ssh not working

**satimis** · 02-18-2008

Hi folks,

Just played around ssh with following network setup.

Archlinux workstation
hostname - arch.satimis.com
LAN IP - 192.168.0.2

Ubuntu 7.04 server
hostname - mail.satimis.com
LAN IP - 192.168.0.10

Router
port 22-25 forwarded to 192.168.0.10

On Arch workstation
$ ssh mail.satimis.com (OR www. satimis.com)
after login Arch can ssh-connect Ubuntu

exited

But now;
$ ssh 192.168.0.10
can't connect Ubuntu. No response, just hanging on the screen.

$ ls /var/log/

Code:

Xorg.0.log      crond         everything.log    lastlog         syslog.log.2
Xorg.0.log.old  crond.1       everything.log.1  mail.log        user.log
acpid.log       crond.2       everything.log.2  messages.log    user.log.1
acpid.log.1     daemon.log    faillog           messages.log.1  user.log.2
acpid.log.2     daemon.log.1  gdm               messages.log.2  wtmp
auth.log        daemon.log.2  httpd             old
auth.log.1      errors.log    kernel.log        pacman.log
auth.log.2      errors.log.1  kernel.log.1      syslog.log
btmp            errors.log.2  kernel.log.2      syslog.log.1

Please advise which log file shall I check? How to fix the problem? TIA

Remark: port 22 forwarding removed

B.R.
satimis

**athlon_crazy** · 02-21-2008

1)check your /var/log/messages & syslog

2)Check current service running & listening $netstat -tulpn

**satimis** · 02-21-2008

Originally Posted by athlon_crazy

1)check your /var/log/messages & syslog

2)Check current service running & listening $netstat -tulpn

Thanks for your advice.

Problem solved as follow:-

With this iptables rule

Code:

-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP

ssh doesn't work on LAN. But it works on WAN with port 22 forwarded. How to adjust it allowing ssh works both on LAN and WAN? TIA

satimis

**athlon_crazy** · 02-22-2008

List your input rules
$~:iptables -t filter -L INPUT

Delete previous rule!
$~:iptables -t filter -D INPUT n

n=no. of above rule (-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP). let say, your above rule at line 10.

$~:iptables -t filter -D INPUT 10

or you can allow ssh only LAN & WAN
$~:iptables -A INPUT -p tcp --dport 22 -j ACCEPT

**satimis** · 02-23-2008

Originally Posted by athlon_crazy

List your input rules
$~:iptables -t filter -L INPUT

Delete previous rule!
$~:iptables -t filter -D INPUT n

n=no. of above rule (-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP). let say, your above rule at line 10.

$~:iptables -t filter -D INPUT 10

or you can allow ssh only LAN & WAN
$~:iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Performed following test;

$ sudo gedit /etc/iptables/iptables.rules
uncomment the line;
#-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP

$ sudo /etc/rc.d/iptables save

Code:

:: Saving IP Tables                                                                                  [DONE]

$ sudo /etc/rc.d/iptables restart

Code:

:: Stopping IP Tables                                                                                  [DONE] 
:: Starting IP Tables                                                                                  [DONE]

$ sudo iptables -t filter -L INPUT

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere            icmp address-mask-reply 
DROP       icmp --  anywhere             anywhere            icmp address-mask-request 
DROP       icmp --  anywhere             anywhere            icmp router-solicitation 
DROP       icmp --  anywhere             anywhere            icmp router-advertisement 
DROP       icmp --  anywhere             anywhere            icmp redirect 
DROP       all  --  127.0.0.0/8          anywhere            
DROP       all  --  172.16.0.0/12        anywhere            
DROP       all  --  10.0.0.0/8           anywhere            
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
interfaces  all  --  anywhere             anywhere            
open       all  --  anywhere             anywhere            
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset 
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       all  -f  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE

Can't find that no.

However strangely this time;

On Ubuntu
$ ssh 192.168.0.2
can connect archlinux

satimis

**athlon_crazy** · 02-23-2008

definately, u uncomment it edi!

$ sudo gedit /etc/iptables/iptables.rules
uncomment the line;
#-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP

**satimis** · 02-23-2008

Originally Posted by athlon_crazy

definately, u uncomment it edi!

$ sudo gedit /etc/iptables/iptables.rules
uncomment the line;
#-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP

Before the said line has to be commented out. Otherwise it can't work.

Upon reading you last post I uncommented the said line and then ran;

$ sudo /etc/rc.d/iptables.rules save

The said line was deleted automatically. It is quite strange to me. I just repeated twice to confirm the same.

satimis

Thread Tools

Display

ssh not working

Posting Permissions