LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-20-2010, 03:02 AM   #1
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Rep: Reputation: 0
Lost on figuring out how to enable inbound traffic.


This is driving me batty and I'm sure it is something simple, so I'm posting in the newbie forum. I want to accept http and ssh requests from the outside world. Here are some things I have been able to triangulate on:

1. It is definitely my system and not the router. I had been accepting these connections just fine on my Fedora 6 system, but upgraded to FC11 and haven't been able to get these inbound connections working. I still have the drive with the FC6 system and whenever I put the old drive in the system, the connections work fine. So, the hardware, wiring, etc is identical between the FC6 and FC11 systems.

2. The system's firewall is disabled. iptables, and ip6tables are turned off both at startup (e.g., chkconfig iptables off) and using "service iptables stop". (Note--my router also works as a firewall)

3. sshd and httpd are both on and listening on all interfaces. "nmap -P0 -p 22,80 127.0.0.1" shows both ports open, as does 192.168.1.80. But when I use the same command looping through the external IP, the ports are filtered:
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp filtered http

4. hosts.deny is empty.

5. The messages and secure logs do not show anything in response to the nmap scans.

Again, I'd have sworn this was my router, except that it cleanly allows the traffic when I swap the drives in my system. Any thoughts on other ways that I can diagnose this issue? I'd really appreciate any insights here.
 
Old 07-20-2010, 03:47 AM   #2
skogsjanne
LQ Newbie
 
Registered: Feb 2010
Location: Norrköping, Sweden
Distribution: Debian
Posts: 7

Rep: Reputation: 1
How about testing access from another computer on the local network?

/Janne
 
Old 07-20-2010, 04:11 AM   #3
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Yeah. No issues. Other machines on my 192.168 network can access the ports with no issues, which is weird, no? I can't imagine that the server is doing something to prompt the router to shut down those ports. I keep coming back to the router, but then I don't understand why it works with the FC6 disk. The router has a secure log where it reports events like port scanning and other activities it doesn't like; nothing is showing up on those logs from the internal boxes.
 
Old 07-20-2010, 05:57 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by blueduck View Post
sshd and httpd are both on and listening on all interfaces
How many interfaces do you have, BTW?

Quote:
The messages and secure logs do not show anything in response to the nmap scans.
Does tcpdump on the server's interface see the frames/packets arriving from the router?

Maybe perform an nmap scan on your router's WAN side like (example):
Code:
nmap -p 80 example.com
...while running tcpdump on the server like (example):
Code:
tcpdump -ve -i eth0 port 80
 
Old 07-20-2010, 03:42 PM   #5
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Hey - that's helpful, I think. I don't know what to make of the results, but I can see that the system is getting all the packets. It's just filtering them when they come from the outside. Looks to me like some kind of firewall issue. I'm pretty sure that I've turned off iptables. Is there a way to check, and could there be anything else that is filtering packets on the box? To answer your question, there are 2 interfaces: eth0=192.168.1.80 and eth1=192.168.0.80 (which really just serves my samba network). eth0 is the one connected to the router and is really the interface that we're most interested in here.

When I run nmap -p 80 -PN 192.168.1.80 from another machine on the internal network, it reports that the port is open, and I get the following results. (Note that I can also plug 192.168.1.80 into a browser on my internal network and get the expected index.htm page).
[root@nansen ~]# tcpdump -ve -i eth0 port 80
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:27:28.956318 00:19:5b:60:31:22 (oui Unknown) > 00:08:74:4b:c7:70 (oui Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 41, id 54924, offset 0, flags [none], proto TCP (6), length 44) 192.168.1.5.37681 > 192.168.1.80.http: S, cksum 0x9415 (correct), 1448578706:1448578706(0) win 2048 <mss 1460>
12:27:28.956458 00:08:74:4b:c7:70 (oui Unknown) > 00:19:5b:60:31:22 (oui Unknown), ethertype IPv4 (0x0800), length 58: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44) 192.168.1.80.http > 192.168.1.5.37681: S, cksum 0x4c6d (correct), 3521996505:3521996505(0) ack 1448578707 win 5840 <mss 1460>
12:27:32.356061 00:08:74:4b:c7:70 (oui Unknown) > 00:19:5b:60:31:22 (oui Unknown), ethertype IPv4 (0x0800), length 58: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44) 192.168.1.80.http > 192.168.1.5.37681: S, cksum 0x4c6d (correct), 3521996505:3521996505(0) ack 1448578707 win 5840 <mss 1460>
12:27:38.356090 00:08:74:4b:c7:70 (oui Unknown) > 00:19:5b:60:31:22 (oui Unknown), ethertype IPv4 (0x0800), length 58: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44) 192.168.1.80.http > 192.168.1.5.37681: S, cksum 0x4c6d (correct), 3521996505:3521996505(0) ack 1448578707 win 5840 <mss 1460>
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

When I run nmap -p 80 -PN 71.135.45.108 from inside, then I can see that the port is filtered and I get the results below. As you might expect, when I plug 71.135.45.108 into my browser, the connection times out.
[root@nansen ~]# tcpdump -ve -i eth0 port 80
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:34:52.078102 00:0f:cc:17:80:b8 (oui Unknown) > 00:08:74:4b:c7:70 (oui Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 54, id 58408, offset 0, flags [none], proto TCP (6), length 44) adsl-71-135-45-108.dsl.pltn13.pacbell.net.54437 > 192.168.1.80.http: S, cksum 0xa1ca (correct), 2325306337:2325306337(0) win 1024 <mss 1460>
12:34:53.090970 00:0f:cc:17:80:b8 (oui Unknown) > 00:08:74:4b:c7:70 (oui Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 44, id 62330, offset 0, flags [none], proto TCP (6), length 44) adsl-71-135-45-108.dsl.pltn13.pacbell.net.54440 > 192.168.1.80.http: S, cksum 0x99c9 (correct), 2325240800:2325240800(0) win 3072 <mss 1460>
12:34:55.664366 00:0f:cc:17:80:b8 (oui Unknown) > 00:08:74:4b:c7:70 (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 116, id 60750, offset 0, flags [DF], proto TCP (6), length 48) 200.44.244-124.dyn.dsl.cantv.net.lansurveyorxml > 192.168.1.80.http: S, cksum 0x85ea (correct), 2828650230:2828650230(0) win 65535 <mss 1408,nop,nop,sackOK>
12:34:58.611470 00:0f:cc:17:80:b8 (oui Unknown) > 00:08:74:4b:c7:70 (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 116, id 60812, offset 0, flags [DF], proto TCP (6), length 48) 200.44.244-124.dyn.dsl.cantv.net.lansurveyorxml > 192.168.1.80.http: S, cksum 0x85ea (correct), 2828650230:2828650230(0) win 65535 <mss 1408,nop,nop,sackOK>
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
 
Old 07-20-2010, 06:56 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by blueduck View Post
I'm pretty sure that I've turned off iptables. Is there a way to check, and could there be anything else that is filtering packets on the box?
You can check your iptables filter table with this command:
Code:
iptables -nvL
Please post the output of that, along with the output of these:
Code:
netstat -an --inet | grep LISTEN
Code:
ifconfig
Code:
route -n
FWIW, I suspect what is happening here is that you don't have the gateway address properly set (which may explain why things work fine within the LAN, but not through the router). It's just a hunch, though, we'll see when you post back.

Last edited by win32sux; 07-20-2010 at 07:09 PM.
 
1 members found this post helpful.
Old 07-20-2010, 11:23 PM   #7
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Original Poster
Rep: Reputation: 0
[root@nansen ~]# iptables -nvL
Chain INPUT (policy ACCEPT 428K packets, 82M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 389K packets, 739M bytes)
pkts bytes target prot opt in out source destination


[root@nansen ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:74:4B:C7:70
inet addr:192.168.1.80 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::208:74ff:fe4b:c770/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55653 errors:0 dropped:0 overruns:1 frame:0
TX packets:683 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:3978101 (3.7 MiB) TX bytes:125278 (122.3 KiB)
Interrupt:11 Base address:0x2c00

eth1 Link encap:Ethernet HWaddr 00:00:86:5B:F5:8F
inet addr:192.168.0.80 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::200:86ff:fe5b:f58f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:461145 errors:0 dropped:0 overruns:0 frame:0
TX packets:578814 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:92150056 (87.8 MiB) TX bytes:754732655 (719.7 MiB)
Interrupt:11 Base address:0x4000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:861 errors:0 dropped:0 overruns:0 frame:0
TX packets:861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90667 (88.5 KiB) TX bytes:90667 (88.5 KiB)


[root@nansen ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1


Hmmm. That looks ok to me. Do you see anything awry?
 
Old 07-20-2010, 11:33 PM   #8
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Oh - meant to add that the gateway is 192.168.1.254.
 
Old 07-21-2010, 01:58 AM   #9
blueduck
LQ Newbie
 
Registered: Jun 2010
Posts: 9

Original Poster
Rep: Reputation: 0
hmmmm. ok. when I ran route -n earlier, the 192.168.1.254 default gateway was missing, so I added it and tried again and still saw the filtered ports. Just got home and tried again and the ports are open. maybe adding the default route did the trick? Feel like a total dope not checking the gateway. Thank you tons for the help!!
 
Old 07-21-2010, 02:03 AM   #10
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by blueduck View Post
hmmmm. ok. when I ran route -n earlier, the 192.168.1.254 default gateway was missing, so I added it and tried again and still saw the filtered ports. Just got home and tried again and the ports are open. maybe adding the default route did the trick? Feel like a total dope not checking the gateway. Thank you tons for the help!!
Awesome! Glad you got things squared away!
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firestarter Inbound Traffic Policy tommyperkins Linux - Newbie 2 03-13-2009 03:07 PM
what is the inbound traffic adam_blackice Linux - Security 4 12-13-2007 09:37 PM
Suspicious Inbound/Outbound traffic dimitris.kalamaras Linux - Security 5 04-04-2006 10:30 AM
inbound traffic routing beowulfde Linux - Networking 2 02-20-2005 05:47 PM
Inbound traffic for port 80 Gerardoj Linux - Networking 10 05-29-2003 05:27 PM


All times are GMT -5. The time now is 07:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration