[WBEL-users] SWAT Webpage

Kirby Bohling kbohling@birddog.com
Wed, 1 Sep 2004 15:39:56 -0500 

On Wed, Sep 01, 2004 at 10:21:02PM +0200, Julian Wareley wrote:
> Hi there,
> 
> I am new to the CLUG chat and my name is Julian Wareley, a
> struggling Linux User for the past 4 years. I have been trying to
> set up a WBEL 3.0 Server at home recently. For some reason when
> trying to access http://localhost:901/ for SWAT, Mozilla (or any
> browser) says "The connection was refused"  I used SUSE 9.1 and
> 7.3 before and didn't even have to setup anything to access SWAT.
> I have checked my xinetd configuration, setup a swap file in the
> xinetd folder, setup the swap entry in my /etc/services folder,
> but to no avail. 
> 
> Just take a shot in the dark, to see if any of you, have had the
> same problem.

Julian,

	Okay, you have several places their can be a problem.  My
initial wild guess is that you picked "High Security Firewall".
That's been the cause of more problems then anything else I know of
in terms of problems with RedHat networking after initial
installation.  If I had to trouble shoot this problem, I do it this
way:

Simple things to check as root run this:

netstat -l -n -p | grep ":901"

netstat will tell you about your network connections.  "-l" means to
list all of the ports that are in the "LISTEN" state.  "-n" means to
list the IP's and ports as numbers.  "-p" tells it to list the name
of the process (this only works if you run as root).

So for example, here's a way to see what is listening on port "22".

[root@hawk root]# netstat -l -n -p | grep ":22"
tcp        0      0 0.0.0.0:22              0.0.0.0:* LISTEN      1507/sshd

I don't know anything about SWAT, but if you don't see anything
listening on port 901 that's your problem.  Try running this
command:

chkconfig --list swat

if it outputs this:

swat            off

That's your problem, do this:

chkconfig swat on

At this point, if it still doesn't work, then your problem is
probably a firewall/acl problem.  The xinetd config, the TCP
Wrappers files:

/etc/hosts.allow
/etc/hosts.deny

The are described well in the man pages (man 5 hosts_access).  I
doubt this is the problem unless you fiddled with those files.  By
default I'm guessing those files don't deny access to anything.

Also you'll need to consult with the iptables output.  This is where
I'll bet the problem is.  If you picked "HIGH" security, I believe
the default policy is "DENY" for all packages.  So you'd have to add
port 901 to your list of allowable ports.  I don't use the RH GUI
tools for this, I just do it via the commands.

iptables -L, you'll want to make check to see if you are allowed to
access that port.  Describing what how to do that is beyond the
scope of this e-mail.  If you just post the output of iptables -L
it'd be easy for someone to see what is going on.

I took my stock WBEL3 machine did "chkconfig swat on", I connected
up to it via mozilla, "http://localhost:901".  It immediatly asked
me for a password, logging in as root got me access to it.  So I can
confirm that SWAT works out of the box with virtually no
configuration other then turning it on.

	Kirby



> 
> Thanks in advance.
> Julian W.
> julian@teleassist.com
> 0732060158