Results 1 to 7 of 7
I have configured my router at home to forward connections at port 22 to my network attached storage device which is running a SSH server. Until recently I could connect ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-09-2009 #1Linux User
- Join Date
- Aug 2005
- Location
- The Netherlands
- Posts
- 323
Is ICT blocking something or...?
I have configured my router at home to forward connections at port 22 to my network attached storage device which is running a SSH server. Until recently I could connect from my work just fine. I could also ping my router. But now I cannot do so anymore. nmap says the host appears to be up, but tells me port 22 is filtered. There are no replies to my pings, and I cannot connect through ssh.
I can ping Google just fine.Code:pecularia:/home/daan# ping xx.xx.xxx.xxx -c 3 PING xx.xx.xxx.xxx (xx.xx.xxx.xxx) 56(84) bytes of data. --- xx.xx.xxx.xxx ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms pecularia:/home/daan# nmap xx.xx.xxx.xxx -sP Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-09 15:23 CEST Host hof (xx.xx.xxx.xxx) appears to be up. Nmap done: 1 IP address (1 host up) scanned in 0.047 seconds pecularia:/home/daan# nmap xx.xx.xxx.xxx -p 22 Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-09 15:24 CEST Interesting ports on hof (xx.xx.xxx.xxx): PORT STATE SERVICE 22/tcp filtered ssh Nmap done: 1 IP address (1 host up) scanned in 0.256 seconds pecularia:/home/daan# ssh xx.xx.xxx.xxx ssh: connect to host xx.xx.xxx.xxx port 22: Connection timed out
I also have an ftp server at the network attached storage device and I can reach it, however, I cannot get directory listings, not even when in passive mode through pftp (whatever the difference is).Code:pecularia:/home/daan# ping google.nl -c3 PING google.nl (216.239.59.104) 56(84) bytes of data. 64 bytes from gv-in-f104.google.com (216.239.59.104): icmp_seq=1 ttl=244 time=25.1 ms 64 bytes from gv-in-f104.google.com (216.239.59.104): icmp_seq=2 ttl=244 time=25.9 ms 64 bytes from gv-in-f104.google.com (216.239.59.104): icmp_seq=3 ttl=244 time=25.4 ms --- google.nl ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2015ms rtt min/avg/max/mdev = 25.129/25.490/25.901/0.317 ms pecularia:/home/daan#
Is the ftp server replying with its local ip addres, is that causing a problem?Code:Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-09 16:02 CEST Interesting ports on hof (xx.xx.xxx.xxx): PORT STATE SERVICE 21/tcp open ftp Nmap done: 1 IP address (1 host up) scanned in 0.068 seconds pecularia:/home/daan# ftp hof Connected to hof. 220 ProFTPD 1.3.2rc1 Server (LaCie) [192.168.2.1] Name (hof:root): admin 331 Password required for admin Password: 230 User admin logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful 425 Unable to build data connection: Connection refused ftp> cd /home 550 /home: No such file or directory ftp> bye 221 Goodbye. pecularia:/home/daan# pftp hof Connected to hof. 220 ProFTPD 1.3.2rc1 Server (LaCie) [192.168.2.1] Name (hof:root): admin 331 Password required for admin Password: 230 User admin logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (xx,xx,xxx,xxx,12,6). ftp: connect: No route to host ftp> cd /home 550 /home: No such file or directory ftp> bye 221 Goodbye.
My question is: does it look like the computer guys at work are blocking traffic to ports they think are not needed? Is that normal?OS's I use: Debian testing, Debian stable, Ubuntu, OpenSuse 12.1, Windows 7, Windows Vista, Windows XP
- 06-09-2009 #2Linux Engineer
- Join Date
- Mar 2007
- Location
- The Netherlands
- Posts
- 1,049
Weird problem? You can't ping, can't ssh, but can ftp (weird errors). But not like you used to. Hmmmm
Originally Posted by Daan
As for your question. Yeah, it's normal that outbound traffic is filtered. Can you do the same things from another location? A friends house or something? I mean, pinging and connecting through ssh? I take it from the working ftp command that you do have the right IP address (so it's not your ISP who gave you a new DHCP lease).
Or! On the receiving side, the server... can it be a firewall issue?
But it seems plausible it's related to your companies gateway settings.Can't tell an OS by it's GUI
- 06-09-2009 #3Linux User
- Join Date
- Aug 2005
- Location
- The Netherlands
- Posts
- 323
I can logon to a free shell account at sdf-eu.org through ssh. From that server I get the same problems when connecting to my home.
The server does not have the ftp client.Code:$ ping -c3 google.nl PING google.nl (216.239.59.104): 56 data bytes 64 bytes from 216.239.59.104: icmp_seq=0 ttl=239 time=175.125 ms 64 bytes from 216.239.59.104: icmp_seq=1 ttl=239 time=210.869 ms 64 bytes from 216.239.59.104: icmp_seq=2 ttl=239 time=182.092 ms ----google.nl PING Statistics---- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 175.125/189.362/210.869/18.949 ms $ ping -c3 xx.xx.xxx.xxx PING ipxxxxxxxxxx.speed.planet.nl (xx.xx.xxx.xxx): 56 data bytes ----ipxxxxxxxxxx.speed.planet.nl PING Statistics---- 3 packets transmitted, 0 packets received, 100.0% packet loss $ ssh xx.xx.xxx.xxx ssh: connect to host xx.xx.xxx.xxx port 22: Connection timed out $
Maybe I've messed up the port forwarding settings of my router. I'll see when I get home. Still strange that I cannot ping.OS's I use: Debian testing, Debian stable, Ubuntu, OpenSuse 12.1, Windows 7, Windows Vista, Windows XP
- 06-09-2009 #4Linux User
- Join Date
- Aug 2005
- Location
- The Netherlands
- Posts
- 323
OK, so indeed I misconfigured the port forwarding. Still no pinging, tho'. Sorry and thanks for your reply. :]
OS's I use: Debian testing, Debian stable, Ubuntu, OpenSuse 12.1, Windows 7, Windows Vista, Windows XP
- 06-09-2009 #5Linux Engineer
- Join Date
- Mar 2007
- Location
- The Netherlands
- Posts
- 1,049
Sure, no problem! Originally Posted by Daan
Some routers are set up to drop incoming ping requests. Ya might call it 'stealth mode', and you can probably change that from the webinterface.
If you want, you can scan your system with ShieldsUP (online portscanner), and note that your system not responding to ping is not necessarily a Bad Thing.Can't tell an OS by it's GUI
- 06-09-2009 #6Linux User
- Join Date
- Aug 2005
- Location
- The Netherlands
- Posts
- 323
Nice online tool. Similar to nmap, but with comments by a friendly Steve.
I had changed the port for ssh to some high number, but forgot about it. I changed it because everyday people were trying to get in by guessing user names and passwords. This Steve is right: the net is full of scum.OS's I use: Debian testing, Debian stable, Ubuntu, OpenSuse 12.1, Windows 7, Windows Vista, Windows XP
- 06-10-2009 #7Linux User
- Join Date
- Aug 2005
- Location
- The Netherlands
- Posts
- 323
Hmm...
From a shell on a server elsewhere (to which I connect from work) I can connect to my ssh server at home:
When I copy-paste the same command and run it on my desktop at work, I cannot connect:Code:$ ssh -p 2222 wortel@xx.xx.xxx.xxx wortel@xx.xx.xxx.xxx's password: BusyBox v1.1.0 (2006.11.03-14:53+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. HAL /home #
Code:daan@pecularia:~$ ssh -p 2222 wortel@xx.xx.xxx.xxx ssh: connect to host xx.xx.xxx.xxx port 2222: No route to host daan@pecularia:~$
OS's I use: Debian testing, Debian stable, Ubuntu, OpenSuse 12.1, Windows 7, Windows Vista, Windows XP
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
