Help - Search - Members - Calendar
Full Version: Telnet/ftp Ports Blocked
Linuxhelp > Support > Technical Support
BigB23USAABC
I setup an Telnet server on a RedHat 7.3 box and it worked fine for one day. Once I shut down the machine and restarted all of the ports used for Telnet and FTP have been blocked and I have no idea how to unblock them. Any Suggestions??
hughesjr
If this machine is connected to the internet, I would recommend that you use ssh (with sftp) instead of telnet and ftp ... if that is possible for your situation.

But to answer your question, you probably have either iptables or ipchains as a firewall .... you would need to allow port 23 (for telnet) and port 21 (for FTP) into the machine...I think the default firewall for redhat 7.3 was iptables.

To see if iptables (or ipchains) is the problem, issue the command:

iptables -L

If you get results that have more than this:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


then you actaully have an IPTABLES firewall and it is turned on...

Next issue the command:

/etc/init.d/iptables stop

and try to connect to the services ... if it works, we need to fix your iptables firewall to allow ftp/telnet in...

If you don't have iptables then you probably have ipchains ... try the same this command if the IPTABLES stuff above didn't work...

/etc/init.d/ipchains stop

If you have ipchains then this line as the first rule in the file /etc/sysconfig/ipchains will allow all users to connect to ftp and telnet (and ssh):

-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:23 -p 6 -j ACCEPT

and the command in iptables (/etc/sysconfig/iptables) would be:

-A INPUT -m state --state NEW -s 0.0.0.0/0.0.0.0 -m tcp -p tcp --dport 21,23 -j ACCEPT

If at all possible, I would recommend that you limit the connections in to your local network and not to all users ... if you local network was 192.168.0.0 with a subnet mask of 255.255.255.0, then I would recommend this instead for -s in each of the above rules:

-s 192.168.0.0/255.255.255.0

But then you can only connect from the local network...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.