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal

PostPosted: Sun Jan 15, 2006 3:36 am    Post subject: Reply with quote

Could you state from which packages you got ftpd and telnetd daemon support.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 4:17 am    Post subject: Reply with quote

Um, sorry I have no idea :?:. Telnetd and ftpd was installed by another admin who stopped working long time ago. Right now I'm trying to re-emerge telnetd but get package conflict with another package

I also re-emerge ftpd with net-ftp/ftpd-0.17-r3, pure-ftpd with the lastest one from emerge but this doesn't help either :(
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal

PostPosted: Sun Jan 15, 2006 4:23 am    Post subject: Reply with quote

findnd your executable with the which command:
Code:
# which telnetd
/usr/bin/telnetd

then, use equery to find out to which package it belongs:
Code:
# equery f /usr/bin/telnetd

I guess the one-liner could be equery f `which telnetd`
To get equery, you must emerge gentoolkit.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 4:46 am    Post subject: Reply with quote

Thx a lot. Here this is what it shows

Code:

$ equery f /usr/bin/telnetd
[ Searching for packages matching ^[[01m/usr/bin/telnetd^[[39;49;00m... ]
!!! Invalid db entry: /var/db/pkg//x11-plugins
!!! Invalid db entry: /var/db/pkg//sys-kernel
!!! Invalid db entry: /var/db/pkg//dev-cpp
!!! Invalid db entry: /var/db/pkg//dev-php
!!! Invalid db entry: /var/db/pkg//www-apache
!!! Invalid db entry: /var/db/pkg//x11-base
!!! Invalid db entry: /var/db/pkg//x11-apps
!!! Invalid db entry: /var/db/pkg//x11-libs
!!! Invalid db entry: /var/db/pkg//x11-misc
!!! Invalid db entry: /var/db/pkg//www-client
!!! Invalid db entry: /var/db/pkg//dev-tcltk
!!! Invalid db entry: /var/db/pkg//sci-libs
!!! Invalid db entry: /var/db/pkg//x11-terms
!!! Invalid db entry: /var/db/pkg//app-admin
!!! Invalid db entry: /var/db/pkg//app-dicts
!!! Invalid db entry: /var/db/pkg//app-crypt
!!! Invalid db entry: /var/db/pkg//x11-themes
!!! Invalid db entry: /var/db/pkg//perl-core
!!! Invalid db entry: /var/db/pkg//gnome-base
!!! Invalid db entry: /var/db/pkg//mail-mta
!!! Invalid db entry: /var/db/pkg//sci-astronomy
!!! Invalid db entry: /var/db/pkg//app-arch
!!! Invalid db entry: /var/db/pkg//app-misc
!!! Invalid db entry: /var/db/pkg//app-text
!!! Invalid db entry: /var/db/pkg//net-firewall
!!! Invalid db entry: /var/db/pkg//app-portage
!!! Invalid db entry: /var/db/pkg//sys-devel
!!! Invalid db entry: /var/db/pkg//dev-db
!!! Invalid db entry: /var/db/pkg//kde-base
!!! Invalid db entry: /var/db/pkg//app-backup
!!! Invalid db entry: /var/db/pkg//mail-client
!!! Invalid db entry: /var/db/pkg//media-gfx
!!! Invalid db entry: /var/db/pkg//net-dns
!!! Invalid db entry: /var/db/pkg//net-ftp
!!! Invalid db entry: /var/db/pkg//net-nds
!!! Invalid db entry: /var/db/pkg//net-www
!!! Invalid db entry: /var/db/pkg//media-libs
!!! Invalid db entry: /var/db/pkg//mail-filter
!!! Invalid db entry: /var/db/pkg//mail-filter
!!! Invalid db entry: /var/db/pkg//www-servers
!!! Invalid db entry: /var/db/pkg//sys-process
!!! Invalid db entry: /var/db/pkg//sys-apps
!!! Invalid db entry: /var/db/pkg//sys-boot
!!! Invalid db entry: /var/db/pkg//sys-libs
!!! Invalid db entry: /var/db/pkg//app-emulation
!!! Invalid db entry: /var/db/pkg//sci-chemistry
!!! Invalid db entry: /var/db/pkg//net-fs
!!! Invalid db entry: /var/db/pkg//rox-base
!!! Invalid db entry: /var/db/pkg//net-libs
!!! Invalid db entry: /var/db/pkg//net-mail
!!! Invalid db entry: /var/db/pkg//net-misc
!!! Invalid db entry: /var/db/pkg//net-zope
!!! Invalid db entry: /var/db/pkg//net-print
!!! Invalid db entry: /var/db/pkg//x11-wm
!!! Invalid db entry: /var/db/pkg//dev-java
!!! Invalid db entry: /var/db/pkg//dev-lang
!!! Invalid db entry: /var/db/pkg//dev-libs
!!! Invalid db entry: /var/db/pkg//dev-perl
!!! Invalid db entry: /var/db/pkg//dev-ruby
!!! Invalid db entry: /var/db/pkg//dev-util
!!! Invalid db entry: /var/db/pkg//dev-python
!!! Invalid db entry: /var/db/pkg//app-editors
!!! Invalid db entry: /var/db/pkg//sys-fs
!!! Invalid db entry: /var/db/pkg//app-shells
!!! Invalid db entry: /var/db/pkg//media-fonts
!!! Invalid db entry: /var/db/pkg//media-sound
!!! Invalid db entry: /var/db/pkg//media-video
!!! Invalid db entry: /var/db/pkg//www-apps
!!! Invalid db entry: /var/db/pkg//gnome-extra
!!! Invalid db entry: /var/db/pkg//app-doc
!!! Invalid db entry: /var/db/pkg//app-sci
!!! Invalid db entry: /var/db/pkg//app-vim
!!! Invalid db entry: /var/db/pkg//media-plugins
!!! Invalid db entry: /var/db/pkg//net-analyzer


Samething for ftpd

So I decided to use nmap to scan my port, 21,23 are open but only allow internal access (getting connection timed out when connect from outside). I do not use any kind of firewall so how come it block outside access ??

Code:
cs root # nmap -sS ***********

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2006-01-14 20:49 PST
Interesting ports on******** (********):
(The 1648 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
143/tcp   open  imap
443/tcp   open  https
587/tcp   open  submission
993/tcp   open  imaps
10000/tcp open  snet-sensor-mgmt
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal

PostPosted: Sun Jan 15, 2006 4:57 am    Post subject: Reply with quote

awe man :( your manifest is borked. I don't know how to fix that, and surely the forum holds a solution.

It should have looked something like this: ... Well, what do you know. All my box have equery broken too. :D (and I have 3)

Try equery b ... instead. (croos fingers)
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal

PostPosted: Sun Jan 15, 2006 5:07 am    Post subject: Reply with quote

My mistake.

equery b file: Find to which package belong file
equery f packages: List all installed files belonging to package

Doing equery f file (which makes no sense) will cause that output.

Sorry :oops:
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 5:11 am    Post subject: Reply with quote

Code:

# equery b /usr/bin/telnetd
[ Searching for file(s) /usr/bin/telnetd in *... ]
# equery b /usr/bin/ftpd
net-ftp/ftpd-0.17-r3 (/usr/bin/ftpd)


net-ftp/ftpd-0.17-r3 (/usr/bin/ftpd) << is the newest ftpd that I just emerged. However, it doesn't solve the problem :(

Anyway, thx alot for all your help though. Hopefully someone can have someway to fix my problem :(
Back to top
View user's profile Send private message
jmbsvicetto
Moderator
Moderator


Joined: 27 Apr 2005
Posts: 4734
Location: Angra do Heroísmo (PT)

PostPosted: Sun Jan 15, 2006 6:13 am    Post subject: Reply with quote

Hi.

If you're using xinetd have you looked at the config in /etc/xinetd.conf and /etc/xinetd.d/*?
_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 6:25 am    Post subject: Reply with quote

/etc/xinetd.conf
Code:

# Sample configuration file for xinetd

defaults
{
        instances      = 60
        log_type       = SYSLOG authpriv info
        log_on_success = HOST PID
        log_on_failure = HOST
        cps            = 25 30
}

includedir /etc/xinetd.d


/etc/xinetd.d/ftp
Code:

# default: off
# $Header:
# description: The netkit ftp daemon with optional SSL support.

service ftp
{
        socket_type = stream
        protocol = tcp
        user = root
        server = /usr/bin/ftpd
        wait = no
        disable = yes
}


/etc/xinetd.d/telnetd
Code:

service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure += USERID
        disable         = no
}


Again, I didn't see anything wrong with these config files. Also right now the main problem is not with telnet since ppl can use ssh instead, but ftp isn't accept outside connection either :(.
Back to top
View user's profile Send private message
jmbsvicetto
Moderator
Moderator


Joined: 27 Apr 2005
Posts: 4734
Location: Angra do Heroísmo (PT)

PostPosted: Sun Jan 15, 2006 6:37 am    Post subject: Reply with quote

Micz wrote:

/etc/xinetd.d/ftp
Code:

service ftp
{
        socket_type = stream
        protocol = tcp
        user = root
        server = /usr/bin/ftpd
        wait = no
        disable = yes
}


I suggest you replace the disable = yes line with disable = no. That should help ftp get on its way.
I can't see anything with the telnet configuration that may prevent it from working. You're sure that you don't have iptables running?
_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 6:52 am    Post subject: Reply with quote

Quote:
I suggest you replace the disable = yes line with disable = no. That should help ftp get on its way.
I can't see anything with the telnet configuration that may prevent it from working. You're sure that you don't have iptables running?


Tried it, restart xinetd...didn't work. FTP and telnet are running, can use them internally, but keep getting connection timed out when trying to connection from outside. So right now I don't think there's anything wrong with ftp or telnet, it's just that somehow port 21 & 23 are not accepting any connection from outside even though nmap show that they are open

iptables or any kind of firewall is not running.
Back to top
View user's profile Send private message
jmbsvicetto
Moderator
Moderator


Joined: 27 Apr 2005
Posts: 4734
Location: Angra do Heroísmo (PT)

PostPosted: Sun Jan 15, 2006 6:56 am    Post subject: Reply with quote

Please post the output of
Code:
# netstat -an | grep 23
# netstat -an | grep 21

_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
Back to top
View user's profile Send private message
Micz
n00b
n00b


Joined: 07 Jul 2004
Posts: 32

PostPosted: Sun Jan 15, 2006 7:28 am    Post subject: Reply with quote

Code:

netstat -an | grep 23
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN
tcp        0      0 my_host_ip:22       71.34.*****:1236       ESTABLISHED
tcp        0      0 my_host_ip:22       71.34.*****:1237       ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     24039236
unix  3      [ ]         STREAM     CONNECTED     24039235
unix  3      [ ]         STREAM     CONNECTED     23985227
unix  3      [ ]         STREAM     CONNECTED     23985226
unix  2      [ ]         STREAM     CONNECTED     23985191
unix  3      [ ]         STREAM     CONNECTED     23436917
unix  3      [ ]         STREAM     CONNECTED     23436916
unix  2      [ ]         STREAM     CONNECTED     23436909
unix  3      [ ]         STREAM     CONNECTED     23117054
unix  3      [ ]         STREAM     CONNECTED     23117053
unix  2      [ ]         STREAM     CONNECTED     23117024



Code:

netstat -an | grep 21
tcp        0      0 my_host_ip:21       0.0.0.0:*               LISTEN
tcp        0      0 my_host_ip:25       222.129.104.214:3200    ESTABLISHED
unix  2      [ ACC ]     STREAM     LISTENING     6921   /var/run/mysqld/mysqld.studb.sock
unix  2      [ ACC ]     STREAM     LISTENING     9821048 /var/run/cgisock
unix  3      [ ]         STREAM     CONNECTED     24898218
unix  3      [ ]         STREAM     CONNECTED     24898217
unix  3      [ ]         STREAM     CONNECTED     24152177
unix  3      [ ]         STREAM     CONNECTED     24152176
unix  2      [ ]         STREAM     CONNECTED     24152169
unix  3      [ ]         STREAM     CONNECTED     24121201 /dev/log
unix  3      [ ]         STREAM     CONNECTED     24121200
Back to top
View user's profile Send private message
jmbsvicetto
Moderator
Moderator


Joined: 27 Apr 2005
Posts: 4734
Location: Angra do Heroísmo (PT)

PostPosted: Sun Jan 15, 2006 2:52 pm    Post subject: Reply with quote

netstat shows that both ftpd and telnetd are bound to your external IP address. If you can use them locally, the problem must be in the way there. The only options I see are a firewall in your host, using iptables which you say you don't have, or a problem with your router configuration which doesn't redirect the packets to your host.
_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum