You are not logged in.
Hi folks,
Just played around ssh with following network setup.
Archlinux workstation
hostname - arch.satimis.com
LAN IP - 192.168.0.2
Ubuntu 7.04 server
hostname - mail.satimis.com
LAN IP - 192.168.0.10
Router
port 22-25 forwarded to 192.168.0.10
On Arch workstation
$ ssh mail.satimis.com (OR www.satimis.com)
after login Arch can ssh-connect Ubuntu
exited
But now;
$ ssh 192.168.0.10
can't connect Ubuntu. No response, just hanging on the screen.
$ ls /var/log/
Xorg.0.log crond everything.log lastlog syslog.log.2
Xorg.0.log.old crond.1 everything.log.1 mail.log user.log
acpid.log crond.2 everything.log.2 messages.log user.log.1
acpid.log.1 daemon.log faillog messages.log.1 user.log.2
acpid.log.2 daemon.log.1 gdm messages.log.2 wtmp
auth.log daemon.log.2 httpd old
auth.log.1 errors.log kernel.log pacman.log
auth.log.2 errors.log.1 kernel.log.1 syslog.log
btmp errors.log.2 kernel.log.2 syslog.log.1
Please advise which log file shall I check? How to fix the problem? TIA
Remark: port 22 forwarding removed
B.R.
satimis
Last edited by satimis (2008-02-18 10:28:03)
Offline
Port forwarding is not required here, as both machines are on the same subnet. Try ssh with the debug flag (-v) for more info - you can use it up to three times, depending on the level of detail you need.
Offline
Port forwarding is not required here, as both machines are on the same subnet. Try ssh with the debug flag (-v) for more info - you can use it up to three times, depending on the level of detail you need.
$ ssh -v 192.168.0.10
OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22.
debug1: connect to address 192.168.0.10 port 22: Connection timed out
ssh: connect to host 192.168.0.10 port 22: Connection timed out
Tried 3 times with the same result.
On Ubuntu
# cat /etc/ssh/ssh_confifg | grep Port
Port 22
It has been uncommented. Neither I have touched this file during my test
Edit-1:
$ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#exit 0
#
# INPUT
#
# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d 220.232.213.178 -m state --state RELATED,ESTABLISHED
# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 22
# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8222
# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8333
# allow all VMware Authorization Daemon traffic to the management interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 902
# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d 220.232.213.178 --reject-with icmp-port-unreachable
# allows squirrelmail input
#iptables -I INPUT 7 -p ALL -i lo --source 127.0.0.1 -j ACCEPT
#
# OUTPUT
#
# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s 220.232.213.178 -m state --state RELATED,ESTABLISHED
# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s 220.232.213.178 -p UDP --destination-port 53
# reject all other traffic from localhost
#iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable
# reject all other traffic from the management interface NIC
iptables -I OUTPUT 3 -j REJECT -s 220.232.213.178 --reject-with icmp-port-unreachable
Edit-2:
The problem is on Archlinux.
This box has another HD running Ubuntu 7.10 workstation. Just connected it.
$ ssh 192.168.0.10
after login, connected the server
Edit-3:
Just discovered.
Archlinux can't ping 192.168.0.10 (server), 192.168.0.1 (router IP)
satimis
Last edited by satimis (2008-02-18 13:26:12)
Offline
Hi tomk,
Problem solved. It was iptables on Archlinux which rules I setup several hours ago blocking the traffic. I did not realise it.
After running;
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Archlinux can ping router_ip and server_ip. Ubuntu_Server can ping Archlinux_ip.
To run "ssh mail.satimis.com" port 22 forwarding is still needed.
Thanks for your assistance.
I'll start another topic later about iptables rules.
B.R.
satimis
Last edited by satimis (2008-02-18 15:33:12)
Offline