Fedora 2 Can't Open Ports!

Hobbit · 02-21-2005, 03:25 PM

This is really odd! I wonder if any of you have seen this. Good server, nothing special, running SAMBA, Apache and SendMail however I can't get ports 25 and 110 open!!! I can't telnet into them at all! I have tried modifying the ip tables by hand, firewall, no firewall, firestarter, you name it, I have tried it, and I still can't telnet into the box!

I know this has to be a file somewhere, or a quirk of Fedora 2, all the services I setup on the box are working fine! I just can't get to them. Any suggestions would be appreciated...

horndude · 02-21-2005, 04:01 PM

check /etc/inetd.conf and make sure those services are turned on,uncomment the telnet and any other lines you need to, then restart inetd with kill -HUP <pid#>

also, if the box your trying to telnet into has packet forwarding turned on and you dont have DNS running it may not work, I know there's a way of fixing that without using DNS(bind) but im not good enough with iptables yet to know what to do to fix it.

Hobbit · 02-21-2005, 04:31 PM

Indeed all the services are switched on and there is no packet forwarding setup. Unless Fedora did it automatically! This is an odd problem. netstat shows the port 25 open and listening!

The iptables have been manipulated via the built-in firewall and I also tried it using firestarter (Nice Firewall GUI) I know this is one of those dumb easy problems to fix it's just a matter of finding out what has blocked or diverted ports!

horndude · 02-21-2005, 04:44 PM

ok, well turn off firestarter, and then as root do this:
iptables -F
echo 0 > /proc/sys/net/ipv4/ip_forward *********EDITED********* "<" was wrong,should be ">"
then try it

then, is this box on the same LAN from where your trying to telnet into it?
also, is the routing table setup correctly on both boxes?
you can add the basic host to ip info in /etc/hosts and /etc/networks, and for small LAN's thats the easiest way to do it

what im thinking here is the routing info is messed up and the box your trying to telnet from is having host resolve issues or routing issues

what kind of ping testing have you tried?, does it work when you do try it?

can the linux box access the net and/or ping the outside world?

your right, something simple is not right, im just throwing out some guesses for stuff you might not have tried

Hobbit · 02-21-2005, 04:51 PM

Thank you for helping.

Yes the I am trying to telnet on the local LAN, however the box does have an outside link as do all the boxes. I am using a W2K laptop to telnet. My firewall/router has ports forwarded to the fedora box. But I should be able to access on the same LAN!!! All my machines have net access and can see each other! The fedora box is setup as a print server and all the machines in my local LAN can print.

LOL gets stranger right?

Here is a NETSTAT:

[root@crunchy-dog init.d]# netstat -an find 25 |more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32771 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 10.0.109.8:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 4 10.0.109.8:445 10.0.109.4:1602 ESTABLISHED
tcp 0 0 10.0.109.8:139 10.0.109.2:1637 ESTABLISHED
tcp 0 0 127.0.0.1:32954 127.0.0.1:631 TIME_WAIT
tcp 1 0 127.0.0.1:32846 127.0.0.1:631 CLOSE_WAIT
tcp 0 0 :::443 :::* LISTEN
udp 0 0 0.0.0.0:32768 0.0.0.0:*
udp 0 0 127.0.0.1:32771 0.0.0.0:*
udp 0 0 10.0.109.8:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 10.0.109.8:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
udp 0 0 127.0.0.1:32794 0.0.0.0:*
udp 0 0 0.0.0.0:20000 0.0.0.0:*
udp 0 0 0.0.0.0:992 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
Active UNIX domain sockets (servers and established)

Any ideas?

horndude · 02-21-2005, 04:56 PM

ok, show me as root these:

route

whats in /etc/resolv.conf

whats in /etc/hosts

whats in /etc/networks

ifconfig

oh ya, dunno if you caught it but I edited that one command above, had <> pointed wrong way

horndude · 02-21-2005, 05:08 PM

hey, that printout of netstat is showing the port 25 as listening but with wrong IP--->its showing 0.0.0.0 instead of 127.0.0.1(localhost)-------that isnt right, should show localhost's ip or ip of subnet its running on your LAN

Hobbit · 02-21-2005, 05:38 PM

The network file was empty! Yeajh I caught the <> change...

I have not set an MX record in my nameservers for sendmail yet, I wanted to make sure sendmail worked on the LAN first. So the nameservers below are my ISP's DNS Servers for now. And hollandit.com is actually on a diferent IP on the internet, but again the ports should be working on the internal LAN before I finish the WAN setup.

resolve
nameserver 64.81.79.2
nameserver 216.231.41.2
domain hollandit.com
; generated by /sbin/dhclient-script
search mail.crunchy-dog

hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 hollandit localhost.localdomain localhost
10.0.109.8 Crunchy-Dog

ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:47:42:AD

D
inet addr:10.0.109.8 Bcast:10.0.109.255 Mask:255.255.255.0
inet6 addr: fe80::203:47ff:fe42:addd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:341766 errors:0 dropped:0 overruns:0 frame:0
TX packets:552376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28922329 (27.5 Mb) TX bytes:740588273 (706.2 Mb)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13551 errors:0 dropped:0 overruns:0 frame:0
TX packets:13551 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8508922 (8.1 Mb) TX bytes:8508922 (8.1 Mb)

Does any of this help?

horndude · 02-21-2005, 05:47 PM

yep, im guessing you need to make some additions to your routing table

whats "route" spit out?
Im guessing its empty, if so, you need to add your local subnet(LAN) and a default gateway

looks like your services are running but arent being bound to your LAN subnet IP, if thats the case I think its your routing table, your networks file being empty isnt critical, but its an easy way to get things to work before you start a DNS server for that purpose

Hobbit · 02-21-2005, 05:55 PM

Cool thanks man I will give it a try. Where do I include my LAN and Gateway? I thought that was taken care of in the hosts file?

Thanks for helping. I can't spell by the way! Sometime I miss the most obvious crap and feel like a total idiot!

02-21-2005, 03:25 PM	#1 (permalink)
Hobbit Newb Techie Join Date: Nov 2004 Posts: 27	Fedora 2 Can't Open Ports! This is really odd! I wonder if any of you have seen this. Good server, nothing special, running SAMBA, Apache and SendMail however I can't get ports 25 and 110 open!!! I can't telnet into them at all! I have tried modifying the ip tables by hand, firewall, no firewall, firestarter, you name it, I have tried it, and I still can't telnet into the box! I know this has to be a file somewhere, or a quirk of Fedora 2, all the services I setup on the box are working fine! I just can't get to them. Any suggestions would be appreciated...

02-21-2005, 05:38 PM	#8 (permalink)
Hobbit Newb Techie Join Date: Nov 2004 Posts: 27	The network file was empty! Yeajh I caught the <> change... I have not set an MX record in my nameservers for sendmail yet, I wanted to make sure sendmail worked on the LAN first. So the nameservers below are my ISP's DNS Servers for now. And hollandit.com is actually on a diferent IP on the internet, but again the ports should be working on the internal LAN before I finish the WAN setup. resolve nameserver 64.81.79.2 nameserver 216.231.41.2 domain hollandit.com ; generated by /sbin/dhclient-script search mail.crunchy-dog hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 hollandit localhost.localdomain localhost 10.0.109.8 Crunchy-Dog ifconfig eth0 Link encap:Ethernet HWaddr 00:03:47:42:ADD inet addr:10.0.109.8 Bcast:10.0.109.255 Mask:255.255.255.0 inet6 addr: fe80::203:47ff:fe42:addd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:341766 errors:0 dropped:0 overruns:0 frame:0 TX packets:552376 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28922329 (27.5 Mb) TX bytes:740588273 (706.2 Mb) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13551 errors:0 dropped:0 overruns:0 frame:0 TX packets:13551 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8508922 (8.1 Mb) TX bytes:8508922 (8.1 Mb) Does any of this help?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

02-21-2005, 04:01 PM	#2 (permalink)
horndude Master Techie Join Date: Apr 2004 Posts: 2,532	check /etc/inetd.conf and make sure those services are turned on,uncomment the telnet and any other lines you need to, then restart inetd with kill -HUP <pid#> also, if the box your trying to telnet into has packet forwarding turned on and you dont have DNS running it may not work, I know there's a way of fixing that without using DNS(bind) but im not good enough with iptables yet to know what to do to fix it.

02-21-2005, 04:31 PM	#3 (permalink)
Hobbit Newb Techie Join Date: Nov 2004 Posts: 27	Indeed all the services are switched on and there is no packet forwarding setup. Unless Fedora did it automatically! This is an odd problem. netstat shows the port 25 open and listening! The iptables have been manipulated via the built-in firewall and I also tried it using firestarter (Nice Firewall GUI) I know this is one of those dumb easy problems to fix it's just a matter of finding out what has blocked or diverted ports!

02-21-2005, 04:44 PM	#4 (permalink)
horndude Master Techie Join Date: Apr 2004 Posts: 2,532	ok, well turn off firestarter, and then as root do this: iptables -F echo 0 > /proc/sys/net/ipv4/ip_forward *******EDITED******* "<" was wrong,should be ">" then try it then, is this box on the same LAN from where your trying to telnet into it? also, is the routing table setup correctly on both boxes? you can add the basic host to ip info in /etc/hosts and /etc/networks, and for small LAN's thats the easiest way to do it what im thinking here is the routing info is messed up and the box your trying to telnet from is having host resolve issues or routing issues what kind of ping testing have you tried?, does it work when you do try it? can the linux box access the net and/or ping the outside world? your right, something simple is not right, im just throwing out some guesses for stuff you might not have tried

02-21-2005, 04:51 PM	#5 (permalink)
Hobbit Newb Techie Join Date: Nov 2004 Posts: 27	Thank you for helping. Yes the I am trying to telnet on the local LAN, however the box does have an outside link as do all the boxes. I am using a W2K laptop to telnet. My firewall/router has ports forwarded to the fedora box. But I should be able to access on the same LAN!!! All my machines have net access and can see each other! The fedora box is setup as a print server and all the machines in my local LAN can print. LOL gets stranger right? Here is a NETSTAT: [root@crunchy-dog init.d]# netstat -an find 25 \|more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:32771 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 10.0.109.8:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp 0 4 10.0.109.8:445 10.0.109.4:1602 ESTABLISHED tcp 0 0 10.0.109.8:139 10.0.109.2:1637 ESTABLISHED tcp 0 0 127.0.0.1:32954 127.0.0.1:631 TIME_WAIT tcp 1 0 127.0.0.1:32846 127.0.0.1:631 CLOSE_WAIT tcp 0 0 :::443 :::* LISTEN udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 127.0.0.1:32771 0.0.0.0:* udp 0 0 10.0.109.8:137 0.0.0.0:* udp 0 0 0.0.0.0:137 0.0.0.0:* udp 0 0 10.0.109.8:138 0.0.0.0:* udp 0 0 0.0.0.0:138 0.0.0.0:* udp 0 0 127.0.0.1:32794 0.0.0.0:* udp 0 0 0.0.0.0:20000 0.0.0.0:* udp 0 0 0.0.0.0:992 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* Active UNIX domain sockets (servers and established) Any ideas?

02-21-2005, 04:56 PM	#6 (permalink)
horndude Master Techie Join Date: Apr 2004 Posts: 2,532	ok, show me as root these: route whats in /etc/resolv.conf whats in /etc/hosts whats in /etc/networks ifconfig oh ya, dunno if you caught it but I edited that one command above, had <> pointed wrong way

02-21-2005, 05:08 PM	#7 (permalink)
horndude Master Techie Join Date: Apr 2004 Posts: 2,532	hey, that printout of netstat is showing the port 25 as listening but with wrong IP--->its showing 0.0.0.0 instead of 127.0.0.1(localhost)-------that isnt right, should show localhost's ip or ip of subnet its running on your LAN

02-21-2005, 05:47 PM	#9 (permalink)
horndude Master Techie Join Date: Apr 2004 Posts: 2,532	yep, im guessing you need to make some additions to your routing table whats "route" spit out? Im guessing its empty, if so, you need to add your local subnet(LAN) and a default gateway looks like your services are running but arent being bound to your LAN subnet IP, if thats the case I think its your routing table, your networks file being empty isnt critical, but its an easy way to get things to work before you start a DNS server for that purpose

02-21-2005, 05:55 PM	#10 (permalink)
Hobbit Newb Techie Join Date: Nov 2004 Posts: 27	Cool thanks man I will give it a try. Where do I include my LAN and Gateway? I thought that was taken care of in the hosts file? Thanks for helping. I can't spell by the way! Sometime I miss the most obvious crap and feel like a total idiot!