Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Recently installed Slackware 10 on my server box and I am having strange problem access it from other hosts on the network. I need to ssh or telnet to it. I added the my host ip to the hosts.allow file and managed to both ssh and telnet to it. Then the next time I tried the ssh/telnet I got "telnet: Unable to connect to remote host: Connection refused". Haven't change nothing on the server side I was really suprised.
I spent hours finding something that can block my host. The iptables listing is empty, nothing in the hosts.deny file. Been new to Slackware I though there must be something there blocking my host. Can you help?
Can you see those ports open with a nmap scan from the client? Does running netstat -pantu on the server show the ssh and telnet daemons up and listening?
nmap scan on the client host listed only port 80 as open
I meant if you run an nmap *from* the client machine with the sshd server as the target of the scan. The point is to see if the ports are open from the outside. If they're not open then it suggests something like networking/firewall/etc. Might also want to see if restarting the sshd service helps.
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-02 20:50 GMT
Failed to resolve given hostname/IP: scan. Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges
Interesting ports on skessa (192.168.x.x):
(The 1659 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned in 3.822 seconds
So only port 80 visible to the client host. Yes seems like this is some firewall issue. The iptables are fine, what else is there on Slackware 10 that can block IP traffic?
Try turning the firewall off on both the client and server and then connecting. Try doing iptables -vnL to make sure that the iptables rules are indeed gone. Also, should port 80 be open on that system?
Running iptables -vnL on the server confirms that no rules are in use. Disabled the firewall on the client (running Debian) aswell. I have another client (Windows XP) on my LAN and the same thing happens there.
About port 80 on the server. Yes that should be open. I use it as external web server as well. Use NAT in my router to translate all traffic to port 80 to that server.
I looked for other firewalls (like lokkit) on the server but didn't find any.
One thing I am wondering about. Could this somehow be related to DNS? I remember removing clienthost from the hosts file on the server. This gave me one shot at the server, meaning I could log in via ssh or telnet once and then not any more.
DNS could normally be an issue, but since your able to see port 80 on the server, it sounds like it's working properly, though if you look at the nmap output there is a message about a hostname lookup failure, so you may want to look into that further. You may also want to use tcpdump to grab some packets (before and post NAT) just to make sure that's working properly as well
Check the router and make sure that it's forwarding the ssh and telnet ports as well. If it's one of those home routers like a linksys or dlink, you might want to give it a reboot.
Yes I almost sure this has something to do with DNS lookup. Noticed the client it self had wrong ip in for its own hostname in /etc/hosts. Now when I got all the entries in the hosts file (client and server) and the right entries in the hosts.allow and hosts.deny on the server this seems to work. Well almost. I can use telnet and ssh (only as external computer). When I try to connect directly (not using the router's NAT) I get this error message:
ssh_exchange_identification: Connection closed by remote host
oboj, after going to birthday dinner and some red wine I came back to my problem. Trying ssh -vvv hostname resulting in success. Problem solved, at least for now. Thanks Capt_Caveman for assisting me on this issue. Having somebody out there to help when facing problem like this really helps.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.