Find the answer to your Linux question:
Results 1 to 6 of 6
If this should be in a different area, or has a known solution, please feel free to move or point me in the right direction as needed. I have a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2005
    Location
    Billerica, MA, USA (Near Boston)
    Posts
    3

    Unhappy Can Ping, but nothing else works on home net


    If this should be in a different area, or has a known solution, please feel free to move or point me in the right direction as needed.

    I have a home network, all hardwired Cat5e 10/100BaseT. There are three Linux boxes and one Windows box connected to the net. (I have no interest in supporting the Windows box, it's the GF's work machine) The central connection is a Unisys 4-port router/switch, which also provides connectivity/NAT/firewall to our Comcast cable modem.

    The router/switch gets it's internet IP via DHCP from Comcast, and supplies internal net addresses via DHCP to the connected boxes. (192.168.1.*)

    All boxes can ping the internet, all boxes can ping each other and themselves. Attempting to ping a non-existent local address gives an error (as expected) All boxes can browse the web. This tells me that there isn't any problem with the hardware or presumably the router/switch configuration.

    NOTHING else will work between the boxes! I can't rlogin, ssh, rshell, ftp, rcp, etc, as all I get are error messages.

    Currently, the three boxes are configured as follows:
    1. My 'Main box' - goosecrate - 192.168.1.2 - running Ubuntu 4.10
    2. My 'Test box' - gosling - 192.168.1.4 - running Gentoo, newly installed and updated
    3. The GF's box - brick - 192.168.1.3 - running Red Hat 7.2

    What I'm after is the following:
    1. Allowing my main box to function as a print server since it's connected to our only currently working printer,
    2. Backing up the boxes across the local net to the other machines so that I can upgrade them without risking data loss. (probably all to Gentoo)
    3. Being able to shift files from one machine to another without e-mailing or sneaker-netting them.
    Nice to have...
    4. Possibly allowing the GF to remotely access her box over the internet IFF I can do so without putting the rest of the machines at a security risk.

    My typical networking configuration files are as follows, w/ most comments removed
    Code:
    goosecrate:/etc $ cat host.conf
    order hosts,bind
    multi on
    
    goosecrate:/etc $ cat hostname
    goosecrate
    
    goosecrate:/etc $ cat hosts
    127.0.0.1       localhost.localdomain   localhost       goosecrate
    # The following lines are desirable for IPv6 capable hosts (this stuff commented
    # out on other machines)
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    
    goosecrate:/etc $ cat hosts.allow
    # I'm not sure if the *'s on the ends of the addresses are correct, my 
    # understanding of the man pages suggests they aren't needed, but I added 
    # them at the suggestion of another user, they didn't seem to make a 
    # difference.
    ALL:192.168.1.*
    portmap:192.168.1.*
    
    goosecrate:/etc $ cat hosts.deny
    ALL: PARANOID
    ALL:ALL
    When I try to do anything else, this is the kind of response I get:
    Code:
    goosecrate:~/$ ssh 192.168.1.4 
    ssh: connect to host 192.168.1.4 port 22: Connection refused 
    goosecrate:~/$ rlogin 192.168.1.4 
    ssh: connect to host 192.168.1.4 port 22: Connection refused 
    goosecrate:~/$ ftp 192.168.1.4 
    ftp: connect: Connection refused 
    ftp> exit 
    goosecrate:~/$ rcp ~/veggies 192.168.1.4:/home/
    ssh: connect to host 192.168.1.4 port 22: Connection refused 
    lost connection 
    goosecrate:~/$ ping 192.168.1.4 
    PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data. 
    64 bytes from 192.168.1.4: icmp_seq=1 ttl=64 time=0.382 ms 
    64 bytes from 192.168.1.4: icmp_seq=2 ttl=64 time=0.428 ms 
    64 bytes from 192.168.1.4: icmp_seq=3 ttl=64 time=0.355 ms 
    
    --- 192.168.1.4 ping statistics --- 
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms 
    rtt min/avg/max/mdev = 0.355/0.388/0.428/0.034 ms
    I get the same type of response with or without the /etc/hosts.[allow-deny] files in place. What am I missing? I suspect it's probably something simple and obvious, but I can't figure out what it is.

    TIA

    ART

  2. #2
    Linux Enthusiast Weedman's Avatar
    Join Date
    May 2005
    Location
    Tasmania, Australia
    Posts
    640
    your firewall on each computer might be blocking the incoming connections.

    and also, for the "Looking for distro that will work faster on old H/W." line in your sig, check out slackware. stable and fast (esp. on older hardware).
    "Time has more than one meaning, and is more than one dimension" - /.unknown
    --Registered Linux user #396583--

  3. #3
    Just Joined!
    Join Date
    Dec 2005
    Location
    Billerica, MA, USA (Near Boston)
    Posts
    3

    Could be, but I don't think it is...

    Quote Originally Posted by Weedman
    your firewall on each computer might be blocking the incoming connections.
    AFAIK, I'm not doing much of anything on any of the machines for firewalling, all of that is supposedly being taken care of by the router/switch. I know that I haven't knowingly emerged anything on the Gentoo test box that called itself a firewall , and I haven't found anything on the Ubuntu box that talks about having one or configuring it...

    I need to look into it further, but I'm not sure where to start looking.

    Quote Originally Posted by Weedman
    and also, for the "Looking for distro that will work faster on old H/W." line in your sig, check out slackware. stable and fast (esp. on older hardware).
    I've thought about slack, but I'm not sure I have the hacking / sysadmin background I keep hearing you need to work with a distro that needs as much manual setup as I hear slack needs. Right now I'm thinking in terms of going all Gentoo, but I need to get this communication thing solved so I can back up the machines and not risk all my personal data.

    I may have found a few hints about the printing thing, looks like I need to do some serious playing with my cups.conf file.

    Gooserider

  4. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Well... are you running sshd daemons on those boxes?

    Code:
    netstat -atun
    Did you poke a hole in the firewall for port 22?

    P.S. I would be careful with those host.allow / host.deny files. The default configuration would have been better for testing.

    At least for now I would add to the top of /etc/hosts.allow:
    Code:
    sshd : 192.168.1.0/255.255.255.0 : ALLOW

  5. #5
    Just Joined!
    Join Date
    Dec 2005
    Location
    Billerica, MA, USA (Near Boston)
    Posts
    3
    Quote Originally Posted by anomie
    Well... are you running sshd daemons on those boxes?
    Code:
    netstat -atun
    I don't think I am, I know that I haven't set them up. (Not sure what might have been configured by default, and I get secure web transactions in my browser OK)
    When I did the command you gave, this is what I got on the Ubuntu box:
    Code:
    netstat -atun
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 127.0.0.1:781           0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:111           0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
    tcp        1      0 127.0.0.1:4205          127.0.0.1:631           CLOSE_WAIT
    tcp        1      0 127.0.0.1:4206          127.0.0.1:631           CLOSE_WAIT
    tcp        1      0 127.0.0.1:4209          127.0.0.1:631           CLOSE_WAIT
    tcp        0      0 192.168.1.2:1473        216.148.227.80:110      TIME_WAIT
    tcp6       0      0 ::1:25                  :::*                    LISTEN
    udp        0      0 0.0.0.0:68              0.0.0.0:*
    udp        0      0 127.0.0.1:111           0.0.0.0:*
    The Gentoo test box shows a tcp port on 631, listening, and UDP ports w/ no state on 1024,1025,68 & 631, all w/ local address of 0.0.0.0:<port> and foreign address of 0.0.0.0:*

    Quote Originally Posted by anomie
    Did you poke a hole in the firewall for port 22?
    ???? As I said, I'm not sure I'm even running a firewall other than the one on the router-switch, which AFAIK is supposed to let anything go between machines on the local net, but block anything coming off the internet - at least that's the way I want it for now...

    Quote Originally Posted by anomie
    P.S. I would be careful with those host.allow / host.deny files. The default configuration would have been better for testing.
    Well, the host.allow/deny files were my first effort, at first I thought that was my problem...

    Quote Originally Posted by anomie
    At least for now I would add to the top of /etc/hosts.allow:
    Code:
    sshd : 192.168.1.0/255.255.255.0 : ALLOW
    Will do, but I'm curious as to whether there is a reason to prefer the netmask pattern that you used as opposed to the wild card 192.168.1.* pattern that I used? Seems like both would work judging by the man page, and it seems better / less confusing to keep all the addresses to the same format as much as possible.

    Gooserider

  6. #6
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    I asked because in order to connect to a Linux box via ssh client, for example, you of course need to be running sshd on that box. And you can not be filtering out traffic to port 22 (at least from that client). So both will have to change before this will work.

    As for the netmask vs. wildcard usage in /etc/hosts.allow, I would just use whichever you're more comfortable with. (That's what I do.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •