I have a problem on a raq3 that i can't figure out.
I hope some guru here can help me.

I cannot make a telnet or ssh connection although the Ipchains rules are flushed.
Now to make it really weird i also can't ftp to any site on it.
But Frontpage users do seem to be able to FTP :confused:

I really hope someone can shine some light on it, all ideas are more then welcome.

Thanks in advance,

Dutchie...

And the admin CP works fine?
all used ports are open?

The admin works fine.
As far as i can see the ports are open Ipchains is running with no rules.
I think (not sure) that it happened after the recent cobalt updates.

I installed webmin to be able to at least look at some files, but although webmin runs fine i cannot use the telnet option in it. I also uninstalled ssh with no results.

Before you ask i enabled telnet on the raq ;)

And....after exactly which cobalt update has it happened?

I'm confused, at the beginning you said TELNET and SSH and FTP were not working. FTP for frontpage users is working. You uninstalled SSH. You installed WEBMIN.

So, what does it say in /var/log/messages when you try and TELNET/FTP in, do you get any errors?

Is your IP address in /etc/hosts.deny?

Chirpy,

This is the content of my /var/log/messages:

> tail /var/log/messages
Jul 10 11:45:01 admin4 proftpd[20453]: admin4.mysite.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jul 10 11:45:01 admin4 proftpd[20453]: admin4.mysite.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jul 10 11:45:01 admin4 proftpd[20453]: admin4.mysite.com (localhost[127.0.0.1]) - FTP session closed.
Jul 10 11:45:04 admin4 telnetd[20458]: ttloop: read: Broken pipe
Jul 10 12:00:01 admin4 proftpd[21852]: AllowChmod is deprecated, and will not work consistantly, use <Limit SITE_CHMOD> instead.
Jul 10 12:00:02 admin4 proftpd[21852]: admin4.mysite.com (localhost[127.0.0.1]) - FTP session opened.
Jul 10 12:00:02 admin4 proftpd[21852]: admin4.mysite.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jul 10 12:00:02 admin4 proftpd[21852]: admin4.mysite.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jul 10 12:00:02 admin4 proftpd[21852]: admin4.mysite.com (localhost[127.0.0.1]) - FTP session closed.
Jul 10 12:00:05 admin4 telnetd[21858]: ttloop: read: Broken pipe


Between 11:45 and 12:00 i tried several times to connect with ftp, but it does not show in the log, is that normal?

My ftp client just exits with "could not connect", the telnet window just exits with no comments at all.

My ip is not in the hosts.deny file.

Are there any other logs where i can find a clue?
How can i see if the ports are open?

Thanks!

Download nscan from nscan.org and do a port scan on the server's IP. You will see which ports are open and which ports have been blocked with ipchains as well as timeouts. Great little program to check once ipchains are installed.

Just make sure you have another connection sitting close by so that if you IP does get dumped in the host.deny file, you should be able to clear up the mess.



Kevin
Cephren.ca

"the telnet window just exits with no comments at all. "

If it is exits shortly when trying to connect though telnet, check at the /etc/xineted/telnet and make sure to uncomment the line for the having it enabled.

then restart xinetd

/etc/rc.d/init.d/xinetd restart

I mean enable it.

Thanks for the suggestions Cephren.
I did not find the file mentioned but found maybe the right file here:


/etc/cobalt/swatch/services/telnet
type = service
name = telnet
port = 23
protocol = tcp
retry = 3
restart = /etc/rc.d/init.d/inet hard-restart
state = on
init = null
seq = 0


Looks ok as far as i can tell.
I downloaded nscan (WOW great tip !!) and the ports are open
:(

Learned a lot but still no access

Hmmm maybe I gave you the wrong paths.

opps on the previous message I think I gave you the Redhat 7.2 settings instead...Well at least you know now that it is for redhat linux 7.2 to turn on telnet.

If the port scan you did shows the ports are open, that means they are working.

Hmm if you Ip chains are currently without rules, maye you should give it some rules. heck everything is worth a try, right?

# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
: output ACCEPT
-A input -s 0/0 -d 0/0 8443 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 143 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 20 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT



But then again it could be a user problem on the server.
Its hard to pinpoint the problem just by the logs....probably have to go in to see.

Its hard to pinpoint the problem just by the logs....probably have to go in to see.

;) now thats my problem exactly.

I have discovered with the help of Travis from Tera-byte that my Raq was under a DOS attack. I have no idea if that was the reason i could not login, but he entered the ip tru webmin in the hosts.deny
After that i re-installed SSH and saw in /var/log/messages that my connection was refused, i checked the hosts.deny again and my ip was there about 12 times.

So i asked TB to remove my ip and enter it in the ignore file from portsentry. I hope that wil solve it at last.

What is it exactly that hosts.deny does, cause i can still browse the sites on my raq and use the admin.
I can see why Portsentry enters my Ip again and again (i keep rebooting the raq every time i loose it) but why does hosts.deny still allow me to try again when my Ip is already in it ?
Does SSH "consult" the hosts.deny ?

YEZZZ :)

I'm in again.
I did as i descriped above tru the webmin control panel (excelent program!) and have access again.

As always i learned a lot from from this crisis.

Thanks a lot for the help and suggestions!


Dutchie..