Acabei de atualizar do CentOS 6.6 para o 6.8 (64 bits). Temos um cliente telnet licenciado pelo site que permite várias janelas em um único banco de dados. Eu desativei o SELinux e reiniciei o sistema.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
[root@localhost selinux]#
Eu desativei o firewall. Este é o arquivo telnet no diretório xinetd.d.
#
{
disable = no
bind = 10.99.0.6
flags = REUSE
wait = no
socket_type = stream
only_from = 10.99.0.0
user = root
# server = /usr/sbin/in.telnetd
server = /usr/uv/bin/uvtelnetd
log_on_failure += USERID
}
Este é o arquivo iptables:
[root@localhost etc]# more /etc/sysconfig/iptables# Generated by iptables-save v1.4.7 on Mon Mar 27 13:33:58 2017
*nat
:PREROUTING ACCEPT [40:5382]
:POSTROUTING ACCEPT [2:131]
:OUTPUT ACCEPT [2:131]
COMMIT
# Completed on Mon Mar 27 13:33:58 2017
# Generated by iptables-save v1.4.7 on Mon Mar 27 13:33:58 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [29:2732]
-A INPUT -p tcp -m tcp --dport 23 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i em1 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i em1 -j ACCEPT
COMMIT
# Completed on Mon Mar 27 13:33:58 2017
Se eu fizer lsof
, isso é o que eu vejo.
[root@localhost etc]# lsof -i | grep 23
cupsd 2080 root 6u IPv6 12381 0t0 TCP localhost6.localdomain6:ipp (LISTEN)
cupsd 2080 root 7u IPv4 12382 0t0 TCP localhost.localdomain:ipp (LISTEN)
cupsd 2080 root 9u IPv4 12385 0t0 UDP *:ipp
rpc.mount 2281 root 11u IPv4 13232 0t0 UDP *:57448
rpc.mount 2281 root 12u IPv4 13236 0t0 TCP *:42105 (LISTEN)
pluto 2623 root 22u IPv4 13994 0t0 UDP 10.99.0.6:isakmp
pluto 2623 root 23u IPv4 13995 0t0 UDP 10.99.0.6:ipsec-nat-t
pluto 2623 root 24u IPv4 13996 0t0 UDP localhost.localdomain:isakmp
pluto 2623 root 25u IPv4 13997 0t0 UDP localhost.localdomain:ipsec-nat-t
pluto 2623 root 26u IPv6 13998 0t0 UDP localhost6.localdomain6:isakmp
Eu ainda recebo uma "conexão recusada" mesmo se eu tentar o telnet a partir do console do servidor.
Como iniciante no iptables e no xinetd, não tenho certeza do que fiz de errado. Como posso fazer isso funcionar?
Eu segui as sugestões do Moonpoint:
[root@localhost ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost ~]# netstat -an | grep 23
unix 2 [ ACC ] STREAM LISTENING 18013 /tmp/orbit- root/linc-e3b-0-12ce87623f7f2
unix 2 [ ACC ] STREAM LISTENING 12383 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 12340 /var/lib/samba/winbindd_privileged/pipe
unix 2 [ ACC ] STREAM LISTENING 12337 /var/run/winbindd/pipe
unix 3 [ ] STREAM CONNECTED 20234 @/tmp/dbus-1a1aDNA0S2
unix 3 [ ] STREAM CONNECTED 20233
unix 3 [ ] STREAM CONNECTED 19723
unix 3 [ ] STREAM CONNECTED 19239 @/tmp/dbus-1a1aDNA0S2
unix 3 [ ] STREAM CONNECTED 19238
unix 3 [ ] STREAM CONNECTED 18323 @/dbus-vfs-daemon/socket-9ID2XSeB
unix 3 [ ] STREAM CONNECTED 18232 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 18231
unix 3 [ ] STREAM CONNECTED 18016 /tmp/orbit-root/linc-e3b-0-12ce87623f7f2
unix 3 [ ] STREAM CONNECTED 17223 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 14323
unix 3 [ ] STREAM CONNECTED 12343
unix 3 [ ] STREAM CONNECTED 12342
[root@localhost ~]#
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
rsync: on
tcpmux-server: on
telnet: on
time-dgram: off
time-stream: off
[root@localhost ~]# telnet 10.99.0.6
Trying 10.99.0.6...
telnet: connect to address 10.99.0.6: Connection refused
[root@localhost ~]# telnet localhost
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
[root@localhost ~]#
Então, apesar de o chkconfig achar que o telnet está rodando, algo ainda está no caminho.
Dale