From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2smp i686; en-US; rv:0.9+)
Description of problem:
This system was installed with workstation configuration and medium security.
When using rsh as a CLIENT from this system I get different failures from
different brands of servers:
- AIX 3.4: The client hangs. (I set up an input rule in ipchains to watch
and accept packets from this particular server machine.) The server sends
3 TCP packets and hangs. After a control-C, a final 4th packet is sent.
- Solaris 2.7: "poll: protocol failure in circuit setup" is recieved and
I'm kicked back to the prompt. 4 tcp packets received from this server.
Steps to Reproduce:
1./usr/bin/rsh machine command
Actual Results: AIX: hang
Solaris: "poll: protocol failure in circuit setup"
Expected Results: Expected results of "command"
Interessting problem, i suspect it has something to do with the ipchains rules...
As we don't have any Solaris or AIX machines around here it would be a big help
if you could reproduce this problem in a Linux-only environment so that i can
reproduce it locally here.
If this is not an option it would help a lot if you could send me the ipchains
rules of the client machine and maybe the tcpdump output when you run rsh.
Thanks in advance for all additional info,
Read ya, Phil
You were right. I didn't have my rules for my servers high enough on the chain.
The packets I was getting were icmp, the general rule to reject innitiation of
tcp <1024 refused the tcp connections. When I placed my rules higher in the
chain, the tcp packets got through.
rcp worked just fine because it does all of its work over one tcp connection
which is innitiated from my workstation.
rsh on the other hand requires two connections... one for data and one for
control. The first connection for the rsh client is set up by my workstation.
The SERVER then tries to innitiate the second connection to send the data, but
is promptly rejected by the medium security firewall rules.
This is certainly not an rsh bug.
The rsh client (not the server) might be something that is added to the optional
services that are allowed when setting up the medium security. The RedHat
installation procedure already has options for exceptions like ssh, X, http, etc.
Im not sure if rsh is the only command that uses 1022 though so it might not be
a good idea.
Sorry to bother you.
I'm closing this as NOTABUG then as this has been more of a setup problem, ok?
Thanks for reporting,
Read ya, Phil