无法在 CentOS 6.8 上打开端口 23

我刚刚从 CentOS 6.6 升级到 6.8（64 位）。我们有一个站点许可的 telnet 客户端，允许在单个数据库席位上使用多个窗口。我已禁用 SELinux 并重新启动系统。

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted
[root@localhost selinux]# 

我已经禁用了防火墙。这是xinetd.d目录中的telnet文件。

#
{
    disable = no
  bind         = 10.99.0.6
  flags        = REUSE
  wait         = no
  socket_type  = stream
  only_from    = 10.99.0.0
  user         = root
#  server       = /usr/sbin/in.telnetd
  server       = /usr/uv/bin/uvtelnetd
  log_on_failure += USERID
}

这是 iptables 文件：

[root@localhost etc]# more /etc/sysconfig/iptables# Generated by iptables-save v1.4.7 on Mon Mar 27 13:33:58 2017
*nat
:PREROUTING ACCEPT [40:5382]
:POSTROUTING ACCEPT [2:131]
:OUTPUT ACCEPT [2:131]
COMMIT
# Completed on Mon Mar 27 13:33:58 2017
# Generated by iptables-save v1.4.7 on Mon Mar 27 13:33:58 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [29:2732]
-A INPUT -p tcp -m tcp --dport 23 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -i em1 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A INPUT -p ah -j ACCEPT 
-A INPUT -p esp -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 500 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p icmp -j ACCEPT 
-A FORWARD -i lo -j ACCEPT 
-A FORWARD -i em1 -j ACCEPT 
COMMIT
# Completed on Mon Mar 27 13:33:58 2017

如果我这么做lsof，这就是我所看到的。

[root@localhost etc]# lsof -i | grep 23
cupsd      2080    root    6u  IPv6  12381      0t0  TCP localhost6.localdomain6:ipp (LISTEN)
cupsd      2080    root    7u  IPv4  12382      0t0  TCP localhost.localdomain:ipp (LISTEN)
cupsd      2080    root    9u  IPv4  12385      0t0  UDP *:ipp 
rpc.mount  2281    root   11u  IPv4  13232      0t0  UDP *:57448 
rpc.mount  2281    root   12u  IPv4  13236      0t0  TCP *:42105 (LISTEN)
pluto      2623    root   22u  IPv4  13994      0t0  UDP 10.99.0.6:isakmp 
pluto      2623    root   23u  IPv4  13995      0t0  UDP 10.99.0.6:ipsec-nat-t 
pluto      2623    root   24u  IPv4  13996      0t0  UDP localhost.localdomain:isakmp 
pluto      2623    root   25u  IPv4  13997      0t0  UDP localhost.localdomain:ipsec-nat-t 
pluto      2623    root   26u  IPv6  13998      0t0  UDP localhost6.localdomain6:isakmp 

即使我尝试从服务器控制台进行 telnet，仍然会收到“连接被拒绝”的信息。

作为 iptables 和 xinetd 的新手，我不确定我做错了什么。我该如何做？

我遵循了 Moonpoint 的建议：

[root@localhost ~]# service xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
[root@localhost ~]# netstat -an | grep 23
unix  2      [ ACC ]     STREAM     LISTENING     18013  /tmp/orbit- root/linc-e3b-0-12ce87623f7f2
unix  2      [ ACC ]     STREAM     LISTENING     12383  /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     12340  /var/lib/samba/winbindd_privileged/pipe
unix  2      [ ACC ]     STREAM     LISTENING     12337  /var/run/winbindd/pipe
unix  3      [ ]         STREAM     CONNECTED     20234  @/tmp/dbus-1a1aDNA0S2
unix  3      [ ]         STREAM     CONNECTED     20233  
unix  3      [ ]         STREAM     CONNECTED     19723  
unix  3      [ ]         STREAM     CONNECTED     19239  @/tmp/dbus-1a1aDNA0S2
unix  3      [ ]         STREAM     CONNECTED     19238  
unix  3      [ ]         STREAM     CONNECTED     18323  @/dbus-vfs-daemon/socket-9ID2XSeB
unix  3      [ ]         STREAM     CONNECTED     18232  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     18231  
unix  3      [ ]         STREAM     CONNECTED     18016  /tmp/orbit-root/linc-e3b-0-12ce87623f7f2
unix  3      [ ]         STREAM     CONNECTED     17223  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     14323  
unix  3      [ ]         STREAM     CONNECTED     12343  
unix  3      [ ]         STREAM     CONNECTED     12342  
[root@localhost ~]# 


xinetd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off

xinetd based services:
chargen-dgram:  off
chargen-stream: off
daytime-dgram:  off
daytime-stream: off
discard-dgram:  off
discard-stream: off
echo-dgram:     off
echo-stream:    off
rsync:          on
tcpmux-server:  on
telnet:         on
time-dgram:     off
time-stream:    off
[root@localhost ~]# telnet 10.99.0.6
Trying 10.99.0.6...
telnet: connect to address 10.99.0.6: Connection refused
[root@localhost ~]# telnet localhost
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
[root@localhost ~]# 

因此，即使 chkconfig 认为 telnet 正在运行，仍然有某些东西阻碍它。

戴尔