I have 2 systems that cannot telnet directly into our UNIX system via IP. The only thing that separate these 2 systems from all the others in our office is that they run a PGP encryption within Outlook. I can telnet to a different server and then telnet from there to the one I want to get to, but I can't go direct. Any ideas?
The reason you can not telnet directly is properly due to tcpwrapper install on the 2 machines.
This is properly stopping telnet session from certain hosts.
To confirm this check your /etc/hosts.allow and
your /etc/hosts.deny file
if your /etc/hosts.allow have entry like
in.telnetd: x.x.x.x
then x.x.x.x is the ip address of hosts it allow
telnet connect from.
if your still having problem telneting, post back
that didn't do it. I should note that the systems that cannot connect are Windows 2000 systems running a telnet session. /etc/hosts.allow file was not in my Solaris 8 file system, so I created it. I used in.telnetd: xxx.xxx.xxx.0 to allow all IP on that subnet. It didn't work, so I added another entry with that specific system IP address.
check your /etc/inetd.conf or your /etc/inet/inetd.conf file
check for the telnet session
if your telnet entry is pointing to /usr/local/bin/tcpd like this
#telnet stream tcp6 nowait root /usr/local/bin/tcpd /usr/sbin/in.telnetd
then your solaris 8 machine is definately using tcpwrapper.
if this is not the case you will have entry like
#telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd
in this case it is not using tcpwrapper
if tcpwrapper is not being used to restrict telnet login then may be you have some firewall restricting or blocking port 23(telnet) from certain hosts.
check with your network administrator or security administrator to
make sure they is no firewall restricting telnet access
are all your machine including your window 2000 on the same subnet? or on a different subnet?
host
What about software firewalls on the windows boxes?
You may have outgoing port 23 TCP/IP blocked... have you connected to any other machines? try telnet://sdf.lonestar.org and see if you get a connection.
I am able to telnet to that system ...
Reply to hassan2 comments ...
We are using tcpwrapper.
I don't find any firewall restrictions
UNIX host is on a different subnet than the Win2k systems and are bridged through a Cisco router. I did setup a secondary IP address of the UNIX host on the same subnet as my Win2k systems, but could not telnet directly to that IP address either.
Make sure the systems default gateway is set correctly.