xinetd problems

[Primary Canary]

Does anyone know what I'm doing wrong here? I cannot get my telnet or ftp to work for computers on my lan. I'm running RH 7.3. I read a great tutorial on xinetd and as far as I can tell I'm doing everything correct.
Symptoms:
I can telnet into the machine from the machine
I can ftp into the machine from the machine
I cannot ftp or telnet into the machine from another computer on my network
My network is 2 PCs connected with a switch.
the address of my linux server is 90.0.0.2 and the other computer is 90.0.0.1
when I ping the computers, I get 100% return and 0 lost, and I have an internet proxy connection that is working (I'm using it now to post this message). So the computers can talk to each other
xinetd is running. I ps aux | grep xinetd and the prompt says the service is running. I looked in xinetd.conf and thought the problem was a line that read
only_from = localhost
so I changed it to
only_from 90.0.0.0 because the man page said use '0' as a wildcard
I looked in the file /etc/xinetd.d/telnet
the disable line reads
disable = no
However, my other computer cannot ftp or telnet into my linux server
also, under the red hat Service Configuration
I try to 'start' the telnet service, but it reads ' you must enable xinetd to use this service'
so I go down to xinetd and 'start' it but the telnet service still gives me the same message
what am I doing wrong? Any help is greatly appreciated. I'm sure I'm doing something obviously wrong but I just can't seem to see it. Any help from the community is greatly appreciated. Thank you

[24giovanni]

Primary,

The problems is not with you as I am having the same exact problem. Also, I've tried everything that you have with the same results. I'm having it using RH 8.0. If you have any luck please let me know what you did.

[Primary Canary]

I did some digging over at Red Hat.com, not very fruitful, but I did find this

http://kb.redhat.com/view.php?eid=183
http://kb.redhat.com/view.php?eid=49

I did what it suggested, and my machine has the required packages
I changed hosts.allow to this
in.telnetd: 90.0.0.

but I still cannot telnet or ftp into the server

http://kb.redhat.com/index.php
that link contains the postings with a few interesting other problems related to xinetd.

If anyone can please point out what I am doing wrong, I would greatly appreciate it

[majorwoo]

you just want to ftp and telnet to the machine right? do you have any sort of firewall running that is blocking the ports?

as root type

iptables -L you should get
[root@woo root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source

meaning you have no firewall, if you have somthing else paste it here... we may need to open the ports for telnet (23) and ftp (21 plus possibly ports for passive)

(on the side you really should use SSH and SFTP (part of the openssh-server rpm's) as they are more secure, but I'll be glad to help fix your telnet if you still want it

[Dolda2000]

If you have a default RH7.3 install, then you do have a firewall - it configures one by default. You can either turn it off completely by running "service iptables stop" or reconfigure it to let FTP and telnet connections through. I don't know what redhat calls their "user-friendly" firewall configurator, though, so if you want to do that, you'll have to do it by hand. I think the file you want to look in is named /etc/sysconfig/iptables, but I'm not sure.

[Primary Canary]

Thanks for the help guys.

as root I tried iptables -L and got this
bash: iptables: command not found

so I tried
find / -name iptables -print

the only entry was in /etc/rc.d/init.d/iptables

it's a shell script that is a little bit too complicated for me and trying to run it with an argument of L did nothing (it just returned with no useful output)

I then tried to find the file /etc/sysconfig/iptables

cat: /etc/sysconfig/iptables: No such file or directory

I looked in /etc/sysconfig and I found the following files

firewall, plain text, empty
ipchains, comments read 'Firewall configuration written by lokkit'

the format of ipchains is crypitc

My telnet fate is the hands of the community of linuxforums.org

Major Woo, I am using telnet and ftp because I thought these would be the easist to get up and running (silly me), this computer is not connected directly to the internet, on a 2 PC intranet, and the computer that acts as the proxy to the internet has Zone Alarm Pro running and blocking everything except the web browser. I am not seriously concerned with security. After saying this I'm sure I'll find out I got hacked, lol.

Thanks to Major Woo and Dolda2000 for taking the time and consideration to help me try to fix my problems.

-Anthony

[Dolda2000]

There you see, RH7.3 uses ipchains... Seems pretty stupid, since it was pretty heavily outdated at that time.
Anyway, you can probably use that "lokkit" program to open up the telnet and FTP ports. If not, post the contents if /etc/sysconfig/ipchains here (I will use it to remember the ipchains format), and I will help you open them up.

Side note: If you have the slocate package installed, you could have used "locate iptables" instead of find. It's pretty much faster.

[wassy121]

/etc/rc.d/init.d/iptables status
/etc/rc.d/init.d/ipchains status
should give some good output about the state of the firewall.

[majorwoo]

well it is up to you, installing the openssh rpm's would give you ssh(telnet) and sftp(ftp) both...

however if we are right, and the ipchians are blocking it, they would just block that too..

so post your ipchains in here like dolda said, and one of us will try to open your ports

/sbin/ipchains -L

should list the ipchains rules (sorry about that, i forgot 7.3 used ipchaisn by default)

[Primary Canary]

here is the output from /sbin/ipchains -L

Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
REJECT tcp -y---- anywhere anywhere any -> 0:1023
REJECT tcp -y---- anywhere anywhere any -> nfs
REJECT udp ------ anywhere anywhere any -> 0:1023
REJECT udp ------ anywhere anywhere any -> nfs
REJECT tcp -y---- anywhere anywhere any -> x11:6009
REJECT tcp -y---- anywhere anywhere any -> xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

thanks for the help!
-Anthony