(fedora) Re: how to setup rsh(d) on FC4
J. K. Cliburn
jcliburn at gmail.com
Thu Feb 9 00:09:53 UTC 2006
Mikkel L. Ellertson wrote:
> J. K. Cliburn wrote:
>
>>On 2/8/06, Jacob (=Jouk) Jansen <joukj at hrem.nano.tudelft.nl> wrote:
>>
>>
>>>a.apprich at science-computing.de wrote on 8-FEB-2006 11:30:21.57
>>>
>>>
>>>
>>>>>>>>I try to get the rsh command working to a FC4 system
>>>
>>>[snip]
>>>
>>>
>>>>what does /var/log/messages tell you about login via rsh?
>>>
>>>No Route to host
>>
>>
>>I know you said you have the relevant ports unfiltered in iptables,
>>but isn't this the typical message received when you attempt to access
>>a blocked port?
>>
>
> Nope. You will get connection refused if the port is set to reject,
> and a timeout message if it is set to drop. You get the No route to
> host when there is a network configuration problem.
To test whether netfilter on the server side might result in a "No route
to host" indication on the client side, I removed a rule in iptables
that allowed traffic on port 23 on an internal server running telnetd
under xinetd. The default catchall netfilter rule (a rule which remains
unmodified from when I installed FC4) in /etc/sysconfig/iptables is this:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
This rule results in the following message when I attempt to connect to
port 23:
[jcliburn at osprey ~]$ telnet petrel
Trying 192.168.1.6...
telnet: connect to address 192.168.1.6: No route to host
Here's the relevant snippet from tethereal.
Source: 192.168.1.6 (192.168.1.6)
Destination: 192.168.1.3 (192.168.1.3)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 10 (Host administratively prohibited)
I believe Mr. Jansen has a problem with one or more filtered ports.
Jay
More information about the fedora-list
mailing list