can't ping or ssh from remote machine to local machine

[henry6768]

Currently, I can't ping or ssh from a remote machine across Internet
to my local machine but I can ping/ssh from the local to the remote. My
local machine
has a cable internet service provider and a wireless router. I've already
tried unplugging the cable and the router and restarting, and I've tried
shutting off the firewall. For each of the above, sshd has been running
on the local machine. I've been using port 22 for now just to get things
running. I will change the port later on. What else could be the problem?
The OS is fedora.

Previously, I had ssh working so I could connect from a remote
machine to a local machine via port xyz. Since then I've reinstalled
fedora. I haven't changed the port. This time when I try to ssh
from the remote machine to the local machine, I get an unable to
connect bug. I also tried to ping from the remote machine to the
local machine and I got this message: ping: return 100% packet loss

Henry

[kdg1955]

Ping use the native protocol ICMP (not tcp or udp), and there are rejected by default. Check with '$> iptables -L', and you will find a line like:
'REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited'
See '$> man iptables' if you want to change (but I don't recommend it)

Also for ssh, I have a hunch that it is blocked by the firewall.
To enable ssh, insert or add a rule with iptables command (as root). But it should be before the 'REJECT all' rule of the input chain. See also '$> man iptables'. Don't forget to make them persistent.
Other check:
$> netstat -t -a -p | grep ssh
$> netstat -t -a -p -n | grep 22

There exists a graphical tool system-config-firewall. If you don't have it '$> yum install system-config-firewall'. I have no experience with this tool.

Hopefully it was useful information.

--
kdg1955

[Lazydog]

Previously, I had ssh working so I could connect from a remote machine to a local machine via port xyz. Since then I've reinstalled fedora. I haven't changed the port. This time when I try to ssh from the remote machine to the local machine, I get an unable to connect bug. I also tried to ping from the remote machine to the local machine and I got this message: ping: return 100% packet loss

Henry

Sounds like your ISP is blocking all ports below 1024. If you had SSH working before and it is now not working even when you turn off the firewall I would think it is the ISP blocking you.

Try setting SSH to listen on a port above 1024 and try to connect again.

[areis22]

Could also be a port forwarding issue with the SSH connection. Make sure, within your router, you have a port forwarding rule that says something along the lines of this:

allow TCP port 22 from WAN to LAN IP (local machine IP address) always

As far as the pinging problem, could be a setting in the router that is dropping WAN side ping requests. What model router is it?

[henry6768]

1. You were correct, my iptables does contain a line to reject ICMP. I haven't
changed it.

2. I tried the following statement but I still could not connect:
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh state NEW

H.

[kdg1955]

It's difficult to judge from a distance.
I suppose you have insert the new line before the 'REJECT ALL ...' and it was on the right chain.
This is wat I have:
ACCEPT tcp -- 192.168.1.0/24 anywhere state NEW tcp dpt:ssh

Do you have a backup of your old file '/etc/sysconfig/iptables'. If yes, compare the old with the new.
Is it only for ssh or are all port blocked? Try with an other protocol (ex: http on port 80 if you have a webserver or mysql which uses a port above 1024).
Can you see error messages with dmesg ($> dmesg | grep ssh)? What is the error on the remote machine?
Is selinux enabled?

--
kdg1955

[henry6768]

Ok, I temporarily disabled iptables to iptables -L lists no rules.
Then I ran ssh me@localhost and it worked.
Next I did ssh me@localipaddress and it didn't work.
No messages located in /var/log mention any problem.
I have verified that selinux is not running.
And, I did not receive any mail about it from the local machine.
Hopefully this narrows it down some.

H.

[areis22]

Try adding your local ip address to the hosts file like such:

Code:

127.0.0.1          localhost, localhost.localdomain
192.168.1.1       (hostname),localhost,localhost.localdomain

OR the firewall could be blocking anything coming from the "outside", meaning outside of the 127.0.0.0/8 subnet range. Try adjusting the firewall to allow the traffic on (ethernet device)(ex. eth0) and also allowing the port coming from the specific local IP address.

[henry6768]

Hi, I think I did part of what areis22 suggested but I still could
not connect.
1. Disabled the firewall.
2. Added to the local hosts file the 2 lines of code:
127.0.0.1 localhost, localhost.localdomain
192.168.1.1 (hostname),localhost,localhost.localdomain
3. Are you sure 192.168.1.1 is the correct number?
4. What should the hosts.allow consist of?

[henry6768]

I'm still stuck on this issue. Any assistance or clarification would
be greatly appreciated.

thanks,
--h