Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I tried looking around but to no avail, my problem seems complicated.
I am not as much a newbie, but after the following, more so than I thought.
I had a server up and running on a local network to serve http, https, ftp and ssh. The server was firewalled behind an external router with access only to the ssh service on port 22. All other services are inaccessible to the outside world. When the server was setup, I was new to Mandriva 10.1 and initally set it up on DHCP just to get things rolling. After installing all of my services the machine sat for about 2 months. I tested all of the services periodically during this time. After a recent power outage reset the router the inevitable happened and the server got a new IP address breaking access from the outside world. So the plan was to set the server to a static IP outside the range of adresses of the DHCP server. This is where things go downhill.
I started by using ifconfig through a remote ssh session (on the local lan) to change the IP, submask, and broadcast. Then tried to reconnect on the new IP. The machine disappeared from both addresses. I hooked up a monitor and keyboard and found that the machine was set to the new address but would not pass any traffic in or out. I then proceeded to use the control center to "edit an existing interface" and set all values at which point it restarted the network and same thing, no connection in or out. I restarted and used the control center to "setup a new connection" entered all of the same values and voila I have connection.
Here is my problem. I have full outbound traffic (web browse, ssh to other machines, etc.), but am only accepting traffic to the http, https and ftp ports now. The server serves webpages, secure webpages and ftp connections with no problem. No response to pings or to ssh. No remote access at all.
What have I done so far? Checked the network for problems by trying to ping localhost, no response. Tried sshing to localhost, connection refused. I checked the sshd service. It is running, however I restarted it just to be sure. It shutdown ok and started up ok. My best guess is a firewall issue. The firewall settings in the control panel are set to allow eveything, which has been set, the machine restarted and reverified. I checked iptables -L which shows no rules and was further verified by using iptables --flush. I also checked the running services in the control center and it says that the shorewall service is stopped. Running nmap on localhost shows ports 21, 80, and 443 as the only open ports.
What in the world else could be blocking access to my ssh and ping response? And what in the world would have changed so much by me changing my IP address?
Yes, the sshd is running. Well that is what the graphical services and daemons says. When I run #ps -aux | grep sshd I only get the grep process returned. Which would mean that the service is not running. Any ideas?
The IP address was within the same subnet, from DHCP to 192.168.0.5
I am trying to access the server from within the local subnet from 192.168.0.16 to take the router out of the equation. Both machines hang from the same switch. Even trying to ssh to localhost on the server is returning connection refused.
Well as is usual with my linux experience the problem has corrected itself with out any clear definition as to why. I changed the conf file and restarted the server. The auth.log file confimed that the server was running and was listening on 192.168.0.5 on port 22 and even gave me the pid to check. It was definetly running. However I still could not ssh to localhost (connection refused) same as before. Thinking I might be a little more general about my listen address I changed it back to the default of :: (this was the default that came with the source of openssl) Restarted the server and voila it works I can ssh again. Thinking it had something to do with the address I changed it back to see if it would stop working and restarted the server. It still works. So I have no idea what changed that made it start working. I had restarted the sshd a few times before, but maybe it just needed to be done a couple of times.
The only weird thing is now I can't ssh or telnet to localhost or 127.0.0.1. I can access them from all machines on the subnet and even from the server when I ssh to the server's IP address. It may have to do further with the conf file listening adress. I don't know really. Also nmap shows different ports being open when give the server's IP and just localhost. Hope maybe this thread will end up helping someone else down the line. The community here seems pretty nice so I guess I will stick around and see if I can help anyone else.