Problem with new RH8 server install

[Jake_Bottero]

I recently reinstaled RH8 from the ground up on one of my machines. Here are the sympoms:





Can use SecureCRT from a machine outside the network to access the server (SSH2) , but..

Can not FTP in or out from anywhere (I'm using ProFTPd, no probelms with the install, has the correct entries in xinetd.d;

Can not telnet to localhost from the server's command line (i.e. #telnet localhost 110)

wget can not access anything outside the network: Resolving xxx... failed: Host not found.



I've done things like flushed iptables to see if that was the issue, I know that the router is not blocking the needed ports.

The error message (not really an error, I know...) is:

Connection refused

Any ideas?

[jkrohn]

Quote:

Can not telnet to localhost from the server's command line (i.e. #telnet localhost 110)

Ok, a few things.
1) Telnet is default port 23. Are you running telnet on an alternate port? Is the telnet server running?
2) 110 is the default port for POP. Is that what you are trying to connect to? If so is your mailserver running?
3) Is localhost mapped to 127.0.0.1 in /etc/hosts?

Quote:

wget can not access anything outside the network: Resolving xxx... failed: Host not found.

Can anything access outside the network? can you ping names? Does DNS resolve correctly? Setup correctly? (/etc/resolv.conf) Can you ping IPs?

Quote:

Can not FTP in or out from anywhere (I'm using ProFTPd, no probelms with the install, has the correct entries in xinetd.d;

Once again, is it running? Can you ftp to localhost on 21 (or alternate port if you are using it)? Can you telnet to that port?


Thats about all I can do for ya without more info.

Jkrohn

[Jake_Bottero]

Quote:

Originally posted by jkrohn

Ok, a few things.
1) Telnet is default port 23. Are you running telnet on an alternate port? Is the telnet server running?

I'm sorry, I am an idiot. Of course 110 will not work, I haven't installed the mail server yet (been using qmail without problems on previous intall). This explains this, but it does not like my password / UserID:

Code:

[root@localhost /]# telnet localhost 23
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Red Hat Linux release 8.0 (Psyche)
Kernel 2.4.18-14 on an i686
login: root
Password: 
Login incorrect

login:

Remember, I am doing this from SecureCRT via SSH2 outside the network, so I'm already able to access it by command line.

Quote:

3) Is localhost mapped to 127.0.0.1 in /etc/hosts?

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost

So looks like this is OK.

Quote:

Can anything access outside the network? can you ping names? Does DNS resolve correctly? Setup correctly? (/etc/resolv.conf) Can you ping IPs?

Code:

[root@localhost root]# ping www.interpoint.com
PING www.interpoint.com (216.34.85.132) from 192.168.0.5 : 56(84) bytes of data.

And it hangs here...

I can open a browser and get out.

Quote:

Once again, is it running? Can you ftp to localhost on 21 (or alternate port if you are using it)? Can you telnet to that port?

Code:

[root@localhost /]# ftp localhost 21 
ftp: connect: Connection refused
ftp> quit
[root@localhost /]#

I can not ftp anything, in or out, from the server command line or when I telnet (ssh2) in. wget seems to be fine (changed a DNS setting)

[jkrohn]

1) Telnet problem.

PAM (or some other security module) may be disallowing root to login to telnet. Denying a user login privliages will vary by service, so being able to ssh as root doesn't automaticly mean you can telnet. Try useing a different user. See if they can telnet in.

2) FTP problem. Is the FTP service actually running?

Quote:

[root@slack jkrohn]# telnet localhost 21
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

That's what I get from my machine NOT running an FTP server.
NMap the machine or telnet to port 21 to see if it will open the socket.
If it is actually running on that port, start looking through the setup files and see if you have accidentally denied yourself.

3) Ping. So let me get this strsight. wget works, browsers work, but ping doesn't? Make sure your router isn't dropping ICMP (or iptables for that matter) packets.

Let me know if I missed anything.
Jkrohn

[Jake_Bottero]

OK wel obviously, I can't telnet from the command line as root...

Code:

[root@localhost root]# telnet localhost 23
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Red Hat Linux release 8.0 (Psyche)
Kernel 2.4.18-14 on an i686
login: jake
Password: 
[jake@localhost jake]$

And,

Code:

[root@localhost root]# iptables -F
[root@localhost root]# telnet localhost 21 
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
[root@localhost root]#

If I run ps -A should I see it as a process there?

[Jake_Bottero]

Here's something I hadn't though about: This server sits behind a router, so for examle the name server points to the routher, not the interanl address of the machine.

in xinetd.d/ftp, I have

Code:

service ftp
{
flags = REUSE
socket_type = stream
instances = 50
wait = no
user = root
server = /usr/local/sbin/proftpd
bind = 192.168.0.5
}

where the bind address is the address of the machine on the network.

And the proftpd.conf file:

Code:

# This is a basic ProFTPD configuration file (rename it to     
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "MyServer"
ServerType                      inetd     
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite                on
</Directory>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

[jkrohn]

Quote:

This server sits behind a router, so for examle the name server points to the routher, not the interanl address of the machine.

1) Can you confirm for me that the ftp service is actually running?
2) Can you ftp to localhost?
3) Why are you using bind? You should not need it.

You will also have to forward the port on the router to the ip of the local machine if you want outside people to be able to access it.

Jkrohn

[jkrohn]

Quote:

server = /usr/local/sbin/proftpd

Is this the correct path?

Jkrohn

[Jake_Bottero]

Quote:

Originally posted by jkrohn


1) Can you confirm for me that the ftp service is actually running?

I'm not sure. I thought I might see it as a process with ps -A, but I see nothing. How might I confirm this?

Quote:

2) Can you ftp to localhost?

No. See above posts.

Code:

[root@localhost /]# ftp localhost 21
ftp: connect: Connection refused
ftp> quit
[root@localhost /]#

Quote:

3) Why are you using bind? You should not need it.

Because it was in the example, and last time didn't seem to cause problems. I'll comment it out and see if that does anything.

Quote:

You will also have to forward the port on the router to the ip of the local machine if you want outside people to be able to access it.

I don't recal doing anything special last time I sut this machine up under the same conditions. Can you describe this process?

Thanks for your time. By the way, MANY moons ago, I was stationed near there (Rantual [spelling]) while in the Air Force. Very cold. Florida was much nicer, but still Washington state while wet does not freeze...

[jkrohn]

It won't show up under ps until someone actually connects to it.

Did you double check the path to proftpd? Make sure this is the actual binary and not a link to the binary (ls -la /usr/local/bin |grep proftpd).

We will worry about port forwarding once we get the ftp server running on the localhost.

Yeah, Rantoul is quite near here. They converted the base in very cheap housing so a lot of people live there and work here.

Jkrohn