cant SSH into mandrake router from windows xp
 

hi to everyone great forum

Im new to the linux world and over the last few days ive managed with the help of this forum to get a redundant system in use as a linux router/server for my windows lan, I got everything up and running ok including the speedtouch adsl modem and the internet connection sharing thing. In the mandrake control centre I have the lan configured aswell and will be doing samba in the next few days so all is well so far except for one thing I cant ssh into the mandrake machine what so ever just keeps tellling me that the host is unreachable ive putty and ssh secure shell but to no avail. Now through my journey I have noticed a thing or too regarding the shorewall firewall and I have an inkerling that this maybe the problem, the thing is is that the internet connection sharing thing wont work without the shorewall activated but then again even with it switched off I still cant ssh, now according to the mandrake control centre GUI it is saying that the ssh daemon is running but when I do a top command as root its not in the process list im really very confuesd at this point as I only want to ssh as root from another windows box in the LAN.
any help would be gratefully appreciated thanks

Welcome to LQ.

Is ssh running and listening:
netstat -nlp

What firewall rules do you have:
iptables -L

If you are unsure then post the output of the above commands.

hi David
Thanks very much for the quick response this is very long winded but here is the out put from those commands

netstat -nl returned the following:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN
1130/xinetd
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:642 0.0.0.0:* LISTEN
884/rpc.statd
tcp 0 0 0.0.0.0:933 0.0.0.0:* LISTEN
1178/rpc.mountd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
1350/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
818/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
1762/X
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
1513/httpd2
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
1334/perl
tcp 0 0 0.0.0.0:657 0.0.0.0:* LISTEN
900/ypserv
tcp 0 0 212.158.255.217:53 0.0.0.0:* LISTEN
3444/named
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
3444/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
3444/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
1302/proftpd: (acce
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
4563/sshd
tcp 0 0 0.0.0.0:790 0.0.0.0:* LISTEN
1035/rpc.ypxfrd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
3444/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
1513/httpd2
udp 0 0 0.0.0.0:2049 0.0.0.0:*
-
udp 0 0 0.0.0.0:32770 0.0.0.0:*
-
udp 0 0 0.0.0.0:32771 0.0.0.0:*
3444/named
udp 0 0 0.0.0.0:520 0.0.0.0:*
1086/routed
udp 0 0 192.168.1.1:137 0.0.0.0:*
1360/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
1360/nmbd
udp 0 0 192.168.1.1:138 0.0.0.0:*
1360/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
1360/nmbd
udp 0 0 0.0.0.0:654 0.0.0.0:*
900/ypserv
udp 0 0 0.0.0.0:10000 0.0.0.0:*
1334/perl
udp 0 0 0.0.0.0:788 0.0.0.0:*
1035/rpc.ypxfrd
udp 0 0 0.0.0.0:930 0.0.0.0:*
1178/rpc.mountd
udp 0 0 212.158.255.217:53 0.0.0.0:*
3444/named
udp 0 0 192.168.1.1:53 0.0.0.0:*
3444/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
3444/named
udp 0 0 0.0.0.0:962 0.0.0.0:*
1209/rpc.yppasswdd
udp 0 0 0.0.0.0:67 0.0.0.0:*
3465/dhcpd
udp 0 0 0.0.0.0:111 0.0.0.0:*
818/portmap
udp 0 0 0.0.0.0:636 0.0.0.0:*
884/rpc.statd
udp 0 0 0.0.0.0:639 0.0.0.0:* 884/rpc.statd
raw 0 0 0.0.0.0:1 0.0.0.0:* 7 3465/dhcpd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Pat h
unix 2 [ ACC ] STREAM LISTENING 5319 1831/kdeinit: dcops /tm p/.ICE-unix/dcop1831-1081542844
unix 2 [ ACC ] STREAM LISTENING 5567 1848/kdeinit: ksmse /tm p/.ICE-unix/1848
unix 2 [ ACC ] STREAM LISTENING 5362 1837/fam /tm p/.fam_socket
unix 2 [ ACC ] STREAM LISTENING 3242 979/xfs /tm p/.font-unix/fs-1
unix 2 [ ACC ] STREAM LISTENING 5236 1762/X /tm p/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 5315 1828/kdeinit: Runni /tm p/ksocket-b/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 5342 1834/kdeinit: klaun /tm p/ksocket-b/klaunchercshY9a.slave-socket
unix 2 [ ACC ] STREAM LISTENING 5939 1875/kdesud /tm

Then iptables -L returned this:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
ppp_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
ppp_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
fw2net all -- anywhere anywhere
fw2masq all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain all2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
reject udp -- anywhere anywhere udp dpt:135
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state NEW
DROP all -- anywhere 192.168.1.255

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2net all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2fw all -- anywhere anywhere

Chain fw2masq (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere multiport dports ipp,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere multiport dports ipp,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW
all2all all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain icmpdef (1 references)
target prot opt source destination

Chain loc2net (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain masq2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere multiport dports domain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW
ACCEPT udp -- anywhere anywhere multiport dports domain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW
all2all all -- anywhere anywhere

Chain masq2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere

Chain newnotsyn (7 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:newnotsyn:DROP:'
DROP all -- anywhere anywhere

Chain ppp_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere

Chain ppp_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Ive read through it myself to try to figure it out but im confused as far as I can see its actually rejecting the connection from the windows box but I really dont have a clue as to what to do to set this thanks again for the help
David its much appreciated , Im going to be setting up a duel boot with the windows pc today im so impressed with Linux so far even though its a little hard to configure :)

It looks like a firewall problem - you can see that sshd is running from the netstat output.

I have never used shorewall to configure iptables - if you can use shorewall to open port 22 then that would probably be easier. Personally I find those rules very difficult to work with as they are so complex. It would probably be better making up your own firewall rules script so that you have more control and know what is going on.