LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-03-2009, 02:22 PM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
Completely shut out of my system


I have an online server which I can not reach any more !

Code:
[jonas@jonas ~]$ ssh -2 -p 2273 ip_of_server
normally works just fine but now there is a timeout...

Code:
-bash-3.2# /sbin/service iptables stop                                          
Flushing firewall rules: [  OK  ]                                               
Setting chains to policy ACCEPT: mangle filter [  OK  ]                         
Unloading iptables modules: Removing netfilter NETLINK layer.                   
[  OK  ]                                                                        
-bash-3.2# /sbin/service csf status                                             
Status of csf:csf and lfd have been disabled, use 'csf -e' to enable            
                                                                                
-bash-3.2# /sbin/service lfd status                                             
Status of lfd:lfd is stopped
The only thing I have is a management-interface with a command prompt (luckily !!)
You can see that any firewall is disabled.

Still I can not reach my server. Not through webmin via the public address, not through the VPN on the private address (10.10.0.1). So no webmin.
I cannot reach my server via ssh.
I cannot ping my server on the public IP-address from my client.

The only thing I can do is post this problem here :-).

What else besides the firewall can restrict my access to my server ???

Last edited by jonaskellens; 09-03-2009 at 02:23 PM.
 
Old 09-03-2009, 02:26 PM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jonaskellens View Post
I have an online server which I can not reach any more !

Code:
[jonas@jonas ~]$ ssh -2 -p 2273 ip_of_server
normally works just fine but now there is a timeout...

Code:
-bash-3.2# /sbin/service iptables stop                                          
Flushing firewall rules: [  OK  ]                                               
Setting chains to policy ACCEPT: mangle filter [  OK  ]                         
Unloading iptables modules: Removing netfilter NETLINK layer.                   
[  OK  ]                                                                        
-bash-3.2# /sbin/service csf status                                             
Status of csf:csf and lfd have been disabled, use 'csf -e' to enable            
                                                                                
-bash-3.2# /sbin/service lfd status                                             
Status of lfd:lfd is stopped
The only thing I have is a management-interface with a command prompt (luckily !!)
You can see that any firewall is disabled.

Still I can not reach my server. Not through webmin via the public address, not through the VPN on the private address (10.10.0.1). So no webmin.
I cannot reach my server via ssh.
I cannot ping my server on the public IP-address from my client.

The only thing I can do is post this problem here :-).

What else besides the firewall can restrict my access to my server ???
is the sshd running?
 
Old 09-03-2009, 02:28 PM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by centosboy View Post
is the sshd running?
Code:
-bash-3.2# /sbin/service sshd status                                            
openssh-daemon (pid  15442) is running...
 
Old 09-03-2009, 02:30 PM   #4
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jonaskellens View Post
Code:
-bash-3.2# /sbin/service sshd status                                            
openssh-daemon (pid  15442) is running...
can you connect to ssh on localhost?
 
Old 09-03-2009, 02:31 PM   #5
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
also

Code:
netstat -plant | grep ssh

to get all listening ssh ports
 
Old 09-03-2009, 02:39 PM   #6
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Code:
-bash-3.2# netstat -plant | grep ssh 
tcp        0      0 :::2273   :::*      LISTEN      15442/sshd
Code:
-bash-3.2# ssh -p 2273 localhost
Permission denied (publickey,gssapi-with-mic).
which is normal cause I only accept connection of my host with RSA-key.
 
Old 09-03-2009, 02:43 PM   #7
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jonaskellens View Post
Code:
-bash-3.2# netstat -plant | grep ssh 
tcp        0      0 :::2273   :::*      LISTEN      15442/sshd
Code:
-bash-3.2# ssh -p 2273 localhost
Permission denied (publickey,gssapi-with-mic).
which is normal cause I only accept connection of my host with RSA-key.
i trust you have done all the normal troubleshooting...ping/traceroute etc...and ssh -vv
it doesnt look like the ssh traffic is actually reaching the server.
anything in the logs /var/log/secure and /var/log/messages that give a clue?
 
Old 09-03-2009, 02:59 PM   #8
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by centosboy View Post
i trust you have done all the normal troubleshooting...ping/traceroute etc...and ssh -vv
it doesnt look like the ssh traffic is actually reaching the server.
anything in the logs /var/log/secure and /var/log/messages that give a clue?
Ping from my client to the server : 100% packet loss
Ping from server to client : 100%packet loss
Traceroute is not installed on server...
Traceroute from my client to server show the network of my ISP and then ****, so not that much info here...

/var/log/secure shows entries of 5hours ago, no new entries...
/var/log/messages :
Code:
Sep  3 17:28:42 vps2301 openvpn[13967]: UDPv4 link local (bound): [undef]:1194  
Sep  3 17:28:42 vps2301 openvpn[13967]: UDPv4 link remote: [undef]              
Sep  3 20:15:16 vps2301 kernel: Removing netfilter NETLINK layer.
That's it...
 
Old 09-03-2009, 04:29 PM   #9
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jonaskellens View Post
Ping from my client to the server : 100% packet loss
Ping from server to client : 100%packet loss
Traceroute is not installed on server...
Traceroute from my client to server show the network of my ISP and then ****, so not that much info here...

/var/log/secure shows entries of 5hours ago, no new entries...
/var/log/messages :
Code:
Sep  3 17:28:42 vps2301 openvpn[13967]: UDPv4 link local (bound): [undef]:1194  
Sep  3 17:28:42 vps2301 openvpn[13967]: UDPv4 link remote: [undef]              
Sep  3 20:15:16 vps2301 kernel: Removing netfilter NETLINK layer.
That's it...
i suspect network problems somewhere in between.
if you dont have traceroute you could always try tracepath, tcptraceroute or even mtr if it is installed.
You can also try traceroute from traceroute.org if you have a GUI web browser installed
 
Old 09-03-2009, 04:44 PM   #10
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by centosboy View Post
i suspect network problems somewhere in between.
if you dont have traceroute you could always try tracepath, tcptraceroute or even mtr if it is installed.
You can also try traceroute from traceroute.org if you have a GUI web browser installed
The only thing that is installed on the server is :
Code:
tracepath yocan.no-ip.biz  
 1:  send failed                                      
     Resume: pmtu 65535
Don't have a GUI on the server. Server is runnin' init 3.
 
Old 09-03-2009, 04:59 PM   #11
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jonaskellens View Post
The only thing that is installed on the server is :
Code:
tracepath yocan.no-ip.biz  
 1:  send failed                                      
     Resume: pmtu 65535
Don't have a GUI on the server. Server is runnin' init 3.
somewhere along the network is blocking access to this server.....
at least for icmp anyway.

Code:
[root@ ~]# mtr -c 20 --report yocan.no-ip.biz
hostname.org                   Snt: 20    Loss%  Last   Avg  Best  Wrst StDev
fa0-7.sw1.f1f10.iph.lon.as5587.net            0.0%   0.5   0.6   0.5   0.7   0.1
821.gi0-1.rtr2.iph.lon.as5587.net             0.0%   0.8   9.1   0.3 166.1  37.0
900.gi0-0-0.rtr2.tc9.lon.as5587.net           0.0%   1.2   2.1   1.2   3.0   0.5
ldn-tch-i1-link.telia.net                     0.0%   2.0   2.4   1.6   6.4   1.0
ldn-b5-link.telia.net                         0.0%   3.9   4.7   1.0  53.4  11.5
ldn-bb1-link.telia.net                        0.0%  46.9   7.7   1.7  46.9  12.5
ldn-b3-link.telia.net                         0.0%   2.6   5.5   1.7  66.0  14.3
xe-5-2-0-0.lon20.ip4.tinet.net                0.0%   1.6   3.4   1.2  25.3   5.2
xe-0-0-0.bru20.ip4.tinet.net                  0.0%  13.5  17.2  12.4  64.7  12.9
telenor-gw.ip4.tinet.net                      0.0%  14.1  16.2  13.0  59.6  10.2
dD5E0FDDE.access.telenet.be                   0.0%  16.1  17.5  16.0  28.0   2.8
dD5E0FD52.access.telenet.be                  40.0%  17.4  19.1  16.8  24.6   2.3
dD5E0C00A.access.telenet.be                   0.0%  17.2  17.4  16.8  19.3   0.6
???                                          100.0   0.0   0.0   0.0   0.0   0.0
 
Old 09-03-2009, 05:00 PM   #12
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by centosboy View Post
somewhere along the network is blocking access to this server.....
at least for icmp anyway.

Code:
[root@ ~]# mtr -c 20 --report yocan.no-ip.biz
hostname.org                   Snt: 20    Loss%  Last   Avg  Best  Wrst StDev
fa0-7.sw1.f1f10.iph.lon.as5587.net            0.0%   0.5   0.6   0.5   0.7   0.1
821.gi0-1.rtr2.iph.lon.as5587.net             0.0%   0.8   9.1   0.3 166.1  37.0
900.gi0-0-0.rtr2.tc9.lon.as5587.net           0.0%   1.2   2.1   1.2   3.0   0.5
ldn-tch-i1-link.telia.net                     0.0%   2.0   2.4   1.6   6.4   1.0
ldn-b5-link.telia.net                         0.0%   3.9   4.7   1.0  53.4  11.5
ldn-bb1-link.telia.net                        0.0%  46.9   7.7   1.7  46.9  12.5
ldn-b3-link.telia.net                         0.0%   2.6   5.5   1.7  66.0  14.3
xe-5-2-0-0.lon20.ip4.tinet.net                0.0%   1.6   3.4   1.2  25.3   5.2
xe-0-0-0.bru20.ip4.tinet.net                  0.0%  13.5  17.2  12.4  64.7  12.9
telenor-gw.ip4.tinet.net                      0.0%  14.1  16.2  13.0  59.6  10.2
dD5E0FDDE.access.telenet.be                   0.0%  16.1  17.5  16.0  28.0   2.8
dD5E0FD52.access.telenet.be                  40.0%  17.4  19.1  16.8  24.6   2.3
dD5E0C00A.access.telenet.be                   0.0%  17.2  17.4  16.8  19.3   0.6
???                                          100.0   0.0   0.0   0.0   0.0   0.0
im assuming here the firewall is back on?

Code:
[root@~]# tracepath yocan.no-ip.biz/2273
 1:  hostname.org (213.253.0.0)                        0.177ms pmtu 1500
 1:  fa0-7.sw1.f1f10.iph.lon.as5587.net (213.253.145.10)    0.808ms
 2:  821.gi0-1.rtr2.iph.lon.as5587.net (195.13.89.17)       1.486ms
 3:  900.gi0-0-0.rtr2.tc9.lon.as5587.net (213.253.141.222) asymm  4  49.946ms
 4:  ldn-tch-i1-link.telia.net (213.248.100.189)            3.438ms
 5:  ldn-b5-link.telia.net (80.91.250.209)                asymm  6   3.465ms
 6:  ldn-bb2-link.telia.net (80.91.252.201)               asymm  7   3.218ms
 7:  ldn-b3-link.telia.net (80.91.254.17)                 asymm  8   3.196ms
 8:  xe-5-2-0-0.lon20.ip4.tinet.net (213.200.78.237)      asymm  9   2.685ms
 9:  xe-0-0-0.bru20.ip4.tinet.net (89.149.187.121)        asymm 12  14.458ms
10:  telenet-gw.ip4.tinet.net (77.67.73.110)              asymm 11  14.912ms
11:  dD5E0FDDE.access.telenet.be (213.224.253.222)        asymm 12  17.706ms
12:  dD5E0FD52.access.telenet.be (213.224.253.82)          18.921ms
13:  dD5E0C00A.access.telenet.be (213.224.192.10)          17.979ms
14:  no reply
 
Old 09-03-2009, 05:08 PM   #13
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
yocan.no-ip.biz is my home network, not the server... I was trying a trace from the server to my home network...

I have now completely uninstalled iptables on the server, but still I cannot reach it. No ping, no ssh, no webmin,...

So again once my first question : what else besides a firewall (which isn't there any more) can be blocking myself out ?


Code:
[root@jonas jonas]# mtr -c 20 --report ip_of_server
HOST: jonas.jocan.local           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. clarkconnect.jocan.local      0.0%    20    1.7   1.8   1.6   2.3   0.2
  2. ???                          100.0    20    0.0   0.0   0.0   0.0   0.0

Last edited by jonaskellens; 09-03-2009 at 05:11 PM.
 
Old 09-03-2009, 05:26 PM   #14
nuwen52
Member
 
Registered: Feb 2009
Distribution: Debian, CentOS 5, Gentoo, FreeBSD, Fedora, Mint, Slackware64
Posts: 208

Rep: Reputation: 46
Ok. I haven't seen this asked yet. Can you telnet to the server on port 22? Or port 2273 where it looks like the sshd is set to listen to. And, if so, what do you get as a response? If the ssh daemon is running and responding correctly, you should at least get back an identifier saying the version of ssh the server is running.

Last edited by nuwen52; 09-03-2009 at 05:28 PM.
 
Old 09-04-2009, 03:20 AM   #15
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by nuwen52 View Post
Ok. I haven't seen this asked yet. Can you telnet to the server on port 22? Or port 2273 where it looks like the sshd is set to listen to. And, if so, what do you get as a response? If the ssh daemon is running and responding correctly, you should at least get back an identifier saying the version of ssh the server is running.
From my home network to the server :
Code:
[jonas@jonas ~]$ telnet ip_server 2273
Trying ip_server...
telnet: connect to address ip_server: Connection timed out
Code:
[jonas@jonas ~]$ ping -c 4 ip_server
PING ip_server (ip_server) 56(84) bytes of data.

--- ip_server ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 12999ms
Code:
[jonas@jonas ~]$ ssh -2 -p 2273 ip_server -vv
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ip_server [ip_server] port 2273.
debug1: connect to address ip_server port 2273: Connection timed out
ssh: connect to host ip_server port 2273: Connection timed out
From my server to my home network :
Code:
terminal coming up, please press Return/Enter to get a prompt!
                                                                                
-bash-3.2# ping -c 4 yocan.no-ip.biz
PING yocan.no-ip.biz (78.22.164.184) 56(84) bytes of data.
                                                                                
--- yocan.no-ip.biz ping statistics ---                                         
4 packets transmitted, 0 received, 100% packet loss, time 3008ms                
                                                                                
-bash-3.2# telnet yocan.no-ip.biz 22            
Trying 78.22.164.184...                                     
telnet: connect to address 78.22.164.184: Connection timed out
Strange thing : through an interface I can still see the console of my VDS. Even when my firewall was still up and running I could always consult this terminal-window.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
laptop will not shut down completely under Ubuntu 7.04 vansch76 Linux - Laptop and Netbook 8 12-16-2007 04:17 AM
error partioning hard drive "Windows did not shut down completely" emissary Linux - Laptop and Netbook 3 12-25-2005 02:43 PM
CentOS wont shut down completely! twysm Linux - Newbie 3 06-12-2005 09:23 AM
CentOS wont shut down completely! twysm cAos 2 06-12-2005 03:35 AM
shut down won't shut system down taoweijia Linux - General 3 03-03-2004 07:05 PM


All times are GMT -5. The time now is 10:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration