Thursday, June 19, 2014

"No route to host" when trying do telnet into new Fedora 20 Server

thanatos is my new Fedora 20 Server.
sisifo and merope are old Fedora servers.

 After installing telnet-server, I started telnet.socket by using the following commands:

 systemctl start telnet.socket
systemctl enable telnet.socket
systemctl status telnet.socket
telnet.socket - Telnet Server Activation Socket
   Loaded: loaded (/usr/lib/systemd/system/telnet.socket; enabled)
   Active: active (listening) since Thu 2014-06-19 15:53:29 BRT; 52min ago
     Docs: man:telnetd(8)
   Listen: [::]:23 (Stream)
 Accepted: 3; Connected: 0
Jun 19 15:53:29 thanatos systemd[1]: Listening on Telnet Server Activation Socket.

 When I tried to telnet into this server (thanatos), I receive "No route to host".

 [root@sisifo javauser]# telnet thanatos
Trying 10.80.122.52...
telnet: connect to address 10.80.122.52: No route to host
[root@sisifo javauser]#

 I created a file /etc/sysconfig/iptables copying from another server but it didn't work.

 So, I saved the Firewall configuration by using:
[root@thanatos sysconfig]# iptables -L -n > iptables_edo_20140619

 And flush all entries in Firewall, by using:
[root@thanatos sysconfig]# iptables -F

After that, I could telnet into my new server.

 It isn't a good solution, because i would be vulnerable to attacks. Since this server is not directly connected to Internet, I can adopt this remedy.

 *** A BETTER SOLUTION ***
Adding entries to iptable to enable telnet (Port 23)

 [root@thanatos ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

 Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

 Chain FORWARD_direct (1 references)
target     prot opt source               destination

 Chain FWDI_public (2 references)
target     prot opt source               destination
FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0
FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FWDI_public_allow (1 references)
target     prot opt source               destination

 Chain FWDI_public_deny (1 references)
target     prot opt source               destination

 Chain FWDI_public_log (1 references)
target     prot opt source               destination

 Chain FWDO_external (0 references)
target     prot opt source               destination
FWDO_external_log  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_external_deny  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_external_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FWDO_external_allow (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

 Chain FWDO_external_deny (1 references)
target     prot opt source               destination

 Chain FWDO_external_log (1 references)
target     prot opt source               destination

 Chain FWDO_public (2 references)
target     prot opt source               destination
FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain FWDO_public_allow (1 references)
target     prot opt source               destination

 Chain FWDO_public_deny (1 references)
target     prot opt source               destination

 Chain FWDO_public_log (1 references)
target     prot opt source               destination

 Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  0.0.0.0/0            0.0.0.0/0
IN_public  all  --  0.0.0.0/0            0.0.0.0/0

 Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

 Chain INPUT_direct (1 references)
target     prot opt source               destination

 Chain IN_dmz (0 references)
target     prot opt source               destination
IN_dmz_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_dmz_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_dmz_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_dmz_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

 Chain IN_dmz_deny (1 references)
target     prot opt source               destination

 Chain IN_dmz_log (1 references)
target     prot opt source               destination

 Chain IN_external (0 references)
target     prot opt source               destination
IN_external_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_external_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_external_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_external_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

 Chain IN_external_deny (1 references)
target     prot opt source               destination

 Chain IN_external_log (1 references)
target     prot opt source               destination

 Chain IN_home (0 references)
target     prot opt source               destination
IN_home_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_home_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_home_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_home_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:631 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW

 Chain IN_home_deny (1 references)
target     prot opt source               destination

 Chain IN_home_log (1 references)
target     prot opt source               destination

 Chain IN_internal (0 references)
target     prot opt source               destination
IN_internal_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_internal_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_internal_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_internal_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:631 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW

 Chain IN_internal_deny (1 references)
target     prot opt source               destination

 Chain IN_internal_log (1 references)
target     prot opt source               destination

 Chain IN_public (2 references)
target     prot opt source               destination
IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW

 Chain IN_public_deny (1 references)
target     prot opt source               destination

 Chain IN_public_log (1 references)
target     prot opt source               destination

 Chain IN_work (0 references)
target     prot opt source               destination
IN_work_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_work_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_work_allow  all  --  0.0.0.0/0            0.0.0.0/0

 Chain IN_work_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:631 ctstate NEW

 Chain IN_work_deny (1 references)
target     prot opt source               destination

 Chain IN_work_log (1 references)
target     prot opt source               destination

 Chain OUTPUT_direct (1 references)
target     prot opt source               destination

 [root@thanatos ~]# iptables -A IN_work_allow -p TCP -j ACCEPT -s 0/0 -d  0/0 --sport 23

 [root@thanatos ~]# iptables -A IN_work_allow -p TCP -j ACCEPT -s 0/0 -d  0/0 --dport 23

 [root@thanatos ~]# iptables -A IN_public_allow -p TCP -j ACCEPT -s 0/0 -d  0/0 --dport 23
[root@thanatos ~]#

Coments:
Sorry, I suspected that not all of these 3 lines are necessary but I do not have time to test and find out which is the essential line to be added.
To be correct further :-)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About Me

My photo
Leitor Compulsivo e Apaixonado