Help: SWAT refuses to connect? - Help

This is a discussion on Help: SWAT refuses to connect? - Help ; I'm trying to complete my SAMBA setup and wanted to use SWAT. The samba server setup, using the menu that came with Fedora 4, is working. However, I know that SWAT gives you a lot more configuration issues. This is ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Help: SWAT refuses to connect?

  1. Help: SWAT refuses to connect?

    I'm trying to complete my SAMBA setup and wanted to use SWAT. The samba
    server setup, using the menu that came with Fedora 4, is working. However,
    I know that SWAT gives you a lot more configuration issues. This is a new
    system and it has been awhile since I worked on a linux box, so I probably
    have something wrong or secured out.

    SWAT is installed and I have enabled it in /etc/xinetd.d/swat :

    service swat
    {
    disable = no
    port = 901
    socket_type = stream
    wait = no
    only_from = localhost, jupiter
    user = root
    server = /usr/sbin/swat
    log_on_failure += USERID
    }

    When I try as root to use the local linux firefox browser
    (http://localhost:901/) I get the following message immediately from
    firefox:

    The connection was refused while attempting to contact localhost:901

    I would appreciate any hints on how to get this corrected or where the
    problem is originating from.

    --
    Bud Curtis
    Colorado Springs, CO



  2. Re: Help: SWAT refuses to connect?


    A few troubleshooting questions:

    1) Is swat in /usr/sbin/swat i.e. (to check run the command)
    which swat

    2) Is xinetd installed and running? i.e. (to check run the command)
    service xinetd status

    3) Is the default firewall getting in the way? i.e. (to check run the
    command)
    service iptables status

    If iptables is running stop it to rule it out and try again.
    To stop it run the following:
    service iptables stop

    4) Have you checked /var/log/messages for xinetd output?


    --
    harryedwards

  3. Re: Help: SWAT refuses to connect?

    Those are terrific suggestions, thank you. I will give them a try ASAP.

    --
    Bud Curtis
    Colorado Springs, CO
    "harryedwards" wrote in
    message news:harryedwards.20r6sn@dev.null.thisishull.net.. .
    >
    > A few troubleshooting questions:
    >
    > 1) Is swat in /usr/sbin/swat i.e. (to check run the command)
    > which swat
    >
    > 2) Is xinetd installed and running? i.e. (to check run the command)
    > service xinetd status
    >
    > 3) Is the default firewall getting in the way? i.e. (to check run the
    > command)
    > service iptables status
    >
    > If iptables is running stop it to rule it out and try again.
    > To stop it run the following:
    > service iptables stop
    >
    > 4) Have you checked /var/log/messages for xinetd output?
    >
    >
    > --
    > harryedwards




  4. Re: Help: SWAT refuses to connect?

    It wasn't the firewall after all. Though I'm surprised I'm running iptables
    instead of ipchains. The problem appears to be my swat file. The one that
    works has the localhost IP not "localhost":

    service swat
    {
    disable = no
    port = 901
    socket_type = stream
    wait = no
    only_from = 127.0.0.1
    user = root
    server = /usr/sbin/swat
    log_on_failure += USERID
    }


    If I use:

    only_from = localhost

    it is refused. Also, I thought I could give a list of acceptable addresses
    like:

    only_from = 127.0.0.1,192.168.0.16

    but it will not connect to local host or the other system this way.

    I assume I could drop the only_from line and then swat would let any address
    in. Then the only way to controll access to swat is through the firewall
    using the port. Is that the right conclusion.
    --
    Bud Curtis
    Colorado Springs, CO
    "harryedwards" wrote in
    message news:harryedwards.20r6sn@dev.null.thisishull.net.. .
    >
    > A few troubleshooting questions:
    >
    > 1) Is swat in /usr/sbin/swat i.e. (to check run the command)
    > which swat
    >
    > 2) Is xinetd installed and running? i.e. (to check run the command)
    > service xinetd status
    >
    > 3) Is the default firewall getting in the way? i.e. (to check run the
    > command)
    > service iptables status
    >
    > If iptables is running stop it to rule it out and try again.
    > To stop it run the following:
    > service iptables stop
    >
    > 4) Have you checked /var/log/messages for xinetd output?
    >
    >
    > --
    > harryedwards




  5. Re: Help: SWAT refuses to connect?


    In regards to the only_from parameter. The man file for xinetd.con
    details the permitted values as:

    -------------------------------------- Man extrac
    ----------------------------
    a) a numeric address in the form of %d.%d.%d.%d. If the rightmos
    components are 0, they are treated as wildcards (for example,
    128.138.12.0 matches all hosts on the 128.138.12 subnet). 0.0.0.
    matches all Internet addresses. IPv6 hosts may be specified in th
    form of abcd:ef01::2345:6789.
    The rightmost rule for IPv4 addresses does not apply to IPv
    addresses.

    b) a factorized address in the form of %d.%d.%d.{%d,%d,...}. Ther
    is no need for all 4 components (i.e. %d.%d.{%d,%d,...%d} is also ok)
    However, the factorized part must be at the end of the address.
    This form does not work for IPv6 hosts.

    c) a network name (from /etc/networks). This form does not work fo
    IPv6 hosts.

    d) a host name. When a connection is made to xinetd, a revers
    lookup is performed, and the canoni-cal name returned is compared t
    the specified host name. You may also use domain names in the form
    of .domain.com. If the reverse lookup of the client’s IP is withi
    .domain.com, a match occurs.

    e) an ip address/netmask range in the form of 1.2.3.4/32. IPv
    address/netmask ranges in the form of 1234::/46 are also valid.

    Specifying this attribute without a value makes the service availabl
    to nobody.

    -------------------------------------- End extrac
    ----------------------------

    The samples within the man page use a space to seperate the permitte
    values, you are using comma i.e.
    only_from = 128.138.193.0 128.138.204.0

    Although the man page does not specify whether commas are permitted, s
    I am unsure if this will correct the problem!

    On the hostname issue, can the server perform a reverse lookup o
    localhost? i.e. can you ping localhost

    --
    harryedwards

+ Reply to Thread