LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-08-2010, 02:09 AM   #1
ibaydan
Member
 
Registered: Jan 2008
Distribution: Debian6 , Centos 6,Ubuntu 11.04
Posts: 57

Rep: Reputation: 2
ssh acces problem may be ipv6?


I have centos 5.5 in my lan behind the adsl modem/router I can acces sshd from lan but when i try to access from outside of lan i cannot.I have configured my router properly and tested it.I can acces vnc on xp machine on the same lan from outside of lan so there is no nat or port forwarding problem.when I netstat -nlp I get
tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3132/portmap
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:817 0.0.0.0:* LISTEN 3179/rpc.statd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3848/dnsmasq
tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 3759/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3431/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3463/sendmail: acce
tcp 0 0 :::6001 :::* LISTEN 3559/Xvnc
tcp 0 0 :::22 :::* LISTEN 3422/sshd
udp 0 0 0.0.0.0:811 0.0.0.0:* 3179/rpc.statd
udp 0 0 0.0.0.0:814 0.0.0.0:* 3179/rpc.statd
udp 0 0 192.168.122.1:53 0.0.0.0:* 3848/dnsmasq
udp 0 0 10.0.0.1:53 0.0.0.0:* 3759/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 3848/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 3759/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 4760/dhclient
udp 0 0 0.0.0.0:60381 0.0.0.0:* 3637/avahi-daemon:
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3637/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 3132/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3431/cupsd
udp 0 0 :::5353 :::* 3637/avahi-daemon:
udp 0 0 :::37483 :::* 3637/avahi-daemon:



What is the meaning of :::* is is ipv6 ?If so How can i close it
Thanks

Last edited by ibaydan; 12-08-2010 at 02:15 AM.
 
Old 12-08-2010, 08:45 AM   #2
camorri
Senior Member
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1
Posts: 4,845

Rep: Reputation: 431Reputation: 431Reputation: 431Reputation: 431Reputation: 431
The standard port for ssh is 22. I don't see that in your listing.

Have a look at /etc/ssh/ssh_config. In that file the port can be defined. You do not have to use port 22, if you are not using port 22, you need to forward what ever port you are using, and make it match in the ssh config file.

As far as port forwarding in your router, have you got a rule set for your linux server pointing to the linux systems IP address? Is the linux IP address static?

As far as I know, for ipv6, :::* indicates all fields of 0's, repeated.
 
Old 12-08-2010, 09:29 AM   #3
ibaydan
Member
 
Registered: Jan 2008
Distribution: Debian6 , Centos 6,Ubuntu 11.04
Posts: 57

Original Poster
Rep: Reputation: 2
[solved]

I have solved my problem.I have disabled ipv6 modules and corrected gateway in the network configuration.Thanks
 
Old 12-08-2010, 12:25 PM   #4
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, CentOS, Ubuntu, Fedora, Timesys, Linux From Scratch
Posts: 1,777
Blog Entries: 20

Rep: Reputation: 115Reputation: 115
What ":::*" means in that context is "any address + any port". The initial "::" means the address. So "tcp 0 0 :::22 :::* LISTEN 3422/sshd" means listening on any address in IPv6 on port 22, and accept from any address in IPv6 from any port.

By default, a listen on "::" also listens on 0.0.0.0, so both IPv4 and IPv6 can be listened for on one socket, which is convenient for simple programs that are going to block in an accept() call. This can be seen by an attempt by ssh when doing port forwarding to listen to both "::" and 0.0.0.0 and getting a bind failure for the 0.0.0.0 because the port is busy with "::" on the same port. You can turn this behavior off with "echo 1 > /proc/sys/net/ipv6/bindv6only", in which case for a program to listen on both IPv6 and IPv4, it has to bind separate sockets to each, and do the appropriate blocking I/O on both sockets to wait for incoming connections on either.

Since I do see a listen on port 22, it's another issue. Your solution mentioned a gateway setting. If that was wrong, it should break a lot more than just ssh, relative to the internet. As for the IPv6 modules, I don't see how that would impact things if ssh was successfully bound to port 22 and listening (as your on-LAN connections worked with).

BTW, I recommend using a different port than 22, at least at the router side facing the internet. There are lots of crackpots scanning for weak passwords via ssh. Even if all your passwords are strong, this still makes for lots of noisy messages in logs, discouraging you from looking for legitimate breakins. Pick a different port not well known for any common service and use that for your ssh service facing the internet.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help!! Give ssh acces on centos 5.2 xavi08 Linux - Networking 15 03-09-2009 04:28 PM
how to allow and deny ssh acces to certain IPs caedo Linux - Security 4 09-19-2008 11:47 AM
SSH and VNC acces problems Fede.mac Linux - Networking 6 08-10-2008 04:01 PM
Controlling remote acces SSH Wimpie22 Linux - Security 9 07-27-2005 04:33 PM
no acces with ssh kvtournh Linux - Networking 3 12-11-2003 08:29 AM


All times are GMT -5. The time now is 04:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration