(?) The Answer Gang (!)


By James T. Dennis, [email protected]
LinuxCare, http://www.linuxcare.com/


(?) Connection Refused

From Yu-Kang Tsao on Wed, 26 Jul 2000

Answered By: Jim Dennis

Hi James:

Now I am setting up a linux red hat 6.2

server box in our NT LAN and I am trying to telnet connect to that box from one of the NT workstation in our NT LAN. But it gives me connectiong refuse message. Would you help me telnet connect to linux box ? Thank you very much.

Sincerely
Nathan

(!) You probably don't have DNS, specifically your reverse DNS zones (PTR records) properly configured.
Linux includes a package called TCP Wrappers (tcpd) which allows you to control which systems can connect to which services. This control is based on the contents of two configuration files (/etc/hosts.allow and /etc/hosts.deny) which can contain host/domain name and IP address patterns that "allow" or "deny" access to specific services.
You could disable this feature by editing your /etc/inetd.conf file and changing a line that reads something like:
telnet	stream	tcp	nowait	telnetd.telnetd	/usr/sbin/tcpd /usr/sbin/in.telnetd
to something that looks more like:
telnet	stream	tcp	nowait	telnetd.telnetd	/usr/sbin/in.telnetd /usr/sbin/in.telnetd
(Note: THESE ARE EACY JUST ON ONE LINE! THE TRAILING BACKSLASH is for e-mail/browser legibility)

My processing script knows about these backslashes and restored them to a complete line. But it may be worth knowing that most versions of inetd these days will allow you to use \ at the very end of line to continue it onto the next. It will not work if you have a space after it though. Think of it as escaping the newline character. -- Heather

some of the details might differ abit. This example is from my Debian laptop and Red Hat has slightly different paths and permissions in some cases).
You should search the back issues of LG for hosts.allow and tcpd for other (more detailed) discussions of this issue. It is an FAQ. Of course you can also read the man pages for hosts_access(5), hosts_options(5) and tcpd(8) for more details on how to use this package.
Note: You should also consider banning telnet from your networks. I highly recommend that you search the LG back issues for references to 'ssh' for discussions that relate to that. Basically, the telnet protocol leaves your systems susceptible to sniffing (and session hijacking, among other problems) and therefore greatly increases your chances of getting cracked, and greatly increases the amount of damage that an intruder or disgruntled local user can do to your systems. 'ssh' and its alternatives are MUCH safer.


Copyright © 2000, James T. Dennis
Published in the Linux Gazette Issue 57 September 2000
HTML transformation by Heather Stern of Tuxtops, Inc., http://www.tuxtops.com/


[ Answer Guy Current Index ] greetings   1   2   3   4   5   6   7 [ Index of Past Answers ]