Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 13
Currently, I can't ping or ssh from a remote machine across Internet to my local machine but I can ping/ssh from the local to the remote. My local machine has ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2011
    Posts
    11

    can't ping or ssh from remote machine to local machine


    Currently, I can't ping or ssh from a remote machine across Internet
    to my local machine but I can ping/ssh from the local to the remote. My
    local machine
    has a cable internet service provider and a wireless router. I've already
    tried unplugging the cable and the router and restarting, and I've tried
    shutting off the firewall. For each of the above, sshd has been running
    on the local machine. I've been using port 22 for now just to get things
    running. I will change the port later on. What else could be the problem?
    The OS is fedora.

    Previously, I had ssh working so I could connect from a remote
    machine to a local machine via port xyz. Since then I've reinstalled
    fedora. I haven't changed the port. This time when I try to ssh
    from the remote machine to the local machine, I get an unable to
    connect bug. I also tried to ping from the remote machine to the
    local machine and I got this message: ping: return 100% packet loss

    Henry

  2. #2
    Just Joined!
    Join Date
    Jun 2011
    Location
    Belgium
    Posts
    84
    Ping use the native protocol ICMP (not tcp or udp), and there are rejected by default. Check with '$> iptables -L', and you will find a line like:
    'REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited'
    See '$> man iptables' if you want to change (but I don't recommend it)

    Also for ssh, I have a hunch that it is blocked by the firewall.
    To enable ssh, insert or add a rule with iptables command (as root). But it should be before the 'REJECT all' rule of the input chain. See also '$> man iptables'. Don't forget to make them persistent.
    Other check:
    $> netstat -t -a -p | grep ssh
    $> netstat -t -a -p -n | grep 22

    There exists a graphical tool system-config-firewall. If you don't have it '$> yum install system-config-firewall'. I have no experience with this tool.

    Hopefully it was useful information.

    --
    kdg1955

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Quote Originally Posted by henry6768 View Post
    Previously, I had ssh working so I could connect from a remote machine to a local machine via port xyz. Since then I've reinstalled fedora. I haven't changed the port. This time when I try to ssh from the remote machine to the local machine, I get an unable to connect bug. I also tried to ping from the remote machine to the local machine and I got this message: ping: return 100% packet loss

    Henry


    Sounds like your ISP is blocking all ports below 1024. If you had SSH working before and it is now not working even when you turn off the firewall I would think it is the ISP blocking you.

    Try setting SSH to listen on a port above 1024 and try to connect again.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. #4
    Just Joined!
    Join Date
    Jul 2011
    Location
    Minnesota, USA
    Posts
    4
    Could also be a port forwarding issue with the SSH connection. Make sure, within your router, you have a port forwarding rule that says something along the lines of this:

    allow TCP port 22 from WAN to LAN IP (local machine IP address) always

    As far as the pinging problem, could be a setting in the router that is dropping WAN side ping requests. What model router is it?

  5. #5
    Just Joined!
    Join Date
    Jun 2011
    Posts
    11
    1. You were correct, my iptables does contain a line to reject ICMP. I haven't
    changed it.

    2. I tried the following statement but I still could not connect:
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh state NEW

    H.

  6. #6
    Just Joined!
    Join Date
    Jun 2011
    Location
    Belgium
    Posts
    84
    It's difficult to judge from a distance.
    I suppose you have insert the new line before the 'REJECT ALL ...' and it was on the right chain.
    This is wat I have:
    ACCEPT tcp -- 192.168.1.0/24 anywhere state NEW tcp dpt:ssh

    Do you have a backup of your old file '/etc/sysconfig/iptables'. If yes, compare the old with the new.
    Is it only for ssh or are all port blocked? Try with an other protocol (ex: http on port 80 if you have a webserver or mysql which uses a port above 1024).
    Can you see error messages with dmesg ($> dmesg | grep ssh)? What is the error on the remote machine?
    Is selinux enabled?

    --
    kdg1955
    Last edited by kdg1955; 07-03-2011 at 07:41 PM. Reason: correction

  7. #7
    Just Joined!
    Join Date
    Jun 2011
    Posts
    11
    Ok, I temporarily disabled iptables to iptables -L lists no rules.
    Then I ran ssh me@localhost and it worked.
    Next I did ssh me@localipaddress and it didn't work.
    No messages located in /var/log mention any problem.
    I have verified that selinux is not running.
    And, I did not receive any mail about it from the local machine.
    Hopefully this narrows it down some.

    H.

  8. #8
    Just Joined!
    Join Date
    Jul 2011
    Location
    Minnesota, USA
    Posts
    4
    Try adding your local ip address to the hosts file like such:

    Code:
    127.0.0.1          localhost, localhost.localdomain
    192.168.1.1       (hostname),localhost,localhost.localdomain
    OR the firewall could be blocking anything coming from the "outside", meaning outside of the 127.0.0.0/8 subnet range. Try adjusting the firewall to allow the traffic on (ethernet device)(ex. eth0) and also allowing the port coming from the specific local IP address.

  9. #9
    Just Joined!
    Join Date
    Jun 2011
    Posts
    11
    Hi, I think I did part of what areis22 suggested but I still could
    not connect.
    1. Disabled the firewall.
    2. Added to the local hosts file the 2 lines of code:
    127.0.0.1 localhost, localhost.localdomain
    192.168.1.1 (hostname),localhost,localhost.localdomain
    3. Are you sure 192.168.1.1 is the correct number?
    4. What should the hosts.allow consist of?

  10. #10
    Just Joined!
    Join Date
    Jun 2011
    Posts
    11
    I'm still stuck on this issue. Any assistance or clarification would
    be greatly appreciated.

    thanks,
    --h

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •