Where does inetd listen ? Tunnel setup ?

Where does inetd listen ? Tunnel setup ?

Post by DRN » Tue, 18 Nov 2008 22:28:15



From a relative newbie...
I have an embedded box running a 2.4.23 kernel.
Its got inetd configured for telnet and ftp (both work AOK from a
local connection).
I am trying to access the box via an openvpn tunnel.
I can launch the tunnel OK (over PPP, also running OK).
When I try to telnet or FTP to the other end of the tunnel, nothing
happens.
The tunnel-provider swears the request packets are forwarded to the
embedded box...

So - where does inetd listen for requests ?
What if anything do I need to do to the route table so that inetd
listens for requests from the tunnel ?
Any tips on how to debug, including tools to log what's showing up via
the tunnel ?

Thanks in advance for any help,
Best Regards, Dave

PS: here are the default and a suggested route setting; neither
worked...
netstat -nlp|grep 21
netstat -nlp|grep 23
route

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 96/inetd
udp 0 0 0.0.0.0:1024 0.0.0.0:* 217/openvpn
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 96/inetd
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.2.161 10.8.2.165 255.255.255.255 UGH 0 0 0 tun0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.8.2.165 * 255.255.255.255 UH 0 0 0 tun0
default * 0.0.0.0 U 0 0 0 ppp0

Quote:>>>> Change default route per suggestions, report again...

route del default
route add default dev tun0

netstat -nlp|grep 21
netstat -nlp|grep 23
route

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 96/inetd
udp 0 0 0.0.0.0:1024 0.0.0.0:* 217/openvpn
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 96/inetd
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.2.161 10.8.2.165 255.255.255.255 UGH 0 0 0 tun0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.8.2.165 * 255.255.255.255 UH 0 0 0 tun0
default * 0.0.0.0 U 0 0 0 tun0

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Chris Davie » Wed, 19 Nov 2008 02:41:10



> I have an embedded box running a 2.4.23 kernel.
> Its got inetd configured for telnet and ftp (both work AOK from a
> local connection).
> I am trying to access the box via an openvpn tunnel.
> I can launch the tunnel OK (over PPP, also running OK).

Have you really confirmed that PPP's working? What about the tunnel? Can
you ping the remote transport point?

If you're using PPP to connect to the embedded device, do you need
OpenVPN on the top of that?

Quote:> Any tips on how to debug, including tools to log what's showing up via
> the tunnel ?

tshark -i ppp0 -nlp     # Monitor PPP layer traffic
tshark -i tun0 -nlp     # Monitor OpenVPN layer traffic
openvpn --verbose 5     # Run OpenVPN protocol/application with logging

I would suggest you first concentrate on something like ping, and then
once you've got that running you may well find that telnet and ftp fall
into place.

Chris

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by DRN » Wed, 19 Nov 2008 06:15:11




> > I have an embedded box running a 2.4.23 kernel.
> > Its got inetd configured for telnet and ftp (both work AOK from a
> > local connection).
> > I am trying to access the box via an openvpn tunnel.
> > I can launch the tunnel OK (over PPP, also running OK).

> Have you really confirmed that PPP's working? What about the tunnel? Can
> you ping the remote transport point?

> If you're using PPP to connect to the embedded device, do you need
> OpenVPN on the top of that?

> > Any tips on how to debug, including tools to log what's showing up via
> > the tunnel ?

> tshark -i ppp0 -nlp ? ? # Monitor PPP layer traffic
> tshark -i tun0 -nlp ? ? # Monitor OpenVPN layer traffic
> openvpn --verbose 5 ? ? # Run OpenVPN protocol/application with logging

> I would suggest you first concentrate on something like ping, and then
> once you've got that running you may well find that telnet and ftp fall
> into place.

> Chris

Apologies, should have clarified that:
ping works from the embedded box out to the internet via PPP, and also
via the tunnel.

Thanks !
Best Regards, Dave

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by DRN » Wed, 19 Nov 2008 07:06:14




> > I have an embedded box running a 2.4.23 kernel.
> > Its got inetd configured for telnet and ftp (both work AOK from a
> > local connection).
> > I am trying to access the box via an openvpn tunnel.
> > I can launch the tunnel OK (over PPP, also running OK).

> Have you really confirmed that PPP's working? What about the tunnel? Can
> you ping the remote transport point?

> If you're using PPP to connect to the embedded device, do you need
> OpenVPN on the top of that?

> > Any tips on how to debug, including tools to log what's showing up via
> > the tunnel ?

> tshark -i ppp0 -nlp ? ? # Monitor PPP layer traffic
> tshark -i tun0 -nlp ? ? # Monitor OpenVPN layer traffic
> openvpn --verbose 5 ? ? # Run OpenVPN protocol/application with logging

> I would suggest you first concentrate on something like ping, and then
> once you've got that running you may well find that telnet and ftp fall
> into place.

> Chris

Sadly, no tshark in this distro.
I'll crank up the --verbose in openvpn and see it I get any helpful
info.

Thanks again,
Best Regards, Dave

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Pascal Hambour » Wed, 19 Nov 2008 07:17:05


Hello,

DRN a crit :

Quote:

> Sadly, no tshark in this distro.

The 2.4.23 kernel is quite old, so the distro may be old too. Tshark,
the console version of wireshark, was previously named tethereal, as the
console version of ethereal. You can try tcpdump too.
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by DRN » Wed, 19 Nov 2008 07:46:54




Quote:> DRN a crit :
> > Sadly, no tshark in this distro.

> The 2.4.23 kernel is quite old, so the distro may be old too. Tshark,
> the console version of wireshark, was previously named tethereal, as the
> console version of ethereal. You can try tcpdump too.

Sadly, tcpdump, ethereal, and tethereal are not present either...
Thanks though,
Best Regards, Dave
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Maxwell Lo » Wed, 19 Nov 2008 12:05:32



> Sadly, tcpdump, ethereal, and tethereal are not present either...
> Thanks though,
> Best Regards, Dave

You can also grab the sources and compile them.
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Pascal Hambour » Wed, 19 Nov 2008 19:51:48


DRN a crit :

Quote:

> Sadly, tcpdump, ethereal, and tethereal are not present either...

If you cannot install a packet sniffer then you may use iptables rules
with the LOG target, although this is less convenient and provides less
information about logged packets.
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by DRN » Thu, 20 Nov 2008 00:04:43


Hi All - Thanks for the suggestions offered; let me clarify the
situation (apologies if I wasn't clear), and repeat a specific
question:

Clarifications
- I'm trying to set up a tunnel so I can remotely ftp or telnet into
the box
- The embedded box is running kernel 2.4.23
- It is an embedded machine without a full distro
- netfilter (including iptable etc) is not built into the kernel
- after launching PPPD, I can ping the internet via PPP
- after constructing an openvpn tunnel, I can ping the internet via
the tunnel
- inetd seems properly configured as I can telnet or ftp into the box
from a local connection

A specific question
- Where does inetd listen for requests ? What if anything do I need to
do to the route table so that inetd listens for requests from the
tunnel ?

Again, Thanks in advance for any help,
Best Regards, Dave

PS: Suggestions for specific tutorials that would help would also be
appreciated !

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Chris Davie » Thu, 20 Nov 2008 00:57:26



> Sadly, no tshark in this distro.

Formerly known as tcpdump. Takes the same parameters.
Chris
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Pascal Hambour » Thu, 20 Nov 2008 01:06:32


Chris Davies a crit :


>> Sadly, no tshark in this distro.

> Formerly known as tcpdump.

Nope, tshark was formerly known as tethereal. Tcpdump is a different
software.
 
 
 

Where does inetd listen ? Tunnel setup ?

Post by Chris Davie » Thu, 20 Nov 2008 01:00:44



> Clarifications
> - I'm trying to set up a tunnel so I can remotely ftp or telnet into
> the box

What are the endpoints? Your client PC and your embedded system? Something else?

Quote:> - after launching PPPD, I can ping the internet via PPP

PPP links what to what? The embedded box to the Internet?

Quote:> - after constructing an openvpn tunnel, I can ping the internet via
> the tunnel

Likewise. I'm not clear on what your tunnel is connecting.

Quote:> - Where does inetd listen for requests?

Usually INADDR_ANY (i.e. everwhere), so you don't need to kick it to
listen on multiple interfaces.

Chris

 
 
 

Where does inetd listen ? Tunnel setup ?

Post by DRN » Thu, 20 Nov 2008 01:23:07




> > Clarifications
> > - I'm trying to set up a tunnel so I can remotely ftp or telnet into
> > the box

> What are the endpoints? Your client PC and your embedded system? Something else?

embedded PC <<==>> openvpn server (to which I hope to connect the PC)

Quote:> > - after launching PPPD, I can ping the internet via PPP

> PPP links what to what? The embedded box to the Internet?

Yup.

Quote:> > - after constructing an openvpn tunnel, I can ping the internet via
> > the tunnel

> Likewise. I'm not clear on what your tunnel is connecting.

Sorry, See separate post...

Quote:> > - Where does inetd listen for requests?

> Usually INADDR_ANY (i.e. everwhere), so you don't need to kick it to
> listen on multiple interfaces.

Great, that's what I was looking for, Thanks !
 
 
 

1. constraining inetd to listen to one logical interface

inetd(1M) listens to all the logical network interfaces configured into
a system. How do you persuade it to listen to only *one* interface? This
one does not seem to appear in the Solaris FAQ of Casper Dik... It would
seem logical to let you define the interface(s) for net daemons if you
provide a virtual/multiple interfaces.

One possibility might be to use SAF (-s flag), but there is no
documentation on how to do this. I recall the original SVR4 roadmap
depricated inetd in favour of SAF. However /etc/init.d/inetsvc contains
the following pearl...

#
# Run inetd in "standalone" mode (-s flag) so that it doesn't have
# to submit to the will of SAF.  Why did we ever let them change inetd?
#
/usr/sbin/inetd -s

Ideas?

Cheers,

Neil.

--

phone : +39 332 785279
fax   : +39 332 789074

2. Does an hexadecimal editor exist?

3. Inetd fails to listen?

4. No utmp entry. You must exec "login" from the lowest level sh

5. Inetd puzzlement - listening on odd ports

6. Compaq SmartStart

7. inetd is running and listening ports, but no subdemon is startet

8. FLOPPY DRIVE AND MTAB/FSTAB

9. Listen vs Inetd

10. Need help using inetd to start an application that listens on a tcp port

11. listen and inetd looping after reboot

12. Specifying multiple IPs to listen for inetd

13. Listen vs Inetd