From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2smp i686; en-US; rv:0.9+) Gecko/20010520 Description of problem: This system was installed with workstation configuration and medium security. When using rsh as a CLIENT from this system I get different failures from different brands of servers: - AIX 3.4: The client hangs. (I set up an input rule in ipchains to watch and accept packets from this particular server machine.) The server sends 3 TCP packets and hangs. After a control-C, a final 4th packet is sent. - Solaris 2.7: "poll: protocol failure in circuit setup" is recieved and I'm kicked back to the prompt. 4 tcp packets received from this server. How reproducible: Always Steps to Reproduce: 1./usr/bin/rsh machine command 2. 3. Actual Results: AIX: hang Solaris: "poll: protocol failure in circuit setup" Expected Results: Expected results of "command" Additional info:
Interessting problem, i suspect it has something to do with the ipchains rules... As we don't have any Solaris or AIX machines around here it would be a big help if you could reproduce this problem in a Linux-only environment so that i can reproduce it locally here. If this is not an option it would help a lot if you could send me the ipchains rules of the client machine and maybe the tcpdump output when you run rsh. Thanks in advance for all additional info, Read ya, Phil
You were right. I didn't have my rules for my servers high enough on the chain. The packets I was getting were icmp, the general rule to reject innitiation of tcp <1024 refused the tcp connections. When I placed my rules higher in the chain, the tcp packets got through. rcp worked just fine because it does all of its work over one tcp connection which is innitiated from my workstation. rsh on the other hand requires two connections... one for data and one for control. The first connection for the rsh client is set up by my workstation. The SERVER then tries to innitiate the second connection to send the data, but is promptly rejected by the medium security firewall rules. This is certainly not an rsh bug. The rsh client (not the server) might be something that is added to the optional services that are allowed when setting up the medium security. The RedHat installation procedure already has options for exceptions like ssh, X, http, etc. Im not sure if rsh is the only command that uses 1022 though so it might not be a good idea. Sorry to bother you. Dave
Hi Dave! I'm closing this as NOTABUG then as this has been more of a setup problem, ok? Thanks for reporting, Read ya, Phil