I spent way too many hours on this and still can't get it to work, hope someone can help.

I have an old RH Linux install, I think RH Linux 6.2 very basic install, no gui, just command line and X11. I can do everything I want on local lan, telnet, ftp, X11 all using root. But I cannot access any services from outside using my router's port forwarding.

I tried port forwarding ftp (21), telnet(23) and vncserver(5901) to the correct local IP address but I always get "Connection Refused" or "target machine actively refused it". I know I'm getting to the server, but something is blocking root access.

I turned off IPTABLES, and I really don't want to get into SSH right now (I know all about security issues, this is just a test server, nothing important on here, so hackers you can go for it!)...just please let me know what I have to do to get root access to my own machine...please.

I checked all the obvious stuff, like ftpaccess, securetty, etc...like I said, everything works the way I want on a local lan, just coming in from outside is where the problem is.

I just don't get it, with no firewall, what could be blocking it.

I'm not really a newbie...just a little rusty.

Thanks for any help.

I'll refrain from moaning about not using ssh (but.... WHY??? it's already there isn't it??), but do avoid ftp for now certainly. it's a clunky and confusing protocol from the archaic dual channel method it uses. That said though, if the box is listening, and ipchains (this is the 13 year old RH6.2 right????) is allowing in requests from remote locations, then it should work. dynamic DNS is certainly irrelevant as long as it's resolving to the right IP - check that that is correct.

so "ipchains -vnL" should work, or "iptables -vnL" if it did use iptables. That's my best guess though, only allowing local subnet access in netfilter.

Four options

1) Your DDNS is not resolving the correct IP. Forget DDNS for now and just use your router's public IP.
2) Your ISP is blocking incoming connections on those ports. Try setting up one of your services to listen on a non-standard port and see if it is still blocked
3) Your router is blocking the connections - check the firewall settings
4) Your machine is blocking the connections - check the ipchains settings as described by acid_kewpie

thanks suicidaleggroll (wow! now that's a username!) and acid_kewpie, (gee, I wish I had been more creative with my username)....

Just to respond to the 4 options:

1. DDNS is working properly because I can get to other services on other machines, for example, RDP (port 3389) to a Windows machine, mySQL (port 3306) to another Windows machine, FTP (port 21) to a Windows machine (before I switched over to the Linux box), etc.

2. ISP is not blocking, because everything works on same ports on Windows machines.

3. (see 1. and 2.)

4. yes, I think this is correct, my Linux machine is blocking, but why ? iptables -nvL shows no rules and ipchains -nvL says "Incompatible with this kernel"

There must be some setting somewhere that is blocking root access to this machine if the connection is coming from anything other than local subnet....but where is this setting? Is there anything other than iptables that could be blocking? maybe some kind of network settings, but I don't see it.

thanks.

I found something in sysctl.conf that might be a clue?

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1


I'm familiar IP packet forwarding, I have two NICs in this machine, so packets can be forwarded based on second NIC IP address and static routes, but what does the second setting mean?

Thanks.

AHHHHH....I figured it out! After tons of searches, reading, learning,...it was my DDNS...I havd both a ?????.com and ?????.org defined in my DDNS host and I was using the wrong one for the linux server, ....wow...several days to find a typo problem, who hasn't been there?

By the way, suicidaleggroll, your no. 1 suggestion did it for me, "Forget DDNS for now and just use your router's public IP". When I tried that, everything worked....I thought to my self, wtf!!!

Oh well, I certainly know a lot more about linux now than I ever did. Thanks for the support and motivation to keep searching.

Cheers!