Find the answer to your Linux question:
Results 1 to 7 of 7
Hi folks, Just played around ssh with following network setup. Archlinux workstation hostname - arch.satimis.com LAN IP - 192.168.0.2 Ubuntu 7.04 server hostname - mail.satimis.com LAN IP - 192.168.0.10 Router ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,787

    ssh not working


    Hi folks,


    Just played around ssh with following network setup.


    Archlinux workstation
    hostname - arch.satimis.com
    LAN IP - 192.168.0.2

    Ubuntu 7.04 server
    hostname - mail.satimis.com
    LAN IP - 192.168.0.10

    Router
    port 22-25 forwarded to 192.168.0.10


    On Arch workstation
    $ ssh mail.satimis.com (OR www. satimis.com)
    after login Arch can ssh-connect Ubuntu

    exited


    But now;
    $ ssh 192.168.0.10
    can't connect Ubuntu. No response, just hanging on the screen.


    $ ls /var/log/
    Code:
    Xorg.0.log      crond         everything.log    lastlog         syslog.log.2
    Xorg.0.log.old  crond.1       everything.log.1  mail.log        user.log
    acpid.log       crond.2       everything.log.2  messages.log    user.log.1
    acpid.log.1     daemon.log    faillog           messages.log.1  user.log.2
    acpid.log.2     daemon.log.1  gdm               messages.log.2  wtmp
    auth.log        daemon.log.2  httpd             old
    auth.log.1      errors.log    kernel.log        pacman.log
    auth.log.2      errors.log.1  kernel.log.1      syslog.log
    btmp            errors.log.2  kernel.log.2      syslog.log.1
    Please advise which log file shall I check? How to fix the problem? TIA

    Remark: port 22 forwarding removed


    B.R.
    satimis

  2. #2
    Linux Newbie athlon_crazy's Avatar
    Join Date
    Sep 2007
    Location
    Malaysia
    Posts
    132
    1)check your /var/log/messages & syslog

    2)Check current service running & listening $netstat -tulpn

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,787
    Quote Originally Posted by athlon_crazy View Post
    1)check your /var/log/messages & syslog

    2)Check current service running & listening $netstat -tulpn
    Thanks for your advice.

    Problem solved as follow:-

    With this iptables rule
    Code:
    -A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP
    ssh doesn't work on LAN. But it works on WAN with port 22 forwarded. How to adjust it allowing ssh works both on LAN and WAN? TIA


    satimis

  4. #4
    Linux Newbie athlon_crazy's Avatar
    Join Date
    Sep 2007
    Location
    Malaysia
    Posts
    132
    List your input rules
    $~:iptables -t filter -L INPUT

    Delete previous rule!
    $~:iptables -t filter -D INPUT n

    n=no. of above rule (-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP). let say, your above rule at line 10.

    $~:iptables -t filter -D INPUT 10

    or you can allow ssh only LAN & WAN
    $~:iptables -A INPUT -p tcp --dport 22 -j ACCEPT

  5. #5
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,787
    Quote Originally Posted by athlon_crazy View Post
    List your input rules
    $~:iptables -t filter -L INPUT

    Delete previous rule!
    $~:iptables -t filter -D INPUT n

    n=no. of above rule (-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP). let say, your above rule at line 10.

    $~:iptables -t filter -D INPUT 10

    or you can allow ssh only LAN & WAN
    $~:iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    Performed following test;

    $ sudo gedit /etc/iptables/iptables.rules
    uncomment the line;
    #-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP


    $ sudo /etc/rc.d/iptables save
    Code:
    :: Saving IP Tables                                                                                  [DONE]
    $ sudo /etc/rc.d/iptables restart
    Code:
    :: Stopping IP Tables                                                                                  [DONE] 
    :: Starting IP Tables                                                                                  [DONE]

    $ sudo iptables -t filter -L INPUT
    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    DROP       icmp --  anywhere             anywhere            icmp address-mask-reply 
    DROP       icmp --  anywhere             anywhere            icmp address-mask-request 
    DROP       icmp --  anywhere             anywhere            icmp router-solicitation 
    DROP       icmp --  anywhere             anywhere            icmp router-advertisement 
    DROP       icmp --  anywhere             anywhere            icmp redirect 
    DROP       all  --  127.0.0.0/8          anywhere            
    DROP       all  --  172.16.0.0/12        anywhere            
    DROP       all  --  10.0.0.0/8           anywhere            
    ACCEPT     icmp --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    interfaces  all  --  anywhere             anywhere            
    open       all  --  anywhere             anywhere            
    REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset 
    REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable 
    DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
    DROP       all  -f  anywhere             anywhere            
    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
    Can't find that no.


    However strangely this time;

    On Ubuntu
    $ ssh 192.168.0.2
    can connect archlinux


    satimis

  6. #6
    Linux Newbie athlon_crazy's Avatar
    Join Date
    Sep 2007
    Location
    Malaysia
    Posts
    132
    definately, u uncomment it edi!

    $ sudo gedit /etc/iptables/iptables.rules
    uncomment the line;
    #-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP

  7. #7
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,787
    Quote Originally Posted by athlon_crazy View Post
    definately, u uncomment it edi!

    $ sudo gedit /etc/iptables/iptables.rules
    uncomment the line;
    #-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP
    Before the said line has to be commented out. Otherwise it can't work.

    Upon reading you last post I uncommented the said line and then ran;

    $ sudo /etc/rc.d/iptables.rules save

    The said line was deleted automatically. It is quite strange to me. I just repeated twice to confirm the same.


    satimis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •