Can Ping, but nothing else works on home net

[Gooserider]

If this should be in a different area, or has a known solution, please feel free to move or point me in the right direction as needed.

I have a home network, all hardwired Cat5e 10/100BaseT. There are three Linux boxes and one Windows box connected to the net. (I have no interest in supporting the Windows box, it's the GF's work machine) The central connection is a Unisys 4-port router/switch, which also provides connectivity/NAT/firewall to our Comcast cable modem.

The router/switch gets it's internet IP via DHCP from Comcast, and supplies internal net addresses via DHCP to the connected boxes. (192.168.1.*)

All boxes can ping the internet, all boxes can ping each other and themselves. Attempting to ping a non-existent local address gives an error (as expected) All boxes can browse the web. This tells me that there isn't any problem with the hardware or presumably the router/switch configuration.

NOTHING else will work between the boxes! I can't rlogin, ssh, rshell, ftp, rcp, etc, as all I get are error messages.

Currently, the three boxes are configured as follows:
1. My 'Main box' - goosecrate - 192.168.1.2 - running Ubuntu 4.10
2. My 'Test box' - gosling - 192.168.1.4 - running Gentoo, newly installed and updated
3. The GF's box - brick - 192.168.1.3 - running Red Hat 7.2

What I'm after is the following:
1. Allowing my main box to function as a print server since it's connected to our only currently working printer,
2. Backing up the boxes across the local net to the other machines so that I can upgrade them without risking data loss. (probably all to Gentoo)
3. Being able to shift files from one machine to another without e-mailing or sneaker-netting them.
Nice to have...
4. Possibly allowing the GF to remotely access her box over the internet IFF I can do so without putting the rest of the machines at a security risk.

My typical networking configuration files are as follows, w/ most comments removed

Code:

goosecrate:/etc $ cat host.conf
order hosts,bind
multi on

goosecrate:/etc $ cat hostname
goosecrate

goosecrate:/etc $ cat hosts
127.0.0.1       localhost.localdomain   localhost       goosecrate
# The following lines are desirable for IPv6 capable hosts (this stuff commented
# out on other machines)
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

goosecrate:/etc $ cat hosts.allow
# I'm not sure if the *'s on the ends of the addresses are correct, my 
# understanding of the man pages suggests they aren't needed, but I added 
# them at the suggestion of another user, they didn't seem to make a 
# difference.
ALL:192.168.1.*
portmap:192.168.1.*

goosecrate:/etc $ cat hosts.deny
ALL: PARANOID
ALL:ALL

When I try to do anything else, this is the kind of response I get:

Code:

goosecrate:~/$ ssh 192.168.1.4 
ssh: connect to host 192.168.1.4 port 22: Connection refused 
goosecrate:~/$ rlogin 192.168.1.4 
ssh: connect to host 192.168.1.4 port 22: Connection refused 
goosecrate:~/$ ftp 192.168.1.4 
ftp: connect: Connection refused 
ftp> exit 
goosecrate:~/$ rcp ~/veggies 192.168.1.4:/home/
ssh: connect to host 192.168.1.4 port 22: Connection refused 
lost connection 
goosecrate:~/$ ping 192.168.1.4 
PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data. 
64 bytes from 192.168.1.4: icmp_seq=1 ttl=64 time=0.382 ms 
64 bytes from 192.168.1.4: icmp_seq=2 ttl=64 time=0.428 ms 
64 bytes from 192.168.1.4: icmp_seq=3 ttl=64 time=0.355 ms 

--- 192.168.1.4 ping statistics --- 
3 packets transmitted, 3 received, 0% packet loss, time 2003ms 
rtt min/avg/max/mdev = 0.355/0.388/0.428/0.034 ms

I get the same type of response with or without the /etc/hosts.[allow-deny] files in place. What am I missing? I suspect it's probably something simple and obvious, but I can't figure out what it is.

TIA

ART

[Weedman]

your firewall on each computer might be blocking the incoming connections.

and also, for the "Looking for distro that will work faster on old H/W." line in your sig, check out slackware. stable and fast (esp. on older hardware).

[Gooserider]

your firewall on each computer might be blocking the incoming connections.

AFAIK, I'm not doing much of anything on any of the machines for firewalling, all of that is supposedly being taken care of by the router/switch. I know that I haven't knowingly emerged anything on the Gentoo test box that called itself a firewall , and I haven't found anything on the Ubuntu box that talks about having one or configuring it...

I need to look into it further, but I'm not sure where to start looking.

and also, for the "Looking for distro that will work faster on old H/W." line in your sig, check out slackware. stable and fast (esp. on older hardware).

I've thought about slack, but I'm not sure I have the hacking / sysadmin background I keep hearing you need to work with a distro that needs as much manual setup as I hear slack needs. Right now I'm thinking in terms of going all Gentoo, but I need to get this communication thing solved so I can back up the machines and not risk all my personal data.

I may have found a few hints about the printing thing, looks like I need to do some serious playing with my cups.conf file.

Gooserider

[anomie]

Well... are you running sshd daemons on those boxes?

Code:

netstat -atun

Did you poke a hole in the firewall for port 22?

P.S. I would be careful with those host.allow / host.deny files. The default configuration would have been better for testing.

At least for now I would add to the top of /etc/hosts.allow:

Code:

sshd : 192.168.1.0/255.255.255.0 : ALLOW

[Gooserider]

Well... are you running sshd daemons on those boxes?

Code:

netstat -atun

I don't think I am, I know that I haven't set them up. (Not sure what might have been configured by default, and I get secure web transactions in my browser OK)
When I did the command you gave, this is what I got on the Ubuntu box:

Code:

netstat -atun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:781           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:111           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        1      0 127.0.0.1:4205          127.0.0.1:631           CLOSE_WAIT
tcp        1      0 127.0.0.1:4206          127.0.0.1:631           CLOSE_WAIT
tcp        1      0 127.0.0.1:4209          127.0.0.1:631           CLOSE_WAIT
tcp        0      0 192.168.1.2:1473        216.148.227.80:110      TIME_WAIT
tcp6       0      0 ::1:25                  :::*                    LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 127.0.0.1:111           0.0.0.0:*

The Gentoo test box shows a tcp port on 631, listening, and UDP ports w/ no state on 1024,1025,68 & 631, all w/ local address of 0.0.0.0:<port> and foreign address of 0.0.0.0:*

Did you poke a hole in the firewall for port 22?

???? As I said, I'm not sure I'm even running a firewall other than the one on the router-switch, which AFAIK is supposed to let anything go between machines on the local net, but block anything coming off the internet - at least that's the way I want it for now...

P.S. I would be careful with those host.allow / host.deny files. The default configuration would have been better for testing.

Well, the host.allow/deny files were my first effort, at first I thought that was my problem...

At least for now I would add to the top of /etc/hosts.allow:

Code:

sshd : 192.168.1.0/255.255.255.0 : ALLOW

Will do, but I'm curious as to whether there is a reason to prefer the netmask pattern that you used as opposed to the wild card 192.168.1.* pattern that I used? Seems like both would work judging by the man page, and it seems better / less confusing to keep all the addresses to the same format as much as possible.

Gooserider

[anomie]

I asked because in order to connect to a Linux box via ssh client, for example, you of course need to be running sshd on that box. And you can not be filtering out traffic to port 22 (at least from that client). So both will have to change before this will work.

As for the netmask vs. wildcard usage in /etc/hosts.allow, I would just use whichever you're more comfortable with. (That's what I do.)