cant SSH into mandrake router from windows xp
hi to everyone great forum
Im new to the linux world and over the last few days ive managed with the help of this forum to get a redundant system in use as a linux router/server for my windows lan, I got everything up and running ok including the speedtouch adsl modem and the internet connection sharing thing. In the mandrake control centre I have the lan configured aswell and will be doing samba in the next few days so all is well so far except for one thing I cant ssh into the mandrake machine what so ever just keeps tellling me that the host is unreachable ive putty and ssh secure shell but to no avail. Now through my journey I have noticed a thing or too regarding the shorewall firewall and I have an inkerling that this maybe the problem, the thing is is that the internet connection sharing thing wont work without the shorewall activated but then again even with it switched off I still cant ssh, now according to the mandrake control centre GUI it is saying that the ssh daemon is running but when I do a top command as root its not in the process list im really very confuesd at this point as I only want to ssh as root from another windows box in the LAN. any help would be gratefully appreciated thanks |
Welcome to LQ.
Is ssh running and listening: netstat -nlp What firewall rules do you have: iptables -L If you are unsure then post the output of the above commands. |
hi David
Thanks very much for the quick response this is very long winded but here is the out put from those commands netstat -nl returned the following: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN 1130/xinetd tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:642 0.0.0.0:* LISTEN 884/rpc.statd tcp 0 0 0.0.0.0:933 0.0.0.0:* LISTEN 1178/rpc.mountd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1350/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 818/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1762/X tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1513/httpd2 tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1334/perl tcp 0 0 0.0.0.0:657 0.0.0.0:* LISTEN 900/ypserv tcp 0 0 212.158.255.217:53 0.0.0.0:* LISTEN 3444/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 3444/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3444/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1302/proftpd: (acce tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4563/sshd tcp 0 0 0.0.0.0:790 0.0.0.0:* LISTEN 1035/rpc.ypxfrd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3444/named tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1513/httpd2 udp 0 0 0.0.0.0:2049 0.0.0.0:* - udp 0 0 0.0.0.0:32770 0.0.0.0:* - udp 0 0 0.0.0.0:32771 0.0.0.0:* 3444/named udp 0 0 0.0.0.0:520 0.0.0.0:* 1086/routed udp 0 0 192.168.1.1:137 0.0.0.0:* 1360/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1360/nmbd udp 0 0 192.168.1.1:138 0.0.0.0:* 1360/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1360/nmbd udp 0 0 0.0.0.0:654 0.0.0.0:* 900/ypserv udp 0 0 0.0.0.0:10000 0.0.0.0:* 1334/perl udp 0 0 0.0.0.0:788 0.0.0.0:* 1035/rpc.ypxfrd udp 0 0 0.0.0.0:930 0.0.0.0:* 1178/rpc.mountd udp 0 0 212.158.255.217:53 0.0.0.0:* 3444/named udp 0 0 192.168.1.1:53 0.0.0.0:* 3444/named udp 0 0 127.0.0.1:53 0.0.0.0:* 3444/named udp 0 0 0.0.0.0:962 0.0.0.0:* 1209/rpc.yppasswdd udp 0 0 0.0.0.0:67 0.0.0.0:* 3465/dhcpd udp 0 0 0.0.0.0:111 0.0.0.0:* 818/portmap udp 0 0 0.0.0.0:636 0.0.0.0:* 884/rpc.statd udp 0 0 0.0.0.0:639 0.0.0.0:* 884/rpc.statd raw 0 0 0.0.0.0:1 0.0.0.0:* 7 3465/dhcpd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Pat h unix 2 [ ACC ] STREAM LISTENING 5319 1831/kdeinit: dcops /tm p/.ICE-unix/dcop1831-1081542844 unix 2 [ ACC ] STREAM LISTENING 5567 1848/kdeinit: ksmse /tm p/.ICE-unix/1848 unix 2 [ ACC ] STREAM LISTENING 5362 1837/fam /tm p/.fam_socket unix 2 [ ACC ] STREAM LISTENING 3242 979/xfs /tm p/.font-unix/fs-1 unix 2 [ ACC ] STREAM LISTENING 5236 1762/X /tm p/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 5315 1828/kdeinit: Runni /tm p/ksocket-b/kdeinit-:0 unix 2 [ ACC ] STREAM LISTENING 5342 1834/kdeinit: klaun /tm p/ksocket-b/klaunchercshY9a.slave-socket unix 2 [ ACC ] STREAM LISTENING 5939 1875/kdesud /tm Then iptables -L returned this: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID ppp_in all -- anywhere anywhere eth0_in all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination DROP !icmp -- anywhere anywhere state INVALID ppp_fwd all -- anywhere anywhere eth0_fwd all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID fw2net all -- anywhere anywhere fw2masq all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject all -- anywhere anywhere Chain all2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject all -- anywhere anywhere Chain common (5 references) target prot opt source destination icmpdef icmp -- anywhere anywhere reject udp -- anywhere anywhere udp dpt:135 reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject udp -- anywhere anywhere udp dpt:microsoft-ds reject tcp -- anywhere anywhere tcp dpt:netbios-ssn reject tcp -- anywhere anywhere tcp dpt:microsoft-ds reject tcp -- anywhere anywhere tcp dpt:135 DROP udp -- anywhere anywhere udp dpt:1900 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4 reject tcp -- anywhere anywhere tcp dpt:auth DROP udp -- anywhere anywhere udp spt:domain state NEW DROP all -- anywhere 192.168.1.255 Chain dynamic (4 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere masq2net all -- anywhere anywhere Chain eth0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere masq2fw all -- anywhere anywhere Chain fw2masq (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere multiport dports ipp,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW ACCEPT udp -- anywhere anywhere multiport dports ipp,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW all2all all -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain icmpdef (1 references) target prot opt source destination Chain loc2net (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain masq2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere multiport dports domain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW ACCEPT udp -- anywhere anywhere multiport dports domain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW all2all all -- anywhere anywhere Chain masq2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain net2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP all -- anywhere anywhere Chain newnotsyn (7 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `Shorewall:newnotsyn:DROP:' DROP all -- anywhere anywhere Chain ppp_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere net2all all -- anywhere anywhere Chain ppp_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere net2all all -- anywhere anywhere Chain reject (11 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain shorewall (0 references) target prot opt source destination Ive read through it myself to try to figure it out but im confused as far as I can see its actually rejecting the connection from the windows box but I really dont have a clue as to what to do to set this thanks again for the help David its much appreciated , Im going to be setting up a duel boot with the windows pc today im so impressed with Linux so far even though its a little hard to configure :) |
It looks like a firewall problem - you can see that sshd is running from the netstat output.
I have never used shorewall to configure iptables - if you can use shorewall to open port 22 then that would probably be easier. Personally I find those rules very difficult to work with as they are so complex. It would probably be better making up your own firewall rules script so that you have more control and know what is going on. |
All times are GMT -5. The time now is 11:39 AM. |